Quoting mer...@debian.org (2020-07-12 06:37:52) > On 2020-07-11 11:00, Jonas Smedegaard wrote: > > Reason I suspect upstream-only tracking is wrong is that also Debian > > changes can change ABI - either deliberately or accidentally. Most > > notibly by adding/changing patches, but possibly also through changes to > > build-dependencies. > > Agree. > > > I thought with node-expat I had mimiced the dpkg-shlibdeps resolved hint > > for libnodeXX but I see now that I did that wrong: Currently that > > dependency is upstream-only, but that is because the current > > relationship is for a -1 release where the Debian part is stripped. > > > > I now issued a new node-expat with an improved logic. Thanks! > > I saw your changes in node-expat 2.3.18+ds-3. This is definitely an > improvement, but having no upper bound on nodejs version will not prevent > #963060 from happening again once in a while.
I don't _know_ that a new release of nodejs breaks the part of its ABI used by the package I release. Package releationships should not be tighter than needed. There is a common trend in domain-specific packaging systems (e.g. npm, pip, cpan) to declare overly tight relationships, but that is related to those systems mainly being about _installing_ and having poor mechanisms for _maintaining_ those relationships, and each package then "papering over" that by declaring not what is needed but what is safe (e.g. avoiding bugs in _other_ packages by tightening relationships). I think that when we declare only¹ lower bounds, we do avoid the biggest headache of nodejs failing to transition - and reduce the problem to each package requiring a binNMU being flagged as such. Please others chime in if you think I am mistaken about that. - Jonas ¹ ...and obviously declare upper bounds too when we _know_ what they are, but generally in Debian we have no crystal ball so cannot know which future release will break things. -- * Jonas Smedegaard - idealist & Internet-arkitekt * Tlf.: +45 40843136 Website: http://dr.jones.dk/ [x] quote me freely [ ] ask before reusing [ ] keep private
signature.asc
Description: signature
