retitle 489508 texmacs should use mlocate instead of locate thanks >> Texmacs is co-installable with mlocate. There is no problem there >> (unlike the title suggests). > > > Gomennasai! This would be more accurate title for this bug: > > texmacs can not use mlocate as its locate-impelementation. > > Or how about this?: > > texmacs forces to install less secure implementation of locate.
I changed the title. > It is not possible to get these things simultaneously: > > 1) texmacs installed. > 2) mlocate installed. > 3) No other implementations of locate installed. > > IMNSHO that is the problem. > Ok. So you want to make sure that only mlocate is installed and no other locate packages. >> Are you suggesting that we should remove the dependency on locate >> package altogether and depend upon mlocate instead? > > There are two ways to rectify this situation: > > 1) Add this field to package called mlocate: > > Provides: locate > Adeodato Simó is the maintainer of the mlocate package. I am CCing this email to him. > 2) Change Depends: -field of all packages that depends on locate (for > example texmacs) this way: > > Depends: ... locate | mlocate | slocate | findutils (< 4.2.31-2) ... > It should probably be "mlocate | slocate | locate ..." so that mlocate would be preferred over others. Now this reminds me, we have had a similar discussion about locate vs. slocate dependency. See http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=461118 for more info. The conclusion there is that Atsuhito has updated the dependencies w.r.t. the locate packages. The change was made in his svn repository and will be uploaded in the next version. > I prefer that first way, because after that maintainers of other > packages do not need to know about all those implementations of locate. Right! > Well, maybe that would be too radical. But at least it is stupid to > force users to install less secure software, when there are more secure > alternatives available. I do not have any preference for locate vs. mlocate. If mlocate provides a better implementation over locate, I do not see a reason why we can't change the dependency. BTW, Adeodato mentioned previously that the default locate package is not insecure. raju
