Re: mass-commit: dependencies

To: debian-perl@lists.debian.org
Subject: Re: mass-commit: dependencies
From: Jonas Smedegaard <dr@jones.dk>
Date: Sat, 7 Jul 2012 12:27:19 +0200
Message-id: <[🔎] 20120707102719.GC31010@jones.dk>
Mail-followup-to: Jonas Smedegaard <dr@jones.dk>, debian-perl@lists.debian.org
In-reply-to: <[🔎] 201207071029.45127.dod@debian.org>
References: <[🔎] 20120705204627.GU5793@jadzia.comodo.priv.at> <[🔎] 201207061609.24879.dod@debian.org> <[🔎] 20120706162553.GF13382@jones.dk> <[🔎] 201207071029.45127.dod@debian.org>

On 12-07-07 at 10:29am, Dominique Dumont wrote:
> Le Friday 6 July 2012 18:25:53, Jonas Smedegaard a écrit :
> > (and no, multiarch support does *not* require debhelper 9!)
> 
> For packages providing binaries compiled from C or C++ code, debhelper 
> 9 is required to "easily" get hardening flags (otherwise, you have to 
> add them manually in debian/rules).

No, wrong conditions and - as you hint yourself - not really _required_.

Tightening build-dependency to debhelper (>= 9~) raises the likelihood 
of hardening flags getting properly applied.  But only when also bumping 
to debhelper compatibility level 9.  And only when using short-form dh.

Tightening build-dependency to debhelper (>= 9.20120312~) raises the 
likelihood even further.

But none of it is required for hardening to happen, which was my point: 
There are other ways to harden than the above described 
backporting-unfriendly approach.

Arguably it is required for hardening to happen _easily_ - that depends 
on what you find easy ;-)

> > > > > Note that, by default cme will not remove versioned 
> > > > > dependencies required for oldstable, provided the information 
> > > > > is provided by madison.

> > Is your comment above somehow related to my complaint about dropping 
> > needed cdbs versioning?
> 
> Thing is: you mention needed versioned dependency (ie. cdbs >= 0.4.73) 
> that is always satisfied on all supported Debian versions:
> 
> $ rmadison cdbs
>  cdbs | 0.4.89  | squeeze | source, all
>  cdbs | 0.4.115 | wheezy  | source, all
>  cdbs | 0.4.115 | sid     | source, all

You are right.  I got confused by oldstable currently not being 
supported.

My confusion was supported by (my wrong interpretation of) your 
explicitly mentioning oldstable further up, and oldstable still being 
listed at http://packages.qa.debian.org/c/cdbs.html even though the 
project no longer cares about it.

> Would you rather have cdbs versioned dep completely left alone in cme ? 

No, I understand the logic now and agree with dropping that cdbs 
versioning.

Sorry for all the confusion,

 - Jonas

-- 
 * Jonas Smedegaard - idealist & Internet-arkitekt
 * Tlf.: +45 40843136  Website: http://dr.jones.dk/

 [x] quote me freely  [ ] ask before reusing  [ ] keep private

Attachment: signature.asc
Description: Digital signature

Reply to:

References:
- mass-commit: dependencies
  - From: gregor herrmann <gregoa@debian.org>
- Re: mass-commit: dependencies
  - From: Dominique Dumont <dod@debian.org>
- Re: mass-commit: dependencies
  - From: Jonas Smedegaard <dr@jones.dk>
- Re: mass-commit: dependencies
  - From: Dominique Dumont <dod@debian.org>

Prev by Date: Re: mass-commit: dependencies
Next by Date: Re: mass-commit: dependencies
Previous by thread: Re: mass-commit: dependencies
Next by thread: Re: mass-commit: dependencies
Index(es):
- Date
- Thread