Debian Bug report logs - #620566
dpkg: "version number does not start with digit" is in

version graph

Package: dpkg; Maintainer for dpkg is Dpkg Developers <debian-dpkg@lists.debian.org>; Source for dpkg is src:dpkg.

Reported by: Christian Hofstaedtler <ch@grml.org>

Date: Sat, 2 Apr 2011 20:00:01 UTC

Severity: normal

Tags: wontfix

Found in version dpkg/1.16.0

Done: Guillem Jover <guillem@debian.org>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, Dpkg Developers <debian-dpkg@lists.debian.org>:
Bug#620566; Package dpkg. (Sat, 02 Apr 2011 20:00:04 GMT) Full text and rfc822 format available.

Acknowledgement sent to Christian Hofstaedtler <ch@grml.org>:
New Bug report received and forwarded. Copy sent to Dpkg Developers <debian-dpkg@lists.debian.org>. (Sat, 02 Apr 2011 20:00:04 GMT) Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: Christian Hofstaedtler <ch@grml.org>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: dpkg: "version number does not start with digit" is in contrast to policy
Date: Sat, 02 Apr 2011 21:28:08 +0200
Package: dpkg
Version: 1.16.0
Severity: important
Tags: sid

Hi,

dpkg 1.16.0 appears to refuse to install packages which have a Version:
field which does not start with a digit.

The Debian policy currently states:
The upstream_version may contain only alphanumerics[33] and the
characters . + - : ~ (full stop, plus, hyphen, colon, tilde) and *should*
start with a digit.

I don't see why this would forbid versions starting with an
anlphanumeric character.

Either dpkg should again install packages with such Version: fields, or
the policy should be changed to reflect this new requirement.

Thank you,
Christian Hofstaedtler


-- System Information:
Debian Release: 6.0.1
  APT prefers squeeze-updates
  APT policy: (500, 'squeeze-updates'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.32-5-openvz-amd64 (SMP w/16 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash




Information forwarded to debian-bugs-dist@lists.debian.org, Dpkg Developers <debian-dpkg@lists.debian.org>:
Bug#620566; Package dpkg. (Sun, 03 Apr 2011 03:12:07 GMT) Full text and rfc822 format available.

Acknowledgement sent to Guillem Jover <guillem@debian.org>:
Extra info received and forwarded to list. Copy sent to Dpkg Developers <debian-dpkg@lists.debian.org>. (Sun, 03 Apr 2011 03:12:07 GMT) Full text and rfc822 format available.

Message #10 received at 620566@bugs.debian.org (full text, mbox):

From: Guillem Jover <guillem@debian.org>
To: Christian Hofstaedtler <ch@grml.org>, 620566@bugs.debian.org
Subject: Re: Bug#620566: dpkg: "version number does not start with digit" is in contrast to policy
Date: Sun, 3 Apr 2011 05:03:47 +0200
[Message part 1 (text/plain, inline)]
reassign 620566 debian-policy
severity 620566 normal
tags 620566 patch
retitle 620566 Sync upstream version format with what dpkg accepts now
thanks

On Sat, 2011-04-02 at 21:28:08 +0200, Christian Hofstaedtler wrote:
> Package: dpkg
> Version: 1.16.0
> Severity: important
> Tags: sid

> dpkg 1.16.0 appears to refuse to install packages which have a Version:
> field which does not start with a digit.

This is in line with the recent changes to properly parse and validate
the data dpkg has to handle.

> The Debian policy currently states:
> The upstream_version may contain only alphanumerics[33] and the
> characters . + - : ~ (full stop, plus, hyphen, colon, tilde) and *should*
> start with a digit.
> 
> I don't see why this would forbid versions starting with an
> anlphanumeric character.

Well, while I generally agree dpkg does not need to be as strict as
policy when it might make sense to be laxer outside Debian, in this
case I don't see the point in allowing the version to start with an
alphabetic character. This is an interface other software rely on,
and expect it to be as specified, so making sure dpkg validates and
disallows bogus values seems the correct thing to do.

> Either dpkg should again install packages with such Version: fields, or
> the policy should be changed to reflect this new requirement.

Then I guess this is a request to change the ‘should’ to a ‘must’.
Attached patch against policy master.

thanks,
guillem
[policy-upstream-version-first-char.patch (text/x-diff, attachment)]

Bug reassigned from package 'dpkg' to 'debian-policy'. Request was from Guillem Jover <guillem@debian.org> to control@bugs.debian.org. (Sun, 03 Apr 2011 03:12:09 GMT) Full text and rfc822 format available.

Bug No longer marked as found in versions dpkg/1.16.0. Request was from Guillem Jover <guillem@debian.org> to control@bugs.debian.org. (Sun, 03 Apr 2011 03:12:10 GMT) Full text and rfc822 format available.

Severity set to 'normal' from 'important' Request was from Guillem Jover <guillem@debian.org> to control@bugs.debian.org. (Sun, 03 Apr 2011 03:12:11 GMT) Full text and rfc822 format available.

Added tag(s) patch. Request was from Guillem Jover <guillem@debian.org> to control@bugs.debian.org. (Sun, 03 Apr 2011 03:12:11 GMT) Full text and rfc822 format available.

