Bug#252194: marked as done (libgnomevfs2-common has too many Depends that should be Suggests)

Debian Bug Tracking System owner@bugs.debian.org
Sun, 23 Jan 2005 07:18:13 -0800 

Your message dated Sun, 23 Jan 2005 16:11:34 +0100
with message-id <20050123151134.GA4784@spring.luon.net>
and subject line Bug#252194: libgnomevfs2-common has too many Depends that should be Suggests
has caused the attached Bug report to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere.  Please contact me immediately.)

Debian bug tracking system administrator
(administrator, Debian Bugs database)

--------------------------------------
Received: (at submit) by bugs.debian.org; 2 Jun 2004 00:41:58 +0000
>From jbj@image.dk Tue Jun 01 17:41:58 2004
Return-path: <jbj@image.dk>
Received: from smtp040.tiscali.dk [212.54.64.106] 
	by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
	id 1BVJpN-0005mD-00; Tue, 01 Jun 2004 17:41:57 -0700
Received: from jbj2.jbj.homelinux.com (62.79.69.37.adsl.he.tiscali.dk [62.79.69.37])
	by smtp040.tiscali.dk (8.12.10/8.12.10) with ESMTP id i520fqwH011964
	for <submit@bugs.debian.org>; Wed, 2 Jun 2004 02:41:52 +0200 (MEST)
Received: from jbj by jbj2.jbj.homelinux.com with local (Exim 3.35 #1 (Debian))
	id 1BVJpK-0001ww-00
	for <submit@bugs.debian.org>; Wed, 02 Jun 2004 02:41:54 +0200
Date: Wed, 2 Jun 2004 02:41:54 +0200
From: Jakob Bohm <jbj@image.dk>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: libgnomevfs2-common has too many Depends that should be Suggests
Message-ID: <20040602004153.GA7480@jbj2.jbj.homelinux.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.3.28i
X-Mailer: reportbug 2.61
Delivered-To: submit@bugs.debian.org
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2004_03_25 
	(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-8.0 required=4.0 tests=BAYES_00,HAS_PACKAGE 
	autolearn=no version=2.60-bugs.debian.org_2004_03_25
X-Spam-Level: 

Package: libgnomevfs2-common
Version: 2.6.1.1-3
Severity: normal
Tags: security sid

The new version of libgnomevfs2-common, which was recently
uploaded to unstable, declares Depends relationships on a lot of
packages that are only needed if support for those specific file
systems is wanted.

Many of those packages in turn bring in lots of other packages
related to those file systems, such as Kerberos, gnutls, fam.

In addition to filling up the users disk space, some of those
directly or indirectly Depended on packages are or include
network daemons, I noticed fam and Kerberos, but there may be
others.  Bringing in unwanted or unrequested network daemons is
bad for security (it is actually one of the primary security
hole in MS Windows...), so I have put a security tag on this
report.

In my own (not uncommon I think) setup this was particularly
obvious: My sid chroot doesn't manage my desktop, so it isn't
running Gnome, but libgnomevfs2-dev was installed to satisfy
build-dependencies of various desktop-neutral programs. The
buildds and anyone else building software in general probably
have the same problem.


I respectfully suggest that the packaging of gnomevfs2 be
changed as follows:

1. Dependencies for individual file systems (as opposed to the
  abstract vfs interface) are reduced to Suggests.  If desired a
  meta-package gnomevfs2-allfilesystems may be created for use
  by first time users.

2. It is ensured that the vfs interface can be loaded and used
  without installing any particular file system support, and
  that support for any one file system does not need any
  unrelated file system to work.  I suspect this is already
  mostly done, since the problematic Depends were not specified
  by version 2.4.x of the package.


Friendly

Jakob

-- System Information:
Debian Release: testing/unstable
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: i386 (i686)
Kernel: Linux 2.4.18jbj3.1.64
Locale: LANG=C, LC_CTYPE=da_DK


-- 
This message is hastily written, please ignore any unpleasant wordings,
do not consider it a binding commitment, even if its phrasing may
indicate so. Its contents may be deliberately or accidentally untrue.
Trademarks and other things belong to their owners, if any.

---------------------------------------
Received: (at 252194-done) by bugs.debian.org; 23 Jan 2005 15:11:49 +0000
>From sjoerd@spring.luon.net Sun Jan 23 07:11:48 2005
Return-path: <sjoerd@spring.luon.net>
Received: from simons.xs4all.nl (fire.luon.net) [80.126.201.244] (postfix)
	by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
	id 1CsjP2-0005Sr-00; Sun, 23 Jan 2005 07:11:48 -0800
Received: from spring.luon.net (spring-wired.ipv6.luon.net [IPv6:2001:888:1d84:0:20a:95ff:fed1:4834])
	by fire.luon.net (Postfix) with ESMTP id 449CC59;
	Sun, 23 Jan 2005 16:11:41 +0100 (CET)
Received: by spring.luon.net (Postfix, from userid 1000)
	id 1636637B66; Sun, 23 Jan 2005 16:11:35 +0100 (CET)
Date: Sun, 23 Jan 2005 16:11:34 +0100
To: Jakob Bohm <jbj@image.dk>
Cc: 252194-done@bugs.debian.org
Subject: Re: Bug#252194: libgnomevfs2-common has too many Depends that should be Suggests
Message-ID: <20050123151134.GA4784@spring.luon.net>
References: <20040602004153.GA7480@jbj2.jbj.homelinux.com> <1086168081.6119.1.camel@leom181.leom.ec-lyon.fr> <20040606225905.GA4975@jbj2.jbj.homelinux.com> <1086614810.14537.12.camel@leom181.leom.ec-lyon.fr> <20040608030117.GA8254@jbj2.jbj.homelinux.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20040608030117.GA8254@jbj2.jbj.homelinux.com>
X-Operating-System: Linux spring 2.6.9-spring #1 Wed Dec 8 16:49:28 CET 2004 ppc GNU/Linux
User-Agent: Mutt/1.5.6+20040907i
From: sjoerd@spring.luon.net (Sjoerd Simons)
Delivered-To: 252194-done@bugs.debian.org
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 
	(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-6.0 required=4.0 tests=BAYES_00,HAS_BUG_NUMBER 
	autolearn=no version=2.60-bugs.debian.org_2005_01_02
X-Spam-Level: 

On Tue, Jun 08, 2004 at 05:01:17AM +0200, Jakob Bohm wrote:
> Here is a simple experiment to measure the size of the problem:
> 
> Set up a sid-chroot with just base and apt.
> 
> Then apt-get install libgnomevfs2 including all Recommends.
> 
> Try to justify why anyone needing the libgnomevfs2.so.2 needs
> each of the packages pulled in.
> 
> Here are my stats from trying this:
> 
> dselect (implicit Recommends):  65 pkgs, dnld  24.8MB, use   87.7MB
> apt-get install, no Recommends: 54 pkgs, dnld  23.2MB, use   80.3MB
> apt-get install w/Recommends:   63 pkgs, dnld  23.9MB, use   84.6MB
> apt-get install w/Suggests     728 pkgs, dnld 520  MB, use 1526  MB
>    (Ok, the last line is extreme and unfair...)

  It's only about 50 megs when you have a system with al standard package
  installed.

  The only things you could remove from it is libsmbclient which doesn't save
  you enough to be worth the trouble.

  I'm closing this, there is no use in keeping it open and above all it's just 
  silly..

    Sjoerd
-- 
I have yet to see any problem, however complicated, which, when
you looked at it in the right way, did not become still more complicated.
		-- Poul Anderson