[prev in list] [next in list] [prev in thread] [next in thread] 

List:       debian-devel
Subject:    Re: conflicts between Debian's and upstream's Debian package
From:       Octavio Alvarez <alvarezp () alvarezp ! ods ! org>
Date:       2015-02-28 15:35:38
Message-ID: 54F1E04A.1090900 () alvarezp ! ods ! org
[Download RAW message or body]

On 02/20/2015 06:25 AM, Harald Dunkel wrote:
> Hi Daniel,
>
> On 02/20/15 13:09, Daniel Leidert wrote:
>>
>> Just to understand your problem: there is a package foo. Debian provides
>> it with version 1:A-B and upstream provides some self-compiled packages
>> with the same name under version C-D (and C-D < 1:A-B) and you want to
>> force apt to install the package from the upstream developers site.
>
> Not exactly: I want to avoid that such a mess happens again.
>
> I think its obvious that a naming conflict should be avoided.
> Having 2 source or binary packages with identical names in
> 2 independent repositories is just asking or troubles.

I don't understand how policy can help in this case. Debian can only 
have policy for its own work. Upstream's is not Debian. My take is that 
it's more a matter of configuration (or some other technical aspect) 
than policy. I explain:

Debian could have package name X based on a software piece from upstream 
U. Some version problems happen and the maintainer decides to set 
version to 1:V. and then upstream U decides to also create its own .deb 
package X without using 1:. [*]

[*] Notice that I didn't say 'Debian package', I said '.deb package'

All is well fr both *until* the user decides to add the repository for 
upstream.

The Debian repository should have higher priority than upstream's, 
mostly for security purposes, but I don't know if that's currently the 
way. Nevertheless it's the *user* that decided to manually add the 
third-party repo.

You and I can create a repo for any existing Debian package with any 
version number. If the user decides to add our repos there's nothing 
Debian can do to stop him. Our packages could even be malicious.

Then the question is not about policy. It's about how to best help the 
user handle the situation, and that is being allowed to locally raise or 
lower the priority of a package or repository for a particular set of 
packages or repositories.

> IMHO there should be a policy for the special case, that
> there is a naming conflict between upstream's source or
> binary packages, and the packages included in Debian.

Ah, naming conflict can only be stated within Debian. Going on this 
would just be repeating myself. Maybe you want to have a way to define 
different "namespaces" for particular repos, so you can distinguish them.

Let me invent something on the fly: you want to distinguish 
"debian$package" vs "upstream$package", where 'debian$' and 'upstream$' 
are repo prefixes so apt-get handles them separately. Possibly 'debian$' 
is the one by default. This doesn't exist AFAIK.

Best regards.


-- 
To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: https://lists.debian.org/54F1E04A.1090900@alvarezp.ods.org

[prev in list] [next in list] [prev in thread] [next in thread]