Re: Build-depends on package not in testing
On Thu, Jan 05, 2006 at 06:05:28PM +0100, Gerrit Pape wrote:
> On Wed, Jan 04, 2006 at 03:36:00AM -0800, Steve Langasek wrote:
> > reopen 345868
> > thanks
> > On Wed, Jan 04, 2006 at 10:30:47AM +0100, Gerrit Pape wrote:
> > > Unfortunately the discussion about the freecdb package didn't attract
> > > my attention earlier, the release critical bug is resolved as invalid
> > > now.
> > And reopened. You have *not* addressed the issues contributing to this RC
> > bug:
> > - freecdb provides no shared library or static _pic library suitable for
> > linking into other shared libraries, which is something we generally
> > expect from library packages
> > - the only thing that sucks more than static-only libs for security support
> > of a library is *bundled* static-only libs
> > - the author (and current maintainer) of freecdb says that this cdb
> > implementation should be considered dead
> > 1) and 2) suck, but it's 3) that makes this a serious bug AFAICT; you can
> > address 3) by becoming the new maintainer, of course, but in that case I
> > would expect that you would actually, er, *maintain* it, for instance by
> > providing a _pic.a library instead of dismissing the bug as a "problem in
> > vpopmail's packaging".
> I'm quite suprised. This isn't a release critical bug.
> The real author (not the current maintainer) doesn't consider this cdb
> implementation (the first and original one) dead AFAICS. This tiny
> library is excellent software from the public domain, rock-solid and
> bug-free for years.
> Nothing forces a maintainer to provide a _pic.a library, original
> upstream says that this is not what the library is intended for. I
> can't see how you justify severity serious, not through policy AFAIK.
> Good maintenance is not always to implement each and every wish people
> express. If anyone requests a pic library, one can tell them that it's
> not a good idea and what to do instead, if appropriate; that's good
> maintenance. Nobody's currently requesting it though.
Is there a reason that there shouldn't be a shared library of
freecdb? Is the API/ABI unstable or something? I don't see why
you only want a static version of the library. I don't think
saying that "upstream says so" is a valid reason, without also
saying what the reason is. The only reason I saw so far was that
it's very small (#338038), which I don't consider to be a good
> The issue discussed in the original bug report simply _is_ a "problem in
> vpopmail's packaging", check the package if you don't believe.
So vpopmail's packaging isn't good because it tries to create a
shared library that makes use of freecdb? Please explain me how
this can be considered bad packaging.
You're also saying that it's not supposed to be used in that way.
Why shouldn't some other library try and use your library? What
should they do instead?