Bug#1035733: debian -policy: packages must not use dpkg-divert to override default systemd configuraton files
On Sun, 4 Jun 2023 at 12:25, Luca Boccassi <bluca@debian.org> wrote:
>
> On Sun, 4 Jun 2023 at 11:54, Sean Whitton <spwhitton@spwhitton.name> wrote:
> >
> > Hello Luca,
> >
> > On Mon 08 May 2023 at 08:07PM +01, Luca Boccassi wrote:
> >
> > > The specific difference, for which I think an explicit call out is
> > > needed, is because these config files are shipped by some packages but
> > > are not used _by_ them, they are consumed by systemd (or udev, or
> > > kmod, etc). Specifically, if package A ships a.service, and package B
> > > overrides it, even if the maintainers of A and B agree, that's still
> > > not good enough for me, as they are really affecting systemd, which is
> > > the consumer and the provider of the interface they are using, and
> > > ultimately the first port of call for bug reports. This is especially
> > > true for udev.
> > >
> > > So in my latest revision of the patch, the general rule is as
> > > requested by Russ and as you mention it, but there is an explicit,
> > > stricter rule to cover this case, which is important to me. Policy
> > > calls out core component software in many places, such as dpkg, and
> > > systemd is already mentioned in other parts of the policy, so it did
> > > not seem too far-fetched to me.
> >
> > I'm afraid I'm not convinced. I'd second a patch where systemd is used
> > as an example of the rule, as I suggested.
>
> The existing policy is too weak for this case, ie: it's a "should". It
> needs to be a "must" for these specific cases. Also the existing
> policy only covers diverting from other packages, not from 'self' -
> that needs to be forbidden too. There was one such example,
> iptables-persistent, and it has been fixed in Bookworm, so to be clear
> this is a zero-net-effect policy change, ie, no packages will suddenly
> become rc-buggy, as the two existing instances have already been
> fixed.
>
> If you prefer, I can reword the general rule to be stricter, ie:
> "packages must not use diversions where native mechanisms are
> available" or so. Would this be better?
>
> > Thank you for the additional commit regarding kmod. It is good to have
> > been made aware of issue, but let's discuss it in a separate bug after
> > making this change -- the considerations might be quite different.
> >
> > On Tue 09 May 2023 at 12:31AM +01, Luca Boccassi wrote:
> >
> > > On Mon, 08 May 2023 14:14:30 -0700 Russ Allbery <rra@debian.org> wrote:
> > >
> > >> Oh, thank you! I had completely forgotten that we said something
> > >> about this under maintainer scripts.
> > >>
> > >> That doesn't entirely cover this case (because systemd and udev may
> > >> not be "that package" in this sense), but it covers much of the
> > >> general case.
> > >
> > > Would you like me to reword/move the new snippet?
> >
> > Yes, thank you. I will review the new version.
>
> Any specific suggestions? IE, where it should be, etc.
In the interest of speeding things up a bit, I've done some rewording
as suggested - moved to the exiting chapter, and use the systemd files
only as an example:
https://salsa.debian.org/bluca/policy/-/commit/5058bd2f8c742c3d8695e2c98ee3a597d431ffd7
Off-topic - any reasons MRs are disabled on the policy repo? It would
be much nicer and quicker to use the Gitlab review process I think,
like we do for other packages.
Kind regards,
Luca Boccassi
Reply to: