[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#620566: dpkg: "version number does not start with digit" is in contrast to policy

Russ Allbery wrote:
> Jonathan Nieder <jrnieder@gmail.com> writes:

>> What about previously-in-archive packages?
>
> Are there any of significance?

I don't know.  The example I gave was from a dpkg bug report, and I
don't know if it was contrived or not (one would have to ask the
submitter).

I admit that the principle that dpkg can introduce and is introducing
many parsing regressions with policy as its justification is more
important to me than this particular example.  A reasonable
justification for the policy _and_ dpkg change would be "allowing this
is too much trouble, and almost no packages took advantage of it, so
let's disallow it and simplify life for everyone".  So please don't
take my comments here as a strong objection.

> ... if it was ever in the archive.

One can check at snapshot.debian.org.

>> And what about higher-level packaging tools --- what document describes
>> their contract with dpkg[1]?
>
> I don't know that we have one at the moment; regardless, it's not Policy.

In practice, Policy is being used that way.  I agree that that is not
really a good thing.

>> It is relevant to policy because the proposed change in policy and its
>> implementation would have fallout.  It is worth considering whether
>> policy can do something to mitigate that, or at least whether there is
>> _some_ avenue in the Debian project to prevent this damage.
>
> Your primary concern is having existing packages stop working because
> tools drop support for version numbers that they currently support?  Would
> adding a non-normative footnote to that effect help?  Something like:
>
>     In previous versions of Policy, upstream version numbers beginning
>     with alphabetic characters were allowed but discouraged (a "should
>     not" instead of a "must not").  There may, therefore, be older Debian
>     packages with upstream versions starting with an alphabetic character.

Personally, my primary concern is (as mentioned before) that dpkg still
be usable for testing old packages.

If Policy is not where the packaging system is documented, I don't
think a footnote is needed or would be helpful.  What would be useful
is a consensus that (for example) various tools working with version
numbers should accept versions starting with an alphabetic character.
An alternative would be a consensus that tools working with version
numbers should still behave reasonably [for some definition of
reasonable] when given an invalid one, so dpkg could be permissive as
it pleases.  Otherwise, the situation is kind of unfortunate.
Reply to: