Below is an IRC discussion I (bubulle) had with Nicolas François (nekral) and Clint Adams (Clint...:-)) about possible ways to deal with this transition:
19:49 * Clint waves. 19:50 < bubulle> ~thanks for joining, Clint 19:50 < bubulle> In #269573, I proposed you first shoot by uploading debianutils with {add|remove}-shell 19:51 < Clint> with Replaces: on passwd 19:51 < bubulle> conflicting with current version of passwd 19:51 < bubulle> hmmm, Replaces? 19:51 < Clint> yes, I think so 19:52 * bubulle should read doc about Replaces..:-) 19:53 < bubulle> what will happen, then? 19:54 < Clint> the new debianutils will be installed, and dpkg will replace add-shell/remove-shell from passwd 19:54 < Clint> then passwd would need to drop add-shell/remove-shell 19:55 < bubulle> well, but in the meantime, passwd will be removed from the users systems, right? 19:55 < Clint> no, it shouldn't be 19:56 < bubulle> when both packages are Essential, then dpkg will automatically remove the package which is causing the conflict 19:56 < bubulle> from "http://www.debian.org/doc/debian-policy/ch-relationships.html#s-conflicts" 19:56 < Clint> that's why we're not using Conflicts 19:57 * bubulle is obviously missing a point..:-) 19:57 < bubulle> debianutils is Essential, passwd is not 19:57 < Clint> ahh.. yes 19:58 < Clint> passwd may need to declare a dependency of some kind on debianutils 19:58 < bubulle> for instance Depends: debianutils (<< 2.14.3) 19:59 < bubulle> So, when the new debianutils will comme, the system won't upgrade it with this passwd 19:59 < Clint> i'm getting dizzy 20:00 < bubulle> let's summarize what I have in mind 20:00 < bubulle> 1) I upload with "Depends: debianutils (<< 2.14.3)" 20:01 < bubulle> 2) you upload 2.14.4 or 2.15 with the utilities 20:01 < bubulle> 3) I upload passwd without the utilities and without the "Depends" 20:01 < Clint> okay 20:01 < Clint> we'll call it 2.15 20:02 < bubulle> maybe ask for some adive to the release team? 20:02 < Clint> good idea 20:02 < bubulle> In case we would have forgotten something 20:03 < bubulle> what I don't know is what will happen when users will upgrade BOTH packages at the same time *after* the transition 20:03 < nekral> an user may have passwd uploaded by 3), but not debianutils 2.15. Is this an issue? 20:04 < bubulle> nekral: then, (s)he will be missing the utilities, so if some shell is to be added|removed we may end up in a bug 20:05 < bubulle> In 3) we should maybe "Depends: debianutils (>= 2.15) 20:05 < Clint> it may need to be a Pre-Depends, but I forget the factors behind that 20:06 < nekral> Pre-Depends: This is stronger than Depends:. The package will not be installed unless the packages it pre-depends on are installed and correctly configured. Use this very sparingly and only after discussing it on the debian-devel mailing list. Read: don't use it at all. :-) 20:06 < bubulle> nekral: well, in cases we're likely to break the whole system, we maybe can..:-) 20:07 < nekral> Yes, just a cut&paste from the Debian New Maintainers' Guide 20:09 < bubulle> I actually don't see any need for Pre-Depends 20:09 < bubulle> it just requires that the package depended on is fully configured.... 20:09 < Clint> yes, that shouldn't be an issue 20:09 < bubulle> in our case, we just need that debianutils is unpacked 20:09 < Clint> right 20:09 < bubulle> so that *-shell stuff is still available 20:11 < bubulle> well, if no more ideas come around, I propose pasting all this in the bug log, then very shortly summarize and ask for advices on -devel (or on IRC #debian-release) 20:12 < Clint> hmm, that should probably be <= 2.14.3 20:12 < bubulle> yes 20:13 < Clint> okay So, the summary is: ("the utilities" below stands for add-shell and remove-shell) 1) shadow package maintainers upload passwd which "Depends: debianutils (<= 2.14.3)" this version *still* includes the utilities 2) we warn Clint 3) He uploads debianutils 2.15 with the utilities 4) He warns us..:-) 5) We upload passwd *without* the utilities and "Depends: debianutils (>= 2.15)" 6) we might need to later warn maintainers of shell packages which maybe depend on passwd just because they need the utilities