Your message dated Wed, 6 Sep 2023 21:27:41 +0200
with message-id <[email protected]>
and subject line Re: [Pkg-utopia-maintainers] Bug#884302: avahi-ui-utils:
recommends virtual package (non-deterministic, potentially pulling in non-free
package)
has caused the Debian Bug report #884302,
regarding avahi-ui-utils: recommends virtual package (non-deterministic,
potentially pulling in non-free package)
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
884302: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=884302
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: avahi-ui-utils
Version: 0.7-3
Severity: serious
Justification: Policy 2.2.1
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
avahi-ui-utils recommends vnc-viewer.
vnc-viewer is a virtual package, which means it is not deterministic
which package will satisfy the recommendation.
Moreover, vnc-viewer is provided by nonfree packages tightvnc-java and
vnc-java, which means those of our users enabling the _ability_ to
install nonfree packages (by including the nonfree suite) may
accidentally install nonfree packages they did not explicitly choose.
Debian Policy includes the following requirement in §2.2.1:
> must not require or recommend a package outside of main for
> compilation or execution (thus, the package must not declare a
> Pre-Depends, Depends, Recommends, Build-Depends, Build-Depends-Indep,
> or Build-Depends-Arch relationship on a non-main package unless that
> package is only listed as a non-default alternative for a package in
> main),
Listing a virtual package as first choice of a Recommends violates
Policy §2.2.1, because that is not "a non-default alternative".
Please prioritize free VNC alternatives over the virtual vnc-viewer.
- Jonas
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEn+Ppw2aRpp/1PMaELHwxRsGgASEFAloxQPwACgkQLHwxRsGg
ASHlJw/+LWtToVa02OLr672PrDBl7Lamr278abtMvy2dOmprf3BLuxwlhG5FRs/4
JM8BsUWjCHld99aZzmC5jC0/DUQK6ICoRuLJHMqhF2jwqr6NjY8EEvm/s0DDpSdb
ifURLaADNPtSxk3ZujkdV+fAS4eKBOtXIpwarbOQyTwBxSuLo316TqhgCc4ByWGT
Xfy+8y5r060aVvnDq9UEwgxy2jsWRIeIhflLkBdpI9/xgiHsyFcaK/3UrF+eRn9J
CfdodEJ9ypiU+Fn421IhaaT6eJoWWke/ofmaRut/f/cVuA8EJY5/D2eEtRsDUMLv
8aoRP/usBmFdesIVSPlcades5VmrtrL1wsYBgV4X12fUKA8y+/N8Fd4IJp8Zmx08
u4IW//It+GVwI5m8mJuzpbif+F9cJJ5Qry1z7ORPHVO8euzS44I9MJFFKLOXKyvm
3gI5ZAgv+WyheMcqCJhNnvkLxSKc+gasPHizDJS4FEf2ueIFtdtAJW7R7uIyZPrQ
bSuM/FXMBl35gYueK63YAIKyc4HpbV9hncEsPJs3kaYc4wfr5Q6C+PvcAu7JZO4Y
CIDqWy0SJh5wtWSh7Mst4rJamg0RLmA1RHI8dy7Oich3WW0IVfrL/+Him+dQ0H1r
VaNhDHQ35ntxyTavk5EclA5XdSUvMU/d7T+jHWpNLZIuJuGik78=
=ggb1
-----END PGP SIGNATURE-----
--- End Message ---
--- Begin Message ---
If there is a preferred vnc-viewer in Debian, this should be handled via
the by now established default-foo | foo mechanism
(default-mysql-server, default-mta, default-jdk, default-dbus-*, etc)
No such default package exists for vnc-viewer. If this is important for
you, please do get this issue sorted out.
For now, this bug report is not actionable, thus closing.
(and if I'm seeing this correctly, all packages providing vnc-viewer are
from main, nowadays)
Michael
On Sun, 14 Jan 2018 11:09:16 +0100 Jonas Smedegaard <[email protected]> wrote:
Quoting Michael Biebl (2017-12-13 17:28:29)
> Am 13.12.2017 um 17:11 schrieb Jonas Smedegaard:
> > Quoting Michael Biebl (2017-12-13 16:26:56)
> >> Am 13.12.2017 um 16:02 schrieb Jonas Smedegaard:
> >>> Moreover, vnc-viewer is provided by nonfree packages tightvnc-java and
> >>> vnc-java,
> >>
> >> I can't confirm that. Those vnc viewers are from contrib, not from
non-free.
> >
> > Acknowledged - sorry for my too harsh description.
> >
> > My point was (and still is) that those package are outside main, which
> > Debian Policy § 2.2.1 forbids.
> >
> > How do you interpret that section differently?
>
> Well, the package does *not* recommend a package outside of main.
> It recommends a virtual package which can be satisfied by packages from
> main and outside. In our case, there are enough packages in main which
> satisfy that provides. So I fail to see how avahi-uti-utils violates that.
Ok, so we agree that the package recommend a virtual package which can
be satisfied by either free or non-free packages.
Problem with that is that non-free packages can then satisfy the
recommendation as _default_ alternative.
§ 2.2.1 of Debian Poilcy states:
> packages in main [...] must not declare a Pre-Depends, Depends,
> Recommends, Build-Depends, Build-Depends-Indep, or Build-Depends-Arch
> relationship on a non-main package unless that package is only listed
> as a non-default alternative for a package in main
Please fix vnc-viewer to list non-main packages only as *non-default*
alternatives.
- Jonas
--
* Jonas Smedegaard - idealist & Internet-arkitekt
* Tlf.: +45 40843136 Website: http://dr.jones.dk/
[x] quote me freely [ ] ask before reusing [ ] keep private
OpenPGP_signature.asc
Description: OpenPGP digital signature
--- End Message ---
_______________________________________________
Pkg-utopia-maintainers mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-utopia-maintainers
