Bug#758425: lintian: add a check for outdated version constraints

To: Raphael Hertzog <hertzog@debian.org>, 758425@bugs.debian.org
Subject: Bug#758425: lintian: add a check for outdated version constraints
From: Johannes Schauer <j.schauer@email.de>
Date: Fri, 29 Aug 2014 21:32:45 +0200
Message-id: <[🔎] 20140829193245.3685.24196@hoothoot>
Reply-to: Johannes Schauer <j.schauer@email.de>, 758425@bugs.debian.org
In-reply-to: <[🔎] 20140829191606.GA11456@x230-buxy.home.ouaza.com>
References: <[🔎] 20140817123810.9956.75576.reportbug@hoothoot> <[🔎] 20140829191606.GA11456@x230-buxy.home.ouaza.com>

Hi,

Quoting Raphael Hertzog (2014-08-29 21:16:06)
> If that is ever implemented, it must apply only on dependencies that can be
> parsed on the source's debian/control because I would not be happy to have
> warnings on library dependencies generated by dpkg-shlibdeps.

How can it happen that library dependencies generated by dpkg-shlibdeps create
a dependency on a package version older than in old stable?

> Also there are quite a few maintainers that believe that correct information
> don't do much harm and I have a hard time justifying this change just for the
> purpose of bootstrapping a new port. The point 9.1 in
> http://lists.debian.org/20140829095214.GV19999@stoneboat.aleph1.co.uk only
> mentions "compiler dependencies" so maybe this can be restricted to a smaller
> subset (or maybe be an "I" by default but a "W" on the packages where it
> matters?).

You mean the sentence "Versioned dependencies are problematic for bootstrapping
because versioned compiler dependencies have to be translated and the versions
of binary packages is not known a priori during a bootstrap from zero."

I agree that in retrospect this was not well formulated. There are two issues
where versioned dependencies create problems for bootstraps. One is versioned
compilers because they have to be translated to their cross variant when cross
compiling. The other is all other "versions of binary packages" because they
have to be associated to source packages but it cannot be known from which
version of a source package they build.

On the other hand:

1. If the solution proposed in section 4.1. is uploaded and it turns out that
   it works actually as reliably as imagined, then translating versioned
   compiler dependencies will be no problem. It would just mean that those who
   want to keep their build dependency on gcc (>= 2.95.2) have to change that
   dependency to gcc-for-build (>= 2.95.2) and/or gcc-for-host (>= 2.95.2) as
   applicable.

2. In case of versioned dependencies on binary packages greater than
   pre-oldstable, falling back to the latest source version will not have any
   differently bad side effects compared to versioned dependencies on binary
   packages greater than or equal to oldstable.

So if (1.) happens to work out, there indeed does not seem to be a strong
reason left to have lintian warn about ancient versions. The only other reason
I can think of would be that it produces a tiny slowdown to dependency
resolvers but that is of course also not a very strong reason.

cheers, josch

Reply to:

Follow-Ups:
- Bug#758425: lintian: add a check for outdated version constraints
  - From: Raphael Hertzog <hertzog@debian.org>

References:
- Bug#758425: lintian: add a check for outdated version constraints
  - From: Johannes Schauer <j.schauer@email.de>
- Bug#758425: lintian: add a check for outdated version constraints
  - From: Raphael Hertzog <hertzog@debian.org>

Prev by Date: Bug#758425: lintian: add a check for outdated version constraints
Next by Date: Bug#758425: lintian: add a check for outdated version constraints
Previous by thread: Bug#758425: lintian: add a check for outdated version constraints
Next by thread: Bug#758425: lintian: add a check for outdated version constraints
Index(es):
- Date
- Thread