Bug#1042964: shim-signed: policy violation: Recommends a package that is not in debian main

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#1042964: shim-signed: policy violation: Recommends a package that is not in debian main
From: Zorka.Jordon@AllFreeMail.net
Date: Thu, 03 Aug 2023 11:23:37 +0000
Message-id: <[🔎] 169106181765.2623.10769233096416061191.reportbug@debian>
Reply-to: Zorka.Jordon@AllFreeMail.net, 1042964@bugs.debian.org

Package: shim-signed
Version: 1.39+15.7-1
Severity: serious
Justification: Policy 2.2.1
X-Debbugs-Cc: Zorka.Jordon@AllFreeMail.net

Dear Maintainer,

shim-signed currently Recommends secureboot-db package, which is not in debian main.

This is a violation of debian policy 2.2.1 https://www.debian.org/doc/debian-policy/ch-archive.html#the-main-archive-area

```
In addition, the packages in main:

- must not require or recommend a package outside of main for compilation or execution (thus, the package must not declare a Pre-Depends, Depends, Recommends, Build-Depends, Build-Depends-Indep, or Build-Depends-Arch relationship on a non-main package unless that package is only listed as a non-default alternative for a package in main)
```

This was previously mentioned 4 years ago in #932358 and #1041449. Neither of those bugreports had any maintainer reaction.

Please either remove shim-signed from debian, since it violates debian policy, or change the package dependencies to no longer recommend packages outside of debian main.

Alternatively, please provide information why this package should keep the recommendation on a package that is not in debian main, and address the 4 year old bugreport in #932358 and #1041449

Severity set as serious because this is a violation of debian policy, and because there has been no reaction in 4 years about this issue.



-- System Information:
Debian Release: 12.1
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 6.1.0-10-amd64 (SMP w/1 CPU thread; PREEMPT)
Locale: LANG=C, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages shim-signed depends on:
ii  grub-efi-amd64-bin         2.06-13
ii  grub2-common               2.06-13
ii  shim-helpers-amd64-signed  1+15.7+1
ii  shim-signed-common         1.39+15.7-1

Versions of packages shim-signed recommends:
pn  secureboot-db  <none>

shim-signed suggests no packages.

-- no debconf information

Reply to:

Follow-Ups:
- Bug#1042964: marked as done (shim-signed: policy violation: Recommends a package that is not in debian main)
  - From: "Debian Bug Tracking System" <owner@bugs.debian.org>

Prev by Date: Bug#1025559: fwupd: dependency on transitional policykit-1 package
Next by Date: Bug#920820: marked as done (shim-signed - Fails to boot if run via EFI shell)
Previous by thread: Processed: Re: Bug#1025559: fwupd: dependency on transitional policykit-1 package
Next by thread: Bug#1042964: marked as done (shim-signed: policy violation: Recommends a package that is not in debian main)
Index(es):
- Date
- Thread