Hi,

On Sat, Jul 06, 2024 at 06:29:20PM +0200, Chris Hofstaedtler wrote:
> every so often packages install different, unrelated programs into
> different directories on the PATH. This often goes unnoticed for a
> long time, thus changing it later becomes harder.
> 
> I think policy already forbids this with the existing wording in
> 10.1 - it says "filenames" and not "paths". I think this should be
> made more explicit.
> 
> Today this is *in Debian* often "only" a problem for the root user,
> which has /sbin on the default PATH. But some of our downstreams
> always have /sbin on the PATH, and it also seems adding /sbin is a
> popular customization, etc.

I welcome this change having been bitten by this myself. The current
behaviour is surprising in a bad way.

> diff --git a/policy/ch-files.rst b/policy/ch-files.rst
> index b34c183..40bfa42 100644
> --- a/policy/ch-files.rst
> +++ b/policy/ch-files.rst
> @@ -7,7 +7,9 @@ Binaries
>  --------
> 
>  Two different packages must not install programs with different
> -functionality but with the same filenames. (The case of two programs
> +functionality but with the same filenames. This also applies when they
> +are installed into different directories on the default (user or root)
> +``PATH``. (The case of two programs
>  having the same functionality but different implementations is handled
>  via "alternatives" or the "Conflicts" mechanism. See
>  :ref:`s-maintscripts` and

I second the change and the wording, but caution on the order and
timing. I recommend filing all relevant problems as a MBF prior to
changing policy. You may use dumat to gauge this problem:

SELECT * FROM content AS c1 JOIN content AS c2 JOIN package AS p1 JOIN package 
AS p2 WHERE c1.filename LIKE 'bin/%' AND c2.filename LIKE 'sbin/%' AND 's' || 
c1.filename = c2.filename AND c1.pid = p1.id AND c2.pid = p2.id AND p1.name != 
p2.name;

You may download a suitable DB from
https://subdivi.de/~helmut/dumat.sql.zst.removethis (link intentionally
broken to prevent crawlers) or generate one yourself using dumat. You
shall see less than 700 occurrences with significant repetition, so I
expect fewer than 50 bug reports. Once these bugs are filed and have
their severity upgraded to at least important, I have no objections on
including the change in policy. I do not intend to perform this work.

Helmut

Attachment: signature.asc
Description: PGP signature

Reply via email to