Web lists-archives.com

Depends/Recommends from libraries




Hi, mortals and paultag!

I'd like to discuss (and then propose to -policy) the following rule:

# Libraries which don't provide a convenient means of conditionally loading
# at runtime (this includes most libraries for languages such as C), SHOULD
# NOT declare a "Depends:" or "Recommends:" relationship, directly or
# indirectly, on packages containing anything more than dormant files. 
# Those include, among others, daemons, executables in $PATH, etc.  Any such
# relationship should be instead declared by programs that use the library
# in question -- it is up to them to decide how important the relationship
# is.

It is one of two low-hanging fruits for debloating installs (the other one
being not elevating priority of dependencies).  The problem has seen some
discussion before in a thread starting at
https://lists.debian.org/debian-devel/2016/04/msg00157.html
but no better solution has been proposed so far.

It'd help disarm dependency chains such as:
    xfce4-power-manager -> upower -> libimobiledevice4 -> usbmuxd
ie, wanting XFCE currently pulls in a daemon that's of no use to anyone not
using a piece of iJunk (and what it even has to do with power management?).

Other prominent examples include:
    openssh-server -> libwrap1 -> tcpd
using tcpd for ssh is a very niche use.

    e2fsprogs -> libuuid1 -> uuid-runtime
that daemon is useful only if you need to rapidly generate MANY uuids.  Not
just a single uuid per filesystem.  If your package actually needs that, it
can declare the dependency itself, like ceph-base does.


Technically, such a rule wouldn't even change current wording of Policy
7.2., merely its interpretation: a library typically doesn't by itself need
anything beyond libraries it's linked against; requirements such as a
running daemon happen only when a program that uses the library calls one of
its functions.  And then, for some programs that function might be indeed
vital, while for others its only an extremely niche optional feature,
perhaps not warranting even a Suggests:.

-- 
⢀⣴⠾⠻⢶⣦⠀ Meow!
⣾⠁⢠⠒⠀⣿⡁
⢿⡄⠘⠷⠚⠋⠀ Collisions shmolisions, let's see them find a collision or second
⠈⠳⣄⠀⠀⠀⠀ preimage for double rot13!