Package Dependency Guideline for 3rd party repos (was: Some thoughts on Audacious in Fedora)

Michael Schwendt mschwendt at
Wed Feb 2 22:22:15 UTC 2011

It is the responsibility of 3rd party package repositories, which _depend_
on Fedora packages, to tighten up the RPM dependencies beyond those added
by rpmbuild.

This is particularly important, if the 3rd party _cannot_ prepare updates
based on Fedora's Test Updates found in the updates-testing repo.

For example, automatic dependencies on library SONAMEs may not be sufficient
because some libraries don't become incompatible often enough, but other
details in a package may change:
A 3rd party package may depend on specific filesystem paths to store stuff
in, on availability of specific executables to run within scripts or code,
on specific command-line options, or on ABIs not covered by rpmbuild's
automatic dependencies - such as plugin/module header structures. Not
all of such dependencies may be known before breakage is discovered.

Fedora _may_ publish a version upgrade (minor or major) occasionally,
which would need the 3rd party to releases updates, too. Even if announced
properly, if the 3rd party must first wait for Fedora's updates to be released
into the stable updates repo, it would need to be the 3rd party packages
to cause a broken RPM dependency. A strong dependency that blocks Fedora's
update from being installed till the 3rd party updates are made available,

As a last resort, the dependency could even require a specific package
%name and %version, even if that may be too strict temporarily and
would result in more rebuilds than necessary.

Fedora updates-testing:

Where a Fedora Test Update breaks 3rd party packages (especially if
announced before for Rawhide and the stable dist release), it is the
3rd party package provider's responsibility to request a work-around,
if they consider the breakage inacceptable. It could also be the 3rd
party repo's users to request a work-around for the sake of not breaking
installed software, not even temporarily.
The work-around could be based on a comment in the Fedora Updates System
requesting to wait for a 3rd party package update that adds a strong
dependency first. Once that dependency would be available, Fedora could
release its updates that could not be installed due to the dependency
in the 3rd party packages. It then would be up to the 3rd party to
prepare the needed updates/rebuilds.

More information about the devel mailing list