[Fedora-packaging] Reviewing explicit Requires

Michael Schwendt mschwendt at gmail.com
Sun Jan 18 12:42:25 UTC 2009

On Fri, 16 Jan 2009 09:52:29 -0500, Tom wrote:

> On Fri, 2009-01-16 at 11:41 +0100, Michael Schwendt wrote:
> > Does anyone remember where the paragraph has gone, which commented on
> > the badness of explicit dependencies on package names?
> I'm not sure there was ever such a paragraph. Would you like to propose
> one?

SHOULD: Reviewer should examine an RPM package's list of dependencies and
(1) eliminate superfluous explicit ''Requires'' within the spec file and
(2) ensure that any non-superfluous or versioned explicit ''Requires'' are
explained in comments in the spec file.

In particular, we rely on rpmbuild's automatically added dependencies on
library SONAMEs. Modern package management tools are capable of resolving
such dependencies to determine the required packages.
Explicit dependencies on specific package names may aid the inexperienced
user, who attempts at installing RPM packages manually. However, history
has shown that such dependencies add confusion when library/files are
moved from one package to another, when packages get renamed, when one out
of multiple alternative packages would suffice, and when versioned
explicit dependencies become out-of-date and inaccurate.
Additionally, in some cases, old explicit dependencies on package
names require unnecessary updates/rebuilds (for example, after renaming
a packge, virtual package names are not kept forever).

Exemplary rationale for a versioned explicit dependency:

  # The automatic dependency on libfubar.so.1 is insufficient,
  # as we strictly need at least the release that fixes two segfaults.
  Requires: libfubar >= 0:1.2.3-7

Packager should revisit an explicit versioned dependency as appropriate
to avoid that it becomes inaccurate and superfluous.

More information about the Fedora-packaging mailing list