Bug#636994: lintian: add check for deprecated perl libraries (was: #629472)

To: submit@bugs.debian.org
Subject: Bug#636994: lintian: add check for deprecated perl libraries (was: #629472)
From: Dominic Hargreaves <dom@earth.li>
Date: Sun, 7 Aug 2011 17:11:51 +0100
Message-id: <20110807161151.GR4305@urchin.earth.li>
Reply-to: Dominic Hargreaves <dom@earth.li>, 636994@bugs.debian.org
In-reply-to: <4E3EA2CF.6020401@thykier.net>
References: <20110510075249.GN4371@urchin.earth.li> <20110511071702.GA18350@hagar.it.helsinki.fi> <20110511143720.GS4371@urchin.earth.li> <20110516111412.GR4371@urchin.earth.li> <20110516114801.GA7435@hagar.it.helsinki.fi> <20110516221932.GT4371@urchin.earth.li> <20110606210714.GE29167@urchin.earth.li> <20110731211354.GL4305@urchin.earth.li> <20110807133302.GO4305@urchin.earth.li> <4E3EA2CF.6020401@thykier.net>

Package: lintian
Severity: wishlist

On Sun, Aug 07, 2011 at 04:35:59PM +0200, Niels Thykier wrote:
> On 2011-08-07 15:33, Dominic Hargreaves wrote:
> > 
> > The perl 4 libraries are more interesting; there are 127 packages
> > which appear to have files which use one or more of them. In many cases
> > it's likely that the files which use them either aren't installed, or
> > aren't used if they are. It's also possible that there are a couple of
> > false positives there, where there are private copies of the files
> > which are being used directly.
> > 
> > [...]
> > 
> > I'm also concerned that it will be difficult to get an accurate
> > representation of the issue with lintian; I generated my list of packages
> > by grepping source packages for the names of the libraries, then manually
> > processed the list stripping out lots of noise. It's possible one could
> > come up with a definitive pattern of ways in which the libraries could
> > be loaded from a perl script (do/require/use, single or double quotation
> > marks, ..?), but possibly tricky.
> > 
> > Any comments or suggestions welcomed.
> > 
> > Cheers,
> > Dominic.
> > 
> 
> Hi
> 
> I see a couple of advantages of creating a lintian check for this.
> 
> First off, we could make this check work on binary packages, which would
> solve the problem, where the offending scripts are not shipped.
>   We would not catch the ones in the source package which is actually in
> use during build (e.g. as a part of tests).  However, these can
> "trivially" be caught by re-builds later.
> 
> Secondly, writing a lintian check for finding the "average" offending
> scripts ("use Deprecated::Module;" or "require Deprecated::Module;")
> will probably not take a lot of afford compared to the amount of
> true-positives it finds.
>   Particularly, if done correctly we can re-use the check for the next
> round of deprecations with very little maintenance overhead.
> 
> As you mentioned, it can be tricky[1] to find all instances; but if
> Lintian can find the easy 80% (or whatever) with some simple heuristics,
> then you only have to worry about the last tricky 20%.
>   We can always start with an experimental tag, that you check up on.
> If it has a lot of false-positives, we can try to revise the checks.

Hi Niels,

Thanks for the response; I think you've convinced me that this would
be the best approach, at least to start with.

You're correct that build-time deps will be caught by rebuilds, once
the modules get removed. Ideally in this case we'd have all the
packages fixed well in advance of that; we'd like to be able to drop
them from wheezy+1 without worrying about partial upgrades breaking
things. However, this isn't actually a concern for situations where
the build fails.

I take your point about starting off with the check marked as
experimental, although I would like this check to have the maximum
input before wheezy freezes, so your planned released schedule for 
lintian may affect whether I'd like to have that included or not.

I'm filing this as a wishlist bug without patch initially; I had a look
at the lintian git repository and couldn't initially see where the best
place to put such a check would be. If you can give me any hints about
where to start, I'll do so :)

To make this bug report complete, here's a specification for the check:

check in all perl source files in binary packages not depending on
libperl4-corelibs-perl for strings satisfying the following regexp:

/(?:do|require)\s+(?:'|")(?:abbrev|assert|bigfloat|bigint|bigrat|cacheout|complete|ctime|dotsh|exceptions|fastcwd|find|finddepth|flush|getcwd|getopt|getopts|hostname|importenv|look|newgetopt|open2|open3|pwd|shellwords|stat|syslog|tainted|termcap|timelocal|validate)\.pl(?:'|")/

Tag: uses-perl4-libs
Severity: important
Certainty: possible
Experimental: yes
Info: This package includes perl programs using obsoleted perl 4-era
 libraries. These libraries have been deprecated in perl in 5.14, and
 are likely to be removed from the core in perl 5.16. Please either
 remove references to these libraries, or add a dependency on
 "libperl4-corelibs-perl | perl (<< 5.12.3-7)" to this package.

-- 
Dominic Hargreaves | http://www.larted.org.uk/~dom/
PGP key 5178E2A5 from the.earth.li (keyserver,web,email)

Reply to:

Follow-Ups:
- Bug#636994: lintian: add check for deprecated perl libraries (was: #629472)
  - From: Dominic Hargreaves <dom@earth.li>

References:
- Re: Bug#629472: Handle deprecated modules in 5.12 and 5.14
  - From: Dominic Hargreaves <dom@earth.li>
- Re: Bug#629472: Handle deprecated modules in 5.12 and 5.14
  - From: Niels Thykier <niels@thykier.net>

Prev by Date: [SCM] Debian package checker branch, master, updated. 2.5.1-205-gf3bc0f5
Next by Date: [SCM] Debian package checker branch, master, updated. 2.5.1-206-g659f757
Previous by thread: Re: Bug#629472: Handle deprecated modules in 5.12 and 5.14
Next by thread: Bug#636994: lintian: add check for deprecated perl libraries (was: #629472)
Index(es):
- Date
- Thread