severity 477732 wishlist tag 477732 + moreinfo thanks On 24 April 2008 at 23:57, Vincent Danjean wrote: | Package: libgsl0ldbl | Version: 1.11-1 | Severity: serious | Tags: patch | Justification: can make other program buging | | Hi, | | I see that you rename the package libgsl0 to libgsl0ldbl due to the | "double" transition on some arch.
AFAIK that is common standard and always done on rebuild transitions. | libgsl0ldbl replaces libgsl0 as both provide /usr/lib/libgsl0.so.0 for | example. | But you also need to conflict. | Without the conflict, here is what can happen (it happens to me) : | | libgsl0 is installed | progA is installed and depend on libgsl0 as | /usr/bin/progA is linked to libgsl0.so.0 | It use the old version (compiled before the "double" transition) Is that a local binary? Everything build by Debian is caught with a transition from unstable to testing. | libgsl0ldbl is installed. It replaces /usr/lib/libgsl0.so.0 | libgsl0 is not removed | progA is not removed nor upgraded | /usr/bin/progA then uses the new /usr/lib/libgsl0.so.0 with different | object sizes (whereas /usr/lib/libgsl0.so.0 always has the same list of | symbols) | /usr/bin/progA will probably bug or give wrong results. It is possible | that this can be used to create a security problem (similar to buffer | overflow) but I'm not skilled enough to be sure. | | If libgsl0ldbl conflicts with libgsl0, when libgsl0ldbl will be | installed, libgsl0 will be removed and progA will be removed or updated | (if a new version recompiled against the new libgsl0ldbl library is | available) There was a reason why we didn't do this. I just glanced at the Debian Policy document, sections 7.3 and 7.5, but I don't find it. On the other hand, the chance was made __last June__ and if it really was wrong, I would have heard from someone else about it. I do not see this as a bug. Please give me more concrete evidence. Otherwise, I find this rather convincingL [EMAIL PROTECTED]:~> apt-cache rdepends libgsl0ldbl | wc -l 68 <libgsl0> [EMAIL PROTECTED]:~> 68 packages correctly depend on libgsl0ldbl and none on libgsl0. So which package is this mythical progA from? Thanks for interest in GNU gsl and your enthusiam in trying to make it better. Unfortunately, I think you picked two topics for which you are on the wrong side of the argument, but I *do* appreciate the bugreports. Dirk | | Best regards, | Vincent | | | -- System Information: | Debian Release: lenny/sid | APT prefers unstable | APT policy: (990, 'unstable'), (500, 'testing'), (500, 'stable'), (1, 'experimental') | Architecture: i386 (i686) | | Kernel: Linux 2.6.25-trunk-686 (SMP w/1 CPU core) | Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8) | Shell: /bin/sh linked to /bin/bash | | Versions of packages libgsl0ldbl depends on: | ii libc6 2.7-10 GNU C Library: Shared libraries | | libgsl0ldbl recommends no packages. | | -- no debconf information | | -- Three out of two people have difficulties with fractions. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
