Package: php4-pear Version: 4:4.3.10-15 Severity: important Hello, php4-pear package provides some PEAR classes: INSTALLED PACKAGES: =================== PACKAGE VERSION STATE Archive_Tar 1.1 stable Console_Getopt 1.2 stable DB 1.6.2 stable HTTP 1.2.2 stable Mail 1.1.3 stable Net_SMTP 1.2.6 stable Net_Socket 1.0.1 stable PEAR 1.3.2 stable XML_Parser 1.0.1 stable XML_RPC 1.1.0 stable
When somebody needs to update any class from above set he can run (for example): pear update DB then, pear list shows following set of classes: blabluga:~# pear list INSTALLED PACKAGES: =================== PACKAGE VERSION STATE [...] DB 1.7.6 stable Then, php4-pear package could be upgraded or just reinstalled. Well, let's run: apt-get install --reinstall php4-pear then pear list INSTALLED PACKAGES: =================== PACKAGE VERSION STATE [...] DB 1.6.2 stable DB class has been downgraded without any warning. Let's look into another case. Pear classes could have a (versioned) dependecies. For example, XML_Serializer requires XML_Util >= 1.1.1 and XML_Parser >=1.2.1. php4-pear package contains XML_Parser 1.0.1. I upgarde XML_Parser to the current stable (1.2.6 when I am submitting this report), then install XML_Util and XML_Serializer. Great. Let's check a list of installed packages: blabluga:~# pear list | grep XML XML_Parser 1.2.6 stable XML_RPC 1.1.0 stable XML_Serializer 0.15.0 beta XML_Util 1.1.1 stable Again, php4-pear in reinstalled (security upgrade in stable probably will do the mess too). I run apt-get install --reinstall php4-pear then: blabluga:~# pear list | grep XML XML_Parser 1.0.1 stable XML_RPC 1.1.0 stable XML_Serializer 0.15.0 beta XML_Util 1.1.1 stable XML_Parser class has been quietly downgraded. It could lead to some unexpected behavior like: http://pear.php.net/bugs/bug.php?id=3448 There is an ugly workaround like putting DPkg::Post-Invoke {"/usr/bin/pear upgrade-all";}; somewhere in apt.conf.d but it has an obvious drawback - it's run always, regardless of installed/upgraded packages. Additionaly, all classes fetched by pear install/upgrade are placed somewhere in /usr/share. Debian Policy says that site specific programs should be installed in /usr/local. The last problem is a good reason to file this bug as a serious one, but I left the severity readjustment to you. Regards Artur -- System Information: Debian Release: 3.1 APT prefers unstable APT policy: (500, 'unstable'), (1, 'experimental') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.11blbl Locale: LANG=C, LC_CTYPE=pl_PL (charmap=ISO-8859-2) Versions of packages php4-pear depends on: ii php4-cli 4:4.3.10-15 command-line interpreter for the p ii php4-common 4:4.3.10-15 Common files for packages built fr -- no debconf information -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]