[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: release policy changes

Andreas Barth <aba@not.so.argh.org> writes:

> One addition I would like very much to see is:
>  A library that is included in a package in Debian must be linked to
>  dynamically; for static-only executables like sash also static linking
>  to that other library package is accepted. Importing and using the
>  source code of any library into another package is not permited.
> Rationale:
> Some libraries are provided multiple in Debian, IIRC e.g. libz. That is
> bad from general QA (as usually this is just an old version, and normale
> bug fixes don't go in), and especially bad if there is a security update
> necessary.

I agree that this is a good policy, but there are sometimes important
reasons why this doesn't work.  One is where the library needs to be
compiled in some special way or has special modifications for the
particular case.  I would like to see some kind of auditing of all the
cases that this affects, and be confident that none of them get hosed.

> Another addition that I would like to see is:
>  Packages must not change neither their build-dependencies nor their
>  changelog entries during rebuild.
> Rationale:
> Well, the contents of both are decisions of the maintainer. It is IMHO
> very bad if a package starts to change build dependencies during a NMU
> or an security upload, and even worse if the maintainer is "adjusted" in
> the binary packages built on a buildd.

I'm not sure I understand what this means.  How *could* build
dependencies "change"?

Reply to: