xmltooling: allowed dependencies in backports?

[Ferenc Wágner]

Etienne Dysli-Metref <etienne.dysli-metref at switch.ch> writes:

> On 19/09/16 18:07, Russ Allbery wrote:
>
>> They can depend on other backported packages.  (If they couldn't, there
>> are a lot of things, including Shibboleth, that would be impossible to
>> backport.)
>
> A follow-up question: should the [build] dependencies of backported
> packages be "adjusted" in order to require the backported dependencies?

Yes, if that makes a difference.

> Example with xmltooling, it has:
> Build-Depends:
>  ...
>  liblog4shib-dev,
>  ...
>  libxml-security-c-dev (>= 1.7.3-3~),
>  ...
>
> Should this be changed to "liblog4shib-dev (>= 1.0.9-3~)" to pull in the
> version I backported?

As log4shib 1.0.8 and 1.0.9 are compatible, the build dependency version
does not make a difference: you can use the resulting dynamically linked
xmltooling library with either version.  If you want to require using
1.0.9, you have to declare a run-time (binary) dependency, that is, add
an explicit one (because shlibs:Depends expands to unversioned
dependencies for libraries lacking symbols files).

Almost the same could be said about xml-security-c, but there the build
system depends on the pkg-config improvements of 1.7.3-3.  The compiled
library can be used with any libxml-security-c17 version, though (as far
as I know).  Of course you're free to explicitly require the backported
version like above.
-- 
Feri