[Pkg-net-snmp-devel] Bug#557434: libsnmp-base: Asks (with high priority) to download non-free bits on installation
Josh Triplett
josh at joshtriplett.org
Sun Nov 22 03:26:15 UTC 2009
Package: libsnmp-base
Version: 5.4.2.1~dfsg-3
Severity: important
On installation, libsnmp-base prompts about whether to download and
install non-free MIB files, with high priority. This has a number of
problems:
- As stated several times in the discussion leading to this change,
libsnmp-base doesn't necessarily need these MIBs to function; only the
command-line tools, and *possibly* other software using libsnmp-base
that wants names rather than numbers, do. That would tend to lead to
a "Suggests" at most from libsnmp-base. Prompting for installation
proves quite intrusive by comparison, for something most users don't
need.
- It adds another prompt to installation which users have to answer,
many of which won't necessarily have a clue about SNMP. A quick look
at the reverse-Depends of libsnmp15 (which pulls in libsnmp-base)
turns up hplip, openipmi, ifstat, and kolab-cyrus-common, any of which
a user might install without any knowledge of SNMP.
- It bypasses the packaging system by downloading and installing bits
that don't get managed by the package manager. (This will prove even
more painful if the data needs updating at any point.) Furthermore,
it installs these bits to /usr.
- It bypasses the dependency mechanisms of the packaging system.
Software depending on libsnmp-base and needing the MIB files would
fail if the user says "no", but nothing in the dependencies can
express this. Furthermore, this also does an end-run around the
requirement that software in main may not depend on non-free software,
by simply omitting the dependency and letting things break.
- It prompts the user to install non-free software. Previously, Debian
has avoided and removed such prompts, notably the one in the initial
installation asking whether to use contrib and non-free.
I propose two alternative solutions, which I think would address all of
these issues:
1) If the licenses of the MIB files permit (which as far as I can tell
they do), package the MIB files in Debian non-free. Have
libsnmp-base suggest this new package; packages in main may suggest
packages in contrib or non-free, they just can't depend on or
recommend packages in contrib or non-free. Other packages, like smi,
can also suggest this package. Any package which actually requires
the MIB files can depend on them (and move to contrib), if we can't
fix it to avoid that requirement; packages which work fine without
the MIB files but which could make use of them if present could
suggest the package containing the MIBs.
2) If the licenses of the MIB files do not permit redistribution,
create a package in contrib which unconditionally downloads and
installs them, and treat that package as described in 1 above
(Suggests from libsnmp-base, in particular).
Really tempted to file this bug as "serious", but AFAICT it doesn't
violate the *letter* of Debian Policy. I personally think we ought to
change Policy to explicitly prohibit a package in main from offering to
download non-free data at install time, though. Note that any package
in main which depends (directly or indirectly) on libsnmp-base and needs
the MIBs *does* violate Debian Policy.
- Josh Triplett
-- System Information:
Debian Release: squeeze/sid
APT prefers unstable
APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.31-1-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages libsnmp-base depends on:
ii debconf [debconf-2.0] 1.5.28 Debian configuration management sy
ii gawk 1:3.1.6.dfsg-4 GNU awk, a pattern scanning and pr
ii make 3.81-7 An utility for Directing compilati
ii wget 1.12-1.1 retrieves files from the web
libsnmp-base recommends no packages.
libsnmp-base suggests no packages.
-- debconf information:
* libsnmp-base/download_mibs: false
More information about the Pkg-net-snmp-devel
mailing list