To Require or not to Require?

[Michael Schwendt]

On Fri, 12 Aug 2011 17:30:10 +0100, MG (Matthew) wrote:

> On Fri, Aug 12, 2011 at 09:26:33AM -0700, Toshio Kuratomi wrote:
> > On Fri, Aug 12, 2011 at 04:40:20PM +0100, Matthew Garrett wrote:
> > > Upstream can change the ABI as much as they want without bumping the 
> > > SONAME providing that the old interfaces are also present. It's entirely 
> > > possible to end up with a situation where external binaries built 
> > > against 1.0.1 won't run on 1.0.0 - the problem isn't limited to 
> > > subpackages.
> > > 
> > Sure.  But in this case, upstream isn't changing the public ABI.
> > 
> > It's a different level of mistake that's being practiced here.
> 
> What difference does it make? Even if you stick to the public ABI you 
> can't guarantee that a matching SONAME is sufficient. You need to depend 
> on the package version you build against.

With the difference that a library subpackage dependency can be _exact_
always, being an "equal to" dependency on full NEVR and staying correct
throughout the lifetime of this package set.

On the contrary, any separate package could at most depend on a library
package with a ">=" dependency on full NEV (or NEVR), or else a minor
version upgrade of the lib would break that dependency already. The
dependency would still only be a snapshot made at some point in time,
which would not be refreshed with updates of the library package, and
which would still not protect against unexpected accidental ABI/API
changes in future library updates -- and not against Epoch bumps either
(e.g. with an Epoch bump, 1.0.0 suddenly would be larger than 1.0.1 as
required by the external program package).

An "equal to" dep on full NEVR (not even NEV might suffice) would be an
expensive work-around only, because it forces packages to be rebuilt for
every minor lib update.