Bug#884302: [Pkg-utopia-maintainers] Bug#884302: avahi-ui-utils: recommends virtual package (non-deterministic, potentially pulling in non-free package)
Quoting Michael Biebl (2017-12-13 17:28:29) > Am 13.12.2017 um 17:11 schrieb Jonas Smedegaard: > > Quoting Michael Biebl (2017-12-13 16:26:56) > >> Am 13.12.2017 um 16:02 schrieb Jonas Smedegaard: > >>> Moreover, vnc-viewer is provided by nonfree packages tightvnc-java and > >>> vnc-java, > >> > >> I can't confirm that. Those vnc viewers are from contrib, not from > >> non-free. > > > > Acknowledged - sorry for my too harsh description. > > > > My point was (and still is) that those package are outside main, which > > Debian Policy § 2.2.1 forbids. > > > > How do you interpret that section differently? > > Well, the package does *not* recommend a package outside of main. > It recommends a virtual package which can be satisfied by packages from > main and outside. In our case, there are enough packages in main which > satisfy that provides. So I fail to see how avahi-uti-utils violates that. Ok, so we agree that the package recommend a virtual package which can be satisfied by either free or non-free packages. Problem with that is that non-free packages can then satisfy the recommendation as _default_ alternative. § 2.2.1 of Debian Poilcy states: > packages in main [...] must not declare a Pre-Depends, Depends, > Recommends, Build-Depends, Build-Depends-Indep, or Build-Depends-Arch > relationship on a non-main package unless that package is only listed > as a non-default alternative for a package in main Please fix vnc-viewer to list non-main packages only as *non-default* alternatives. - Jonas -- * Jonas Smedegaard - idealist & Internet-arkitekt * Tlf.: +45 40843136 Website: http://dr.jones.dk/ [x] quote me freely [ ] ask before reusing [ ] keep private signature.asc Description: signature
Bug#884302: [Pkg-utopia-maintainers] Bug#884302: avahi-ui-utils: recommends virtual package (non-deterministic, potentially pulling in non-free package)
Am 13.12.2017 um 17:11 schrieb Jonas Smedegaard: > Quoting Michael Biebl (2017-12-13 16:26:56) >> Am 13.12.2017 um 16:02 schrieb Jonas Smedegaard: >>> Moreover, vnc-viewer is provided by nonfree packages tightvnc-java and >>> vnc-java, >> >> I can't confirm that. Those vnc viewers are from contrib, not from non-free. > > Acknowledged - sorry for my too harsh description. > > My point was (and still is) that those package are outside main, which > Debian Policy § 2.2.1 forbids. > > How do you interpret that section differently? Well, the package does *not* recommend a package outside of main. It recommends a virtual package which can be satisfied by packages from main and outside. In our case, there are enough packages in main which satisfy that provides. So I fail to see how avahi-uti-utils violates that. -- Why is it that all of the instruments seeking intelligent life in the universe are pointed away from Earth? signature.asc Description: OpenPGP digital signature
Bug#884302: [Pkg-utopia-maintainers] Bug#884302: avahi-ui-utils: recommends virtual package (non-deterministic, potentially pulling in non-free package)
Am 13.12.2017 um 16:02 schrieb Jonas Smedegaard: > Moreover, vnc-viewer is provided by nonfree packages tightvnc-java and > vnc-java, I can't confirm that. Those vnc viewers are from contrib, not from non-free. -- Why is it that all of the instruments seeking intelligent life in the universe are pointed away from Earth? signature.asc Description: OpenPGP digital signature
Bug#884302: [Pkg-utopia-maintainers] Bug#884302: avahi-ui-utils: recommends virtual package (non-deterministic, potentially pulling in non-free package)
Control: severity -1 normal Am 13.12.2017 um 16:02 schrieb Jonas Smedegaard: > Package: avahi-ui-utils > Version: 0.7-3 > Severity: serious > Justification: Policy 2.2.1 > > avahi-ui-utils recommends vnc-viewer. > > vnc-viewer is a virtual package, which means it is not deterministic > which package will satisfy the recommendation. > > Moreover, vnc-viewer is provided by nonfree packages tightvnc-java and > vnc-java, which means those of our users enabling the _ability_ to > install nonfree packages (by including the nonfree suite) may > accidentally install nonfree packages they did not explicitly choose. > > Debian Policy includes the following requirement in §2.2.1: > >> must not require or recommend a package outside of main for >> compilation or execution (thus, the package must not declare a >> Pre-Depends, Depends, Recommends, Build-Depends, Build-Depends-Indep, >> or Build-Depends-Arch relationship on a non-main package unless that >> package is only listed as a non-default alternative for a package in >> main), > > Listing a virtual package as first choice of a Recommends violates > Policy §2.2.1, because that is not "a non-default alternative". I don't read the policy this way, as this specific case is not covered. Please get clarification from the policy maintainers before raising the severity. -- Why is it that all of the instruments seeking intelligent life in the universe are pointed away from Earth? -- Why is it that all of the instruments seeking intelligent life in the universe are pointed away from Earth? signature.asc Description: OpenPGP digital signature
