Package: lintian Version: 2.119.0 Severity: wishlist X-Debbugs-Cc: [email protected]
Hi, I'd like to suggest an enhancement to improve the stability of the Java ecosystem in Debian: if a source package builds a binary package which depends on a Java library that isn't declared in the dependencies of the source package, lintian could report the missing dependency. The rationale is that sometimes the code of the source package depends directly on a specific library, but the library isn't declared in the dependencies of the source package. The package manages to build because the missing dependency is provided transitively through another dependency. When this other dependency is updated and drops the dependency on the required library, the package breaks. For example: 1. src:foo builds libfoo-java 2. src:foo requires libbar-java but doesn't depend on it 3. src:foo depends on libbaz-java which depends on libbar-java 4. libfoo-java dependencies are resolved by the build helper (maven-debian-helper), libfoo-java depends on libbar-java 5. libbaz-java is then updated and drops the dependency on libbar-java 6. src:foo no longer has libbar-java in its dependency graph and fails to build The rule would be implemented such that any lib.*-java package found in the dependencies of the binary package but not declared in the dependencies of the source package should be reported. Emmanuel Bourg
