Bug#574572: lintian: false positives with shared libraries
Brian May b...@debian.org writes: W: libhx509-5-heimdal: shlibs-declares-dependency-on-other-package libhx509-5-heimdal (= 1.4.0git20100221.dfsg.1) [...] The package-name-doesnt-match-sonames is an old issue, the shlibs-declares-dependency-on-other-package is a new one that makes no sense to me. Have I got something wrong? Yes, note the missing ~ in the version number in the dependencies. The version shlibs creates a dependency on is different (higher) than the package version and therefore can't be satisfied by it. This is why the libraries are currently uninstallable in unstable. The tag name is deceptive in this case, but the long description (lintian -i) would have helped: N: shlibs-declares-dependency-on-other-package N: N: This package declares in its shlibs control file either a dependency N: on some other package not listed in the Provides of this package or on N: a version of this package that the package version doesn't satisfy. N: N: Packages should normally only list in their shlibs control file the N: shared libraries included in that package, and therefore the N: dependencies listed there should normally be satisfied by either the N: package itself or one of its Provides. N: N: In unusual circumstances where it's necessary to declare more complex N: dependencies in the shlibs control file, please add a lintian override N: for this warning. N: N: Refer to Debian Policy Manual section 8.6 (Dependencies between the N: library and other packages - the shlibs system) for details. N: N: Severity: normal, Certainty: possible -- Russ Allbery (r...@debian.org) http://www.eyrie.org/~eagle/ -- To UNSUBSCRIBE, email to debian-lint-maint-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/87ljdo6f4d@windlord.stanford.edu
Another lintian release for squeeze?
Hello, have you planned another lintian release for squeeze? I would like to see my debian/source/format related checks (#566820) merged in the lintian version that will be in squeeze. Cheers, -- Raphaël Hertzog -+- http://www.ouaza.com Freexian : des développeurs Debian au service des entreprises http://www.freexian.com -- To UNSUBSCRIBE, email to debian-lint-maint-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20100319080921.ga31...@rivendell
Bug#573088: Allow and recommend sha256sums control file
On Mon, 08 Mar 2010, Frank Lin PIAT wrote: Please find a patch attached that allow (and recommends) to provide sha256sums. (During a transition period, we encourage people to provide both SHA and MD5, so existing setup don't get broken). I'm not sure we should push for this right now. On the dpkg Roadmap, there's already stuff concerning all this: http://wiki.debian.org/Teams/Dpkg/RoadMap Merge back debsums: * Generate checksums at build and install time. http://bugs.debian.org/155676 * Store metadata from .deb at install time. * Add a new dpkg-foo to verify, restore, etc metadata. Cheers, -- Raphaël Hertzog Like what I do? Sponsor me: http://ouaza.com/wp/2010/01/05/5-years-of-freexian/ My Debian goals: http://ouaza.com/wp/2010/01/09/debian-related-goals-for-2010/ -- To UNSUBSCRIBE, email to debian-lint-maint-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20100319080420.ga31...@rivendell
Bug#573088: Allow and recommend sha256sums control file
Hello Raphael, On Fri, 2010-03-19 at 09:04 +0100, Raphael Hertzog wrote: On Mon, 08 Mar 2010, Frank Lin PIAT wrote: Please find a patch attached that allow (and recommends) to provide sha256sums. (During a transition period, we encourage people to provide both SHA and MD5, so existing setup don't get broken). I'm not sure we should push for this right now. On the dpkg Roadmap, there's already stuff concerning all this: http://wiki.debian.org/Teams/Dpkg/RoadMap Merge back debsums: * Generate checksums at build and install time. http://bugs.debian.org/155676 * Store metadata from .deb at install time. * Add a new dpkg-foo to verify, restore, etc metadata. I wasn't aware of that roadmap. I am actually working on an improved proposal, that goes far beyond checksumming, because checksumming isn't enough for security purpose. (file permissions, owner, symlinks...) Knowing what we want to do is one thing, knowing where we do it is another issue. We can solve one problem at a time. Thank you for pointing this, Franklin -- ... Unix philosophy: do one thing only, and do it well. -- To UNSUBSCRIBE, email to debian-lint-maint-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/1268988015.3488.245.ca...@solid.paris.klabs.be
Re: Another lintian release for squeeze?
Raphael Hertzog raph...@ouaza.com writes: have you planned another lintian release for squeeze? I would like to see my debian/source/format related checks (#566820) merged in the lintian version that will be in squeeze. I currently don't have any specific plans just because I haven't had any time to look at Lintian beyond answer random e-mail in a while, but I plan on sitting down this weekend and doing a major run through the BTS and try to apply everything that's pending and fix as many minor bugs as I can. If all goes according to plan, therefore, expect an upload with that and many other things Sunday or so. -- Russ Allbery (r...@debian.org) http://www.eyrie.org/~eagle/ -- To UNSUBSCRIBE, email to debian-lint-maint-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/87fx3wjivy@windlord.stanford.edu
Bug#574572: lintian: false positives with shared libraries
On 19 March 2010 16:43, Russ Allbery r...@debian.org wrote: Yes, note the missing ~ in the version number in the dependencies. The version shlibs creates a dependency on is different (higher) than the package version and therefore can't be satisfied by it. This is why the libraries are currently uninstallable in unstable. Oh, ok, I checked the version, but didn't notice the error. Looks like my regexp broken in vim :-( The tag name is deceptive in this case, but the long description (lintian -i) would have helped: I missed the phrase or on a version of this package that the package version doesn't satisfy. Anyway, now made a new upload to Debian to fix this. The other issue with the package-name-doesnt-match-sonames tag remains. Thanks -- Brian May br...@microcomaustralia.com.au -- To UNSUBSCRIBE, email to debian-lint-maint-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/3c5cf5261003191635m6f311162o73c4f44ee78f0...@mail.gmail.com
Bug#574572: lintian: false positives with shared libraries
Brian May b...@debian.org writes: The other issue with the package-name-doesnt-match-sonames tag remains. For that, if I were you I'd drop the -heimdal from any library package that doesn't actually conflict with an MIT Kerberos library package, which is the majority of the cases. I don't see any obvious reason why, say, libkafs0 or libhx509-5 need to have the -heimdal suffix. Of course, you only want to change package names when you have to anyway because of an SONAME change, so in the meantime you may want to add overrides. I'm of two minds about the packages that actually conflict with MIT Kerberos. On one hand, since the SONAME is different, there's no inherent reason why you need the -heimdal. Calling the library package just libkrb5-26 would be fine technically. On the other hand, it looks like a much newer version of libkrb5-3 and hence could be confusing to humans, so there's an argument to be made for keeping it and the override forever. (And the situation with libkadm* libraries is a bit more complicated, although MIT Kerberos has now renamed their SONAMEs.) -- Russ Allbery (r...@debian.org) http://www.eyrie.org/~eagle/ -- To UNSUBSCRIBE, email to debian-lint-maint-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/87y6hnhnrt@windlord.stanford.edu
Re: Another lintian release for squeeze?
