[pkg-gnupg-maint] Bug#846232: Bug#846232: libgpgme-dev: Provides: libgpgme11-dev must be versioned

Daniel Kahn Gillmor dkg at fifthhorseman.net
Wed Nov 30 18:53:33 UTC 2016 

Control: reassign 846232 libopenvas-dev
Control: affects 846232 + libgpgme-dev
Control: tags 846232 + patch

Hi Adrian--

thanks for the heads-up!

On Tue 2016-11-29 07:57:28 -0500, Adrian Bunk wrote:
> Package: libgpgme-dev
> Version: 1.8.0-2
> Severity: serious
> Control: affects -1 libopenvas-dev
>
> libopenvas-dev depends on libgpgme11-dev (>=3D 1.1.2), to make libopenvas-dev
> installable again the Provides in libgpgme11-dev must be versioned.

hm, i'm not sure about this.  from debian policy 3.9.8.0,

file:///usr/share/doc/debian-policy/policy-1.html#s-virtual (§ 7.5)
says:

    If a relationship field has a version number attached, only real
    packages will be considered to see whether the relationship is
    satisfied (or the prohibition violated, for a conflict or
    breakage). In other words, if a version number is specified, this is
    a request to ignore all Provides for that package name and consider
    only real packages. The package manager will assume that a package
    providing that virtual package is not of the "right" version. A
    Provides field may not contain version numbers, and the version
    number of the concrete package which provides a particular virtual
    package will not be considered when considering a dependency on or
    conflict with the virtual package name.[52]

    [=E2=80=A6]

    [52] It is possible that a future release of dpkg may add the
         ability to specify a version number for each virtual package it
         provides. This feature is not yet present, however, and is
         expected to be used only infrequently.

So i think that the place to fix the problem is in libopenvas-dev,
right?  Please consider the attached patch.

Feel free to reassign back if you think that this analysis is wrong and
can help me see what the right evaluation is.

> Severity set RC, since this prevents testing migration of gpgme1.0

Agreed that this migration blocker is serious.

Regards,

       --dkg

-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-Use-the-new-standard-libgpgme-dev-package.patch
Type: text/x-diff
Size: 1558 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-gnupg-maint/attachments/20161130/1e9640b5/attachment.patch>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 832 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-gnupg-maint/attachments/20161130/1e9640b5/attachment.sig>

More information about the pkg-gnupg-maint mailing list