reject of pacemaker 1.0.9.1-2ubuntu3 binary packages

Wed Sep 15 01:42:06 BST 2010

Hi Andres,

The newly-uploaded pacemaker packages in binary NEW show the following
problems under lintian:

E: pacemaker: postinst-must-call-ldconfig usr/lib/service_crm.so
W: libpacemaker: package-name-doesnt-match-sonames libcib1 libcrmcluster1 libcrmcommon2 libpe-rules2 libpe-status2 libpengine3 libstonithd0 libtransitioner1
W: libpacemaker-dev: shlib-without-versioned-soname usr/lib/service_crm.so service_crm.so
E: libpacemaker-dev: postinst-must-call-ldconfig usr/lib/service_crm.so
W: libpacemaker-dev: package-name-doesnt-match-sonames service-crm
N: 3 tags overridden (3 warnings)

And the overridden warnings appear to include:

W: pacemaker: shlib-without-versioned-soname usr/lib/service_crm.so service_crm.so
W: pacemaker: package-name-doesnt-match-sonames service-crm

This indicates some serious problems with the library packaging here
relative to Ubuntu policy.  Among other things, you are shipping a binary
library in a -dev package (/usr/lib/service_crm.so); the same library is
also in the *runtime* package (pacemaker and libpacemaker-dev), so these
packages have an undeclared conflict; and most importantly, you've split out
a 'libpacemaker' binary package that does not conform to the standard rules
for library packages - namely, that the package name is updated for each
soname change, so that there is a unique 1:1 mapping between sonames and
library packages, different versions of the library are co-installable, and
partial upgrades of libraries and the packages depending on them are possible
across releases.

If the libraries are guaranteed to change sonames in lockstep (which seems
unlikely, since they don't currently all have the same so version), then
it's ok to include these libraries all in a single package, but the package
should be qualified with some sort of serial number in the name which
changes with each soname change.

If the libraries are not guaranteed to change soname in lockstep, then each
library that will be used from third-party packages should be placed in a
separate binary package whose name changes with the soname of that library.

If this is considered too much overhead (separate binary packages for 8
libraries is quite a lot), or there is no demand for building third-party
packages against these binaries, then the runtime libraries should probably
be merged back into the pacemaker package.

Since each of these solutions involves changes to the binary package names,
and their contents, compared to what was uploaded, and will require further
NEW processing once done, I am rejecting the binaries for this upload.

Finally, exposing these shared libraries for use by third-party packages is
an entirely new feature, but I see no FFe referenced in the changelog for
this upload.  We are well past feature freeze, so please follow the freeze
procedures for such changes.

If you have any questions, please feel free to respond to this email or
catch me on IRC, and feel free as well to ping me directly when there is
another upload that you want reviewed.

Thanks,
-- 
Steve Langasek                   Give me a lever long enough and a Free OS
Debian Developer                   to set it on, and I can move the world.
Ubuntu Developer                                    http://www.debian.org/
slangasek at ubuntu.com                                     vorlon at debian.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 828 bytes
Desc: Digital signature
Url : https://lists.ubuntu.com/archives/ubuntu-archive/attachments/20100914/3e7167a4/attachment.pgp 