Bug#1042964: shim-signed: policy violation: Recommends a package that is not in debian main
Package: shim-signed
Version: 1.39+15.7-1
Severity: serious
Justification: Policy 2.2.1
X-Debbugs-Cc: Zorka.Jordon@AllFreeMail.net
Dear Maintainer,
shim-signed currently Recommends secureboot-db package, which is not in debian main.
This is a violation of debian policy 2.2.1 https://www.debian.org/doc/debian-policy/ch-archive.html#the-main-archive-area
```
In addition, the packages in main:
- must not require or recommend a package outside of main for compilation or execution (thus, the package must not declare a Pre-Depends, Depends, Recommends, Build-Depends, Build-Depends-Indep, or Build-Depends-Arch relationship on a non-main package unless that package is only listed as a non-default alternative for a package in main)
```
This was previously mentioned 4 years ago in #932358 and #1041449. Neither of those bugreports had any maintainer reaction.
Please either remove shim-signed from debian, since it violates debian policy, or change the package dependencies to no longer recommend packages outside of debian main.
Alternatively, please provide information why this package should keep the recommendation on a package that is not in debian main, and address the 4 year old bugreport in #932358 and #1041449
Severity set as serious because this is a violation of debian policy, and because there has been no reaction in 4 years about this issue.
-- System Information:
Debian Release: 12.1
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 6.1.0-10-amd64 (SMP w/1 CPU thread; PREEMPT)
Locale: LANG=C, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages shim-signed depends on:
ii grub-efi-amd64-bin 2.06-13
ii grub2-common 2.06-13
ii shim-helpers-amd64-signed 1+15.7+1
ii shim-signed-common 1.39+15.7-1
Versions of packages shim-signed recommends:
pn secureboot-db <none>
shim-signed suggests no packages.
-- no debconf information
Reply to: