On Mon, 29 Dec 2014 17:58:49 -0600 Troy Engel <troyengel+arch@gmail.com> wrote:
So, I found 4 executable/binary files installed (out of thousands - good job guys) that fail a 'ldd' check (missing shared libraries). The packages in question mark the missing libraries as 'optdepends' so they never get installed - I filed 4 bug reports, all 4 got closed as "not a bug" by the same person. I disagree with this choice as I believe it's ignoring system integrity needlessly - 4 files are installed which knowingly do not *function* (cannot launch) at all. The person who closed it even wrote "So what? Non-functional executables are not an issue here, this is the point of optional dependencies."
The wiki states "optdepends: An array of package names that are not needed for the software to function but provides additional features." OK, so per the wiki it's pretty clear - missing libs fail the function test.
The man PKGBUILD states "optdepends (array) An array of packages (and accompanying reasons) that are not essential for base functionality, but may be necessary to make full use of the contents of this package." Per this, there is a huge grey area open to interpretation.
It is my opinion this is a dangerous precedent to install binaries from an official package that are linked to shared libraries which are not required to be installed. I'm wondering why Arch considers it acceptable to just ignore the problem (which could be solved in all 4 cases by simply splitting the package for that binary and adding a proper depends).
Thoughts?
-te
[1] https://bugs.archlinux.org/task/43260 [2] https://bugs.archlinux.org/task/43261 [3[ https://bugs.archlinux.org/task/43262 [4] https://bugs.archlinux.org/task/43263
You found 4 binaries, how many more would you have found if you didn't coincidently happen to have the optional deps for them already installed? Then add in all of the number of python and perl scripts that are broken/would be broken without the optional deps. It's actually very, very ubiquitous in Arch and is the entire point of optional dependencies. If it's not required for the major functionality of the package and the software functions without it, it's optional. This isn't setting a new precedent, this has been SOP for a long time. Arch isn't Debian, every binary isn't given it's own package. Doug