[Pkg-db-devel] libdb-dev considered harmful

Clint Adams schizo at debian.org
Sat Oct 6 11:24:52 UTC 2007


On Sat, Oct 06, 2007 at 01:17:36PM +0200, Florian Weimer wrote:
> I don't like the package at all.  Here's the scenario I'm particularly
> worried about: Suppose we release a security update for lenny, and the
> package build-depends on libdb-dev.  The package in the archive has been
> build last against Berkeley DB 4.6, but in the meantime, a new Berkeley
> DB release occurred, and a new db package has been uploaded.  As a
> result, the security update will be built against Berkeley DB 4.7, with
> unknown results.
> 
> If the plan is to rebuild all packages depending on an older version of
> Berkeley DB before a newer one can hit testing, this issue does not show
> up.  But I'm not sure if this is really the way to go.

Do you have a better way to reduce the number of BDB versions in the
archive to 1 per release?



More information about the Pkg-db-devel mailing list