Bug#626476: lintian: reduce dpkg-dev to Suggests
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
On 2011-05-17 19:49, Russ Allbery wrote:
> Colin Watson <cjwatson@ubuntu.com> writes:
>
>> Neither of those would help my use case, because it would have the
>> effect of dragging dpkg-dev into our CD images anyway (we install
>> Recommends by default just as Debian does, and our tools prefer the
>> first element in a dependency disjunction if it exists).
>
>> How about:
>
>> Depends: libdpkg-perl, bzip2, xz-utils
>> Suggests: dpkg-dev
>
>> or:
>
>> Depends: libdpkg-perl
>> [Recommends: bzip2, xz-utils]
>> Suggests: dpkg-dev
>
>> (Recommends in brackets because libdpkg-perl already recommends those,
>> so I'm not sure if there's much point in lintian repeating this.)
>
> Yeah, one of these look right to me.
>
> Given the number of packages in the archive that use bzip2 compression and
> the small size of the bzip2 package, I'd prefer to have it as a strong
> dependency. I don't have a similar opinion about xz-utils, since I don't
> have the impression that it's much used yet, so I'd be okay with leaving
> that as Recommends.
>
> The choice of whether to explicitly state the Recommends should be based
> on whether Lintian ever invokes programs in it directly or via flags to
> tar or whether it only invokes it indirectly via libdpkg-perl. IIRC, we
> invoke it directly via a flag to tar.
>
We use it in unpack/unpack-srcpkg-l1 to pass --lzma or --xz to tar.
Other than that, I do not think we use it. Do you want a
suggests/recommends for this?
>> Oh, you're right, -q would suppress the warning for unsigned files. I
>> think my point (a) is still true though.
>
> Yeah, we suppress warnings for unsigned source packages since it's very
> common to check a source package with Lintian in advance of signing it.
>
In other news, I got the changes mostly done (though alioth is down atm,
so I cannot push them). For now I have used:
Depends: libdpkg-perl, bzip2
Suggests: dpkg-dev
I was not sure what to do about xz-utils so I left it out for now.
~Niels
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iQIcBAEBCAAGBQJN1rhMAAoJEAVLu599gGRCu8QQAJBTYVhSN/IJ1BlrwB8aOll+
0/baMJlXzw5W97ReFyYL2gpEBjpELxi/3a/25It+NTrIW3POeb22W+NL2+Q6XRO6
eBvhN0C760TnfILAD39EPAkFGv/yE+OAQmay97R6u0KdcDU8mfcXwi/1EjMaREFc
9aZM+dpwjtulUIZDSEaL6rsci+AwBcGeiJC8Iu+1fft9HF6ewZAC9Qsy3EO+VGGA
EWFzqWRIEgHEgNdvQfDKjO9RqPmcnWsHEnxjklhoJ1C6a8QA3BamC5RX/SOsyejw
cTXTVVr12eIVE294b5BOzk54DsXvXxxaBL2ivp//uVw3P1GF9lDdJ463l8oxs4Hs
9lkuw5WWxk269cGmmIRfjaUszWTXxcY26Zuc3dRIGFArtV+PY1069s0V00KF9i6k
WzFmladrl/HV5yz9XPX6QBZbbP0fE4sKM6EZojNe8a+7rGt6YepeYhkXlA3Zbkp9
+15vN3QlA1diNMlsPJ/qv7nWNClpSmkM4eyVn5ZhLE75PktBSDsMy+Gt9pmIA4kM
MJtqxipSTTHQerd5MG1i4NhnLXameMVDCe1z6xsVapeftEoRScqd2VETyDgHL79I
BwwZ0RoTZ18Mrxv40fmlEh7Du6sxxGdXsipgKDCl1UVxNrqh6SKBC+OrHfZnNTXK
f+d/KVVOiNNQq9/Y6+YW
=3zyx
-----END PGP SIGNATURE-----
Reply to: