Bug#342923: [Pkg-shadow-devel] Bug#342923: passwd should depend on libpam-runtime (>= 0.76-14)

Sun Dec 11 20:11:18 UTC 2005

On Sun, Dec 11, 2005 at 08:07:07PM +0100, Christian Perrier wrote:
> passwd and libpam-runtime are both required packages. The versions in
> sarge, especially for libpam-runtime, fit the above requirement.
> 
> I'm not sure that partial upgrades to sarge have to be supported so I'm very
> tempted to close this bug report. If you upgrade a woody system,
> please follow the suggested upgrade path by using "aptitude
> dist-upgrade". Then passwd will work as expected.
> 
> Anyway, this is not enough to motivate an update in sarge, so if the
> bug is not closed because someone brings a new argument for not
> closing it, it will be tagged "sarge" and marked "wontfix".

It does sound reasonable to me that, on its own, this problem is not
sufficient to warrant a new package in the stable release.  I would
suggest making the fix in unstable, if needed, in any case.  For stable,
you could make the fix in your local source tree, but not upload a new
version of the package.  Instead, leave it until you have to upload
a new version for some other reason, and then you can include the fix
for this bug for free.  The fact that a version rev in stable is not
warranted does not make this not a bug.

One of the things I particularly like about Debian is that it *is*
possible to upgrade systems piecemeal, and that (barring bugs)
packages *do* have properly specified dependencies.  There are implicit
(unversioned) dependencies on packages which are "Essential: yes", but
pretty much every other dependency is made explicit.  When an implicit
dependency is not enough, it can be supplemented with an explicit
versioned dependency.  The fact that Debian (used to) actually care about
things being correct, robust, elegant, etc is one of my big reasons for
using it.

On a practical level, the lack of this versioned dependency means that,
even in the recommended upgrade procedure, passwd may be upgraded before
libpam-runtime.  If that happened and the upgrade was interrupted for
any reason, the system would end up with a broken passwd.  That strikes
me as *bad*.

Personally, I never use "dist-upgrade", except to find out what it would
do and then refuse the actual upgrade.  I've never been entirely happy
with what I've seen, either; apt has usually wanted to remove packages
I didn't want removed.  I prefer, especially with critical production
machines, to upgrade just a few packages at a time.  That way I don't
have to make a hugely long list of notes about everything I've seen
during the upgrade process that I'm concerned about; I can investigate
each potential problem almost immediately.  I'd also be worried, if I
did a dist-upgrade, that daemons might be stopped for a rather long time
during the upgrade, which could be a serious problem.  The ability to
upgrade gradually, a few packages at a time, is a *very* useful feature.
I wouldn't want something as critical as passwd broken for a potentially
long time during this kind of gradual upgrade of a production machine.

-- 
Charles Briscoe-Smith             Hacking Free Software for fun and profit
Mead error: Connection reset by beer.  -- seen on IRC