mozilla dependencies and versioned conflicts

[Steve Langasek]

--jx/LfW4V5TfZLeq7
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

Hi folks,

It looks like the security-fix-only new upstream version of mozilla, 1.7.8,
has blocked again on kazehakase and enigmail (and probably on locale
packages, but I haven't gotten there yet) because the sarge versions of
these packages conflict with mozilla-browser (>=3D 2:1.7.8).

The solution offered by kazehakase in unstable is a new upstream version.

$ debdiff k/kazehakase/kazehakase_0.2.{6-2,7-1}.dsc | wc -l
  25040
$=20

And for enigmail, there currently is no solution available, other than
removing the package from sarge.

Remember, mozilla-browser 1.7.8 was a *security fix*.  There should not be
any changes in that upload which affect kazehakase or enigmail, AFAICT, yet
the way the package relationships are structured leaves no option other
than a re-upload of all dependent packages whenever a new upstream version
comes out.  The release team has been doing the necessary fiddling to get
these packages into testing every time, but now that we're in a freeze it's
particularly ugly to do this.

I've approved kazehakase 0.2.7-1 to go into sarge, but I'm not happy about
doing so.  There really must be a better answer for mozilla dependency
handling, mustn't there?  What can we do to track the actual exported
interfaces required by these packages, so that this isn't an issue again for
etch?

Thanks,
--=20
Steve Langasek
postmodern programmer

--jx/LfW4V5TfZLeq7
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)

iD8DBQFCkD/yKN6ufymYLloRAuvCAJ9Bf42+lwkjLyUm0vbgIsuMdnkvAQCgr/j7
biRJpmXpTHQxoBBj8+1CCS0=
=k11f
-----END PGP SIGNATURE-----

--jx/LfW4V5TfZLeq7--