review request for libpst

Michael Schwendt mschwendt at gmail.com
Thu Apr 9 09:52:05 UTC 2009 

On Thu, 09 Apr 2009 18:06:57 +0900, Mamoru wrote:

> > Requires:           %{name}-libs = %{version}-%{release}
> > 
> > In the main utilities package, is this explicit dependency on the
> > library package really needed?
> > https://fedoraproject.org/wiki/Packaging/Guidelines#Requires
> 
> I have not checked this spec file in detail. however: 
> 
> When I review packages I always request submitters to write
> exact EVR specific dependency between packages rebuilt from the
> same srpm and I think this is general for Fedora packages.
> ref:
> https://fedoraproject.org/wiki/Packaging/Guidelines#RequiringBasePackage

Why?

Here "libpst" would Requires "libpst-libs" with an explicit version in
addition to the automatic SONAME dep, but all other packages that would be
linked to libpst would rely on the automatic SONAME dep.

More and more packagers even let -doc subpackages require the base
package, so one cannot install -doc packages anymore without dependency
bloat [as the base package often pulls in even further packages].

[...]

For library -devel packages there is a rationale. (Some distributors
do the exact opposite and kill explicit versioned deps on base pkgs.)

We want the contents of -devel packages to be strictly in sync with the
corresponding main library packages. Also with regard to %changelog.
Emphasis is on "strictly", because there's an automatic SONAME dependency
in a -devel pkg already. Builds done in mock don't need [and don't benefit
from] the explicit dependency.

On installed systems, however, one can run into problems without an
explicit dependency on the main library [base] package and when using
plain rpmbuild or development tools. This is because adding -devel
packages to the system would not enforce an update of the base packages.
The already installed base packages would satisfy the dependency, but
might contain bugs that cause the developer to tear his hairs till the
base packages are updated, too. Don't expect developers to run a full
"yum update" though, especially not if such an update would change
the development environment heavily (and pull in lots of version upgrades,
for example). So, when someone runs "yum install foo-devel" he shall
get the matching release of "foo" even if an older ABI/API-compatible
one is installed already. The older one may malfunction at run-time,
whereas the matching one contains the needed bug-fixes. Hence the
explicit Requires for -devel package users.

More information about the fedora-devel-list mailing list