Russ Allbery wrote: Raphael Hertzog writes: have you planned another lintian release for squeeze? I would like to see my debian/source/format related checks (#566820) merged in the lintian version that will be in squeeze. I currently don't have any specific plans just because I haven't had any time to look at Lintian beyond answer random e-mail in a while, but I plan on sitting down this weekend and doing a major run through the BTS and try to apply everything that's pending and fix as many minor bugs as I can. If all goes according to plan, therefore, expect an upload with that and many other things Sunday or so. Ah, good to know. I've been working on Lintian::Command::Simple but got stuck with the interface. I should probably push it somewhere and ask for comments. I've also done some work on making t/runtests run multiple jobs in parallel (using perl threads, actually). There's just one minor glitch I should be able to fix within a few minutes. The only downside is that the output is not clean, but unless I buffer it (which won't make it really show in what order stuff is being done) there's no other way around. Cheers, -- Raphael Geissert - Debian Developer www.debian.org - get.debian.net -- To UNSUBSCRIBE, email to debian-lint-maint-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/ho14h3$d1...@dough.gmane.org
Bug#574572: lintian: false positives with shared libraries
Brian May b...@debian.org writes: Yes, have considered that myself. However, the SONAME doesn't change very frequently on these libraries. In fact I think some of these libraries the SONAME never have changed since I started maintaining them. Yeah, that's not surprising. I'll be surprised if upstream ever changes the SONAME of libkafs, for instance. I suspect you're best off just adding overrides and only reconsidering if there's a good opportunity and an SONAME change that you notice. Some libraries, e.g. libotp0 are very generic, but the argument could be made that Heimdal shouldn't really ship with it anyway as (AFAIK) it has nothing to do with Kerberos. Well, insofar as Heimdal provides them and uses them, I wouldn't worry too much about it. Having the library package name reflect the name of the library is good because it draws attention to any potential conflict. Having SONAMEs conflict but package names not is not actually a good situation and one we should try to avoid if at all possible in Debian. Yes, this was major the reason I used the -heimdal prefix in the first place. Yes, the soname is different now, but this may not always be the case. I believe the SONAME will always have to be different or all sorts of things break horribly, starting with libkrb5-multidev and heimdal-multidev. From recent upstream discussions with the MIT Kerberos developers, I believe they're planning on ensuring that the SONAMEs will always stay distinct. -- Russ Allbery (r...@debian.org) http://www.eyrie.org/~eagle/ -- To UNSUBSCRIBE, email to debian-lint-maint-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/87zl237s0v@windlord.stanford.edu
Bug#574572: lintian: false positives with shared libraries
On 20 March 2010 10:53, Russ Allbery r...@debian.org wrote: For that, if I were you I'd drop the -heimdal from any library package that doesn't actually conflict with an MIT Kerberos library package, which is the majority of the cases. I don't see any obvious reason why, say, libkafs0 or libhx509-5 need to have the -heimdal suffix. Of course, you only want to change package names when you have to anyway because of an SONAME change, so in the meantime you may want to add overrides. Yes, have considered that myself. However, the SONAME doesn't change very frequently on these libraries. In fact I think some of these libraries the SONAME never have changed since I started maintaining them. It is possible the only SONAME change I have seen are related to libkrb5 (need to check my changelog to be sure), the one you talk about below. Some libraries, e.g. libotp0 are very generic, but the argument could be made that Heimdal shouldn't really ship with it anyway as (AFAIK) it has nothing to do with Kerberos. Not sure about libsl0 - I have associated this with libss0 in e2fsprogs, however not really understood what they are about or why two versions are required. I'm of two minds about the packages that actually conflict with MIT Kerberos. On one hand, since the SONAME is different, there's no inherent reason why you need the -heimdal. Calling the library package just libkrb5-26 would be fine technically. On the other hand, it looks like a much newer version of libkrb5-3 and hence could be confusing to humans, so there's an argument to be made for keeping it and the override forever. (And the situation with libkadm* libraries is a bit more complicated, although MIT Kerberos has now renamed their SONAMEs.) Yes, this was major the reason I used the -heimdal prefix in the first place. Yes, the soname is different now, but this may not always be the case. -- Brian May br...@microcomaustralia.com.au -- To UNSUBSCRIBE, email to debian-lint-maint-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/3c5cf5261003191722o33255a3fld2f17f2e90a0f...@mail.gmail.com
