Bug#637444: experimental gkrellm broken by openssl split

Stefan Bühler lighttpd at stbuehler.de
Fri Aug 12 14:00:39 UTC 2011 

On 08/12/2011 03:15 PM, Andreas Metzler wrote:
> On 2011-08-11 Stefan Bühler<lighttpd at stbuehler.de>  wrote:
>> Package: gnutls26
>> Version: 2.12.7-4
>
>> Manual breaks are the wrong way imho - they only protect "known"
>> dependencies.
>
> We do know the packages in Debian that break. I have checked.

That didn't work well, did it? gkrellm in experimental is broken now.
Looking at the changelog you already had fun adding new Breaks...

And i might add that it is a really closed view of the world.

There are more repositories for debian packages than the official ones; 
nobody asks you to support them ofc, but breaking the interface of a 
library packages is just wrong.

>> Imho the gnutls library itself needs a so bump - you should never
>> change the interface provided by a library packages, and this
>> includes reomving libs.
>
> The main gnutls API did not break. The fact thhat I ahve shipped two
> librariers in a single package does nor change this.

Ok, the main gnutls library doesn't need a so bump, but you need a new 
package name. sorry for the wrong wording.

> There is also a question of scale. 4 packages in Debian use the
> openssl wrapper, 200 use gnutls proper.
>
> ametzler at argenau:~$ grep-available -FDepends -sPackage \
>     libgnutls26 \ | wc
>      202     404    4355

Well, shit happens. But the reason still stands: a library *package* 
provides an interface, which must be binary compatible with updates.
That is the point of dependencies after all.

> On top of that there is no reason for upstream to change the man
> gnults soname. It did not break. There is already another new gnutls
> stable release (3.0.0), it does break the API/ABI and includes a
> soname bump.
>
> Please also note that I have asked on Debian release ages ago whether
> handling the transition the way I did was ok, or whether they had
> better ideas.

I found now the mail with your question, but there was no answer...
For reference:
   http://lists.debian.org/debian-release/2011/03/msg00405.html

I see 3 possibilities:
  * Rename libgnutls26 (I often saw people append "c2" when sobump wasn't
    an option)
  * Provide a backported openssl wrapper in libgnutls26
  * Move to the new upstream release (with sobump) asap, and hope that
    the broken libgnutls26 doesn't hit testing.

ciao
stefan

More information about the Pkg-gnutls-maint mailing list