mozilla dependencies and versioned conflicts

Steve Langasek vorlon@debian.org
Sun, 22 May 2005 22:51:13 -0700


--gmYVi9rV521TEEfv
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Sun, May 22, 2005 at 02:08:48PM +0200, Alexander Sack wrote:

> > The question is, how can we be proactive about identifying the classes =
of
> > changes that do or don't break these packages, so that mozilla can be
> > checked for compatibility at the time of upload instead of having kazeh=
akase
> > and enigmail update their conflicts: after the fact?

> Hi Steve,

> I think the only way to tell this is to introspect the diff from 1.7.7 to
> 1.7.8.

Yes; question is, what are people supposed to look for? :)

> So what about enigmail? I can prepare a rebuild today? But how can we adj=
ust the
> depends in such a way that we can upload a fixed mozilla (given that we
> validated changes for incompatibility) the next time without having to ca=
re for
> enigmail and kazehakase too?

At this point, I don't believe there is a way to upload enigmail that will
avoid having to do another upload again for mozilla 1.7.9...  This is a
question for long-term strategizing of mozilla maintenance, not something
that I expect to solve the problems for sarge. :)

> I would suggest that I relax the dependency for enigmail on mozilla (and =
on
> thunderbird) so it matches all 1.7.x (1.0.x) versions? Of course, we woul=
d have
> to agree that the mozilla maintainer will check and maybe discuss the pat=
ch
> applied before uploading a security-fix the next time.

Unfortunately, I'm not confident that it's safe to relax enigmail's
dependency this much, either.  This is the problem with having dependent
packages conflict with future versions, instead of having the dependency
package (here, mozilla) declare an interface that the other packages can
depend on.

So I think the best we can do here is mozilla-enigmail Depends:
mozilla-mailnews (>=3D 2:1.7.7), mozilla-mailnews (<< 2:1.7.8.0).

Also, it looks like we again don't have all mozilla locale packages updated
for 1.7.8, and mozilla-locale-de-at will also have to be bounced from
testing to get the security fix in. :/

--=20
Steve Langasek
postmodern programmer

--gmYVi9rV521TEEfv
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)

iD8DBQFCkW9QKN6ufymYLloRAvzAAKCYU9T9/tyArsWv1fgJFzVoxwSYXgCgjuuM
CWP3ALK8Z/kztIg0l1mWg0w=
=94yN
-----END PGP SIGNATURE-----

--gmYVi9rV521TEEfv--