Bug#527980: Please provide upgrade path from libphysfs-1.0-0 to libphysfs1

Barry deFreese bdefreese at verizon.net
Sun May 10 18:19:01 UTC 2009 

Artur R. Czechowski wrote:
> On Sun, May 10, 2009 at 09:10:53AM -0400, Barry deFreese wrote:
>   
>> Artur R. Czechowski wrote:
>>     
>>> Please provide upgrade path from libphysfs-1.0-0 to libphysfs1.
>>> In current setup replacing libphysfs-1.0-0 with libphysfs1 requires user's
>>> manual intervention.
>>>       
>> libphysfs1 Provides libphysfs-1.0.0 and has the symlink from 1.0.so.0 to 
>> .so.2.0.0.  I tested this with several packages.  What type of 
>> intervention are you seeing?
>>     
>
> Barry,
>
> Please consider following scenario.
>
> User had installed any paackage (let's say, balder2d), depending on
> libphysfs-1.0-0. So, real package libphysfs-1.0-0 is installed too.
> Next, libphysfs-1.0-0 disappeared and new package libphysfs1 is uploaded.
> Of course, it provides virtual package libphysfs-1.0-0, but relation:
> balder2d depends on libphysfs-1.0-0 is fullfilled - the latest one is
> still installed. So, package manager has no reason to replace this
> package with libphysfs1. We have a situation where user has installed
> unavailable and unmaintained package. At least unless one manually install
> libphysfs1.
>
> In case of serious error (let's say: security related) found in
> libphysfs-1.0-0 user have vulnerable package. Even if you release
> fixed libphysfs1 it wont be installed.
>
> Yes, there is the worst scenario I can imagine, but one can say it is
> able to happen.
>
> As I written in my initial bugreport there are two solution:
> 1) force user to automatically replace libphysfs-1.0-0 with libphysfs1
>    via dummy package;
> 2) ask maintainers of depending packages to rebuild them to pull
>    dependency on libphysfs1 from current shlibs.
>
> As you noticed initial bug is submitted as a wishlist - there is no
> threat at the moment. But please consider to resolve the problem.
> Being in your shoes I would choose option 2 - asking maintainers to
> rebuild packages at their convenience. I also volunteer for submitting
> bugreports to proper maintainer if you agree.
>
> Regards
> 	Artur
>
>
>   
Artur,

If you feel like filing the bugs, please go ahead.  I may do 
libparagui1.1 myself and for asc I have a new upstream packaged but I'm 
working on trying to remove the internal libraries from it.

Thanks,

Barry

More information about the Pkg-games-devel mailing list