Bug#874494: rebuilding libsambox-java generates unmet dependency on libsejda-io-java (>= 1.1.3.RELEASE)

Emmanuel Bourg ebourg at apache.org
Wed Sep 6 21:57:16 UTC 2017 

Le 6/09/2017 à 22:58, Markus Koschany a écrit :

> If I understand correctly the behavior changed in maven-debian-helper
> 2.2 and all Maven packages that build-depend on a package which
> specifies --has-package-version will automatically use a version
> constraint from now on?

That's correct. When --has-package-version is specified, the
debian.hasPackageVersion property is added to the pom installed in the
package. mh_installpom did that in maven-repo-helper, but not
maven-debian-helper before the version 2.2.


> Please note that --has-package-version is used
> by default when new packages are created with mh_make and I believe most
> Maven packages that I have touched use this flag in some way.

I checked mh_make, it handles this properly. The --has-package-version
flag is only added if the version of the package matches the version of
the pom.


> I can remove the --has-package-version again and work around the version
> constraint but I believe the issue is more complex. In my opinion there
> shouldn't be an automatic version constraint unless explicitly specified
> by the maintainer.

> I fear a lot more packages are affected and version
> constraints will be too strict and cause more of these issues. Do we
> really need to remove --has-package-version if we don't want a versioned
> constraint or can't we just treat --has-package-version and automatic
> version constraints differently in m-d-h to get back a more fine-grained
> control?

Intuitively I think the version constraints on the binary packages
should be picked from the version constraints of the source package (so
controlled by the maintainer). On the other hand, it's rather common to
forget versioning the build dependencies, and this --has-package-version
mechanism is often handy to prevent accidental migrations to testing of
packages that actually need another dependency still blocked for some
reason. This greatly improves the consistency of the migrations.

We probably need a lintian rule that checks if the version of the pom
matches the version of the package when --has-package-version is
specified (actually the pom version must be less than the package
version, this allows some divergences such as a package with the version
1.2.3+ds1 and the pom with the version 1.2.3). This will allow us to
easily identify and fix the packages affected.

Emmanuel Bourg

More information about the pkg-java-maintainers mailing list