[Pkg-javascript-devel] Bug#963761: Bug#963761: Bug#963761: Bug#963761: Bug#963761: node-node-sass: missing versioned dependency relation?: Sass could not find a binding for your current environment

Jonas Smedegaard jonas at jones.dk
Sun Jul 12 11:52:20 BST 2020 

Quoting merkys at debian.org (2020-07-12 06:37:52)
> On 2020-07-11 11:00, Jonas Smedegaard wrote:
> > Reason I suspect upstream-only tracking is wrong is that also Debian 
> > changes can change ABI - either deliberately or accidentally.  Most 
> > notibly by adding/changing patches, but possibly also through changes to 
> > build-dependencies.
> 
> Agree.
> 
> > I thought with node-expat I had mimiced the dpkg-shlibdeps resolved hint 
> > for libnodeXX but I see now that I did that wrong: Currently that 
> > dependency is upstream-only, but that is because the current 
> > relationship is for a -1 release where the Debian part is stripped.
> >
> > I now issued a new node-expat with an improved logic.  Thanks!
> 
> I saw your changes in node-expat 2.3.18+ds-3. This is definitely an improvement, but having no upper bound on nodejs version will not prevent #963060 from happening again once in a while.

I don't _know_ that a new release of nodejs breaks the part of its ABI 
used by the package I release.

Package releationships should not be tighter than needed.  There is a 
common trend in domain-specific packaging systems (e.g. npm, pip, cpan) 
to declare overly tight relationships, but that is related to those 
systems mainly being about _installing_ and having poor mechanisms for 
_maintaining_ those relationships, and each package then "papering over" 
that by declaring not what is needed but what is safe (e.g. avoiding 
bugs in _other_ packages by tightening relationships).

I think that when we declare only¹ lower bounds, we do avoid the biggest 
headache of nodejs failing to transition - and reduce the problem to 
each package requiring a binNMU being flagged as such.

Please others chime in if you think I am mistaken about that.


 - Jonas

¹ ...and obviously declare upper bounds too when we _know_ what they 
are, but generally in Debian we have no crystal ball so cannot know 
which future release will break things.

-- 
 * Jonas Smedegaard - idealist & Internet-arkitekt
 * Tlf.: +45 40843136  Website: http://dr.jones.dk/

 [x] quote me freely  [ ] ask before reusing  [ ] keep private
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: signature
URL: <http://alioth-lists.debian.net/pipermail/pkg-javascript-devel/attachments/20200712/963bcfb9/attachment.sig>

More information about the Pkg-javascript-devel mailing list