[Pkg-net-snmp-devel] Bug#557434: libsnmp-base: Asks (with high priority) to download non-free bits on installation

Josh Triplett josh at joshtriplett.org
Sun Nov 22 03:26:15 UTC 2009


Package: libsnmp-base
Version: 5.4.2.1~dfsg-3
Severity: important

On installation, libsnmp-base prompts about whether to download and
install non-free MIB files, with high priority.  This has a number of
problems:

- As stated several times in the discussion leading to this change,
  libsnmp-base doesn't necessarily need these MIBs to function; only the
  command-line tools, and *possibly* other software using libsnmp-base
  that wants names rather than numbers, do.  That would tend to lead to
  a "Suggests" at most from libsnmp-base.  Prompting for installation
  proves quite intrusive by comparison, for something most users don't
  need.

- It adds another prompt to installation which users have to answer,
  many of which won't necessarily have a clue about SNMP.  A quick look
  at the reverse-Depends of libsnmp15 (which pulls in libsnmp-base)
  turns up hplip, openipmi, ifstat, and kolab-cyrus-common, any of which
  a user might install without any knowledge of SNMP.

- It bypasses the packaging system by downloading and installing bits
  that don't get managed by the package manager.  (This will prove even
  more painful if the data needs updating at any point.)  Furthermore,
  it installs these bits to /usr.

- It bypasses the dependency mechanisms of the packaging system.
  Software depending on libsnmp-base and needing the MIB files would
  fail if the user says "no", but nothing in the dependencies can
  express this.  Furthermore, this also does an end-run around the
  requirement that software in main may not depend on non-free software,
  by simply omitting the dependency and letting things break.

- It prompts the user to install non-free software.  Previously, Debian
  has avoided and removed such prompts, notably the one in the initial
  installation asking whether to use contrib and non-free.

I propose two alternative solutions, which I think would address all of
these issues:

1) If the licenses of the MIB files permit (which as far as I can tell
   they do), package the MIB files in Debian non-free.  Have
   libsnmp-base suggest this new package; packages in main may suggest
   packages in contrib or non-free, they just can't depend on or
   recommend packages in contrib or non-free.  Other packages, like smi,
   can also suggest this package.  Any package which actually requires
   the MIB files can depend on them (and move to contrib), if we can't
   fix it to avoid that requirement; packages which work fine without
   the MIB files but which could make use of them if present could
   suggest the package containing the MIBs.

2) If the licenses of the MIB files do not permit redistribution,
   create a package in contrib which unconditionally downloads and
   installs them, and treat that package as described in 1 above
   (Suggests from libsnmp-base, in particular).

Really tempted to file this bug as "serious", but AFAICT it doesn't
violate the *letter* of Debian Policy.  I personally think we ought to
change Policy to explicitly prohibit a package in main from offering to
download non-free data at install time, though.  Note that any package
in main which depends (directly or indirectly) on libsnmp-base and needs
the MIBs *does* violate Debian Policy.

- Josh Triplett

-- System Information:
Debian Release: squeeze/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.31-1-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages libsnmp-base depends on:
ii  debconf [debconf-2.0]     1.5.28         Debian configuration management sy
ii  gawk                      1:3.1.6.dfsg-4 GNU awk, a pattern scanning and pr
ii  make                      3.81-7         An utility for Directing compilati
ii  wget                      1.12-1.1       retrieves files from the web

libsnmp-base recommends no packages.

libsnmp-base suggests no packages.

-- debconf information:
* libsnmp-base/download_mibs: false





More information about the Pkg-net-snmp-devel mailing list