Changed Bug title to 'Sync upstream version format with what dpkg accepts now' from 'dpkg: "version number does not start with digit" is in contrast to policy' Request was from Guillem Jover <guillem@debian.org> to control@bugs.debian.org. (Sun, 03 Apr 2011 03:12:12 GMT) Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, Debian Policy List <debian-policy@lists.debian.org>:
Bug#620566; Package debian-policy. (Sun, 03 Apr 2011 08:21:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to Julien Cristau <jcristau@debian.org>:
Extra info received and forwarded to list. Copy sent to Debian Policy List <debian-policy@lists.debian.org>. (Sun, 03 Apr 2011 08:21:03 GMT) Full text and rfc822 format available.

Message #25 received at 620566@bugs.debian.org (full text, mbox):

From: Julien Cristau <jcristau@debian.org>
To: Guillem Jover <guillem@debian.org>, 620566@bugs.debian.org
Cc: Christian Hofstaedtler <ch@grml.org>
Subject: Re: Bug#620566: dpkg: "version number does not start with digit" is in contrast to policy
Date: Sun, 3 Apr 2011 10:16:47 +0200
Full quoting because you didn't cc the policy list when reassigning...

On Sun, Apr  3, 2011 at 05:03:47 +0200, Guillem Jover wrote:

> reassign 620566 debian-policy
> severity 620566 normal
> tags 620566 patch
> retitle 620566 Sync upstream version format with what dpkg accepts now
> thanks
> 
> On Sat, 2011-04-02 at 21:28:08 +0200, Christian Hofstaedtler wrote:
> > Package: dpkg
> > Version: 1.16.0
> > Severity: important
> > Tags: sid
> 
> > dpkg 1.16.0 appears to refuse to install packages which have a Version:
> > field which does not start with a digit.
> 
> This is in line with the recent changes to properly parse and validate
> the data dpkg has to handle.
> 
> > The Debian policy currently states:
> > The upstream_version may contain only alphanumerics[33] and the
> > characters . + - : ~ (full stop, plus, hyphen, colon, tilde) and *should*
> > start with a digit.
> > 
> > I don't see why this would forbid versions starting with an
> > anlphanumeric character.
> 
> Well, while I generally agree dpkg does not need to be as strict as
> policy when it might make sense to be laxer outside Debian, in this
> case I don't see the point in allowing the version to start with an
> alphabetic character. This is an interface other software rely on,
> and expect it to be as specified, so making sure dpkg validates and
> disallows bogus values seems the correct thing to do.
> 
I don't see the point in disallowing these versions in dpkg, they won't
cause any problem anywhere, they're just discouraged by policy...  Maybe
we want dak to forbid them, but that's a different thing.

> > Either dpkg should again install packages with such Version: fields, or
> > the policy should be changed to reflect this new requirement.
> 
> Then I guess this is a request to change the ‘should’ to a ‘must’.
> Attached patch against policy master.
> 
> thanks,
> guillem

> diff --git a/policy.sgml b/policy.sgml
> index 6e04c81..ed10580 100644
> --- a/policy.sgml
> +++ b/policy.sgml
> @@ -3125,7 +3125,7 @@ Package: libc6
>  	          </footnote>
>  	          and the characters <tt>.</tt> <tt>+</tt> <tt>-</tt>
>  	          <tt>:</tt> <tt>~</tt> (full stop, plus, hyphen, colon,
> -	          tilde) and should start with a digit.  If there is no
> +	          tilde) and must start with a digit.  If there is no
>  	          <var>debian_revision</var> then hyphens are not allowed;
>  	          if there is no <var>epoch</var> then colons are not
>  	          allowed.

Cheers,
Julien




Information forwarded to debian-bugs-dist@lists.debian.org, Debian Policy List <debian-policy@lists.debian.org>:
Bug#620566; Package debian-policy. (Sun, 03 Apr 2011 15:54:15 GMT) Full text and rfc822 format available.

Acknowledgement sent to Thorsten Glaser <tg@debian.org>:
Extra info received and forwarded to list. Copy sent to Debian Policy List <debian-policy@lists.debian.org>. (Sun, 03 Apr 2011 15:54:17 GMT) Full text and rfc822 format available.

Message #30 received at 620566@bugs.debian.org (full text, mbox):

From: Thorsten Glaser <tg@debian.org>
To: 620566@bugs.debian.org
Subject: Re: dpkg: "version number does not start with digit" is in contrast to policy
Date: Sun, 3 Apr 2011 15:35:22 +0000 (UTC)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA384

Guillem Jover dixit…

>  	          <tt>:</tt> <tt>~</tt> (full stop, plus, hyphen, colon,
> -	          tilde) and should start with a digit.  If there is no
> +	          tilde) and must start with a digit.  If there is no
>  	          <var>debian_revision</var> then hyphens are not allowed;

+1 (especially considering how version n̲u̲m̲b̲e̲r̲ comparision works)

bye,
//mirabilos
- -- 
Sometimes they [people] care too much: pretty printers [and syntax highligh-
ting, d.A.] mechanically produce pretty output that accentuates irrelevant
detail in the program, which is as sensible as putting all the prepositions
in English text in bold font.	-- Rob Pike in "Notes on Programming in C"
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (MirBSD)

iQIVAwUBTZiTxna1NLLpkAfgAQkmCxAAkpSxV8K+E+jYAqxk7F2Ow0K2bQ/ajryr
H3shjfygxSowSHEXzuC6edkQiZfIJsFLwuMkFYDgq+HTrXgMRhWUHdVkq70Q68KW
qQkk3M6tgauRMjH/De/SIhnCSo4xUH0umNaMdaK5qaobDpssG8R/Wg68ETyr/lZy
3DfW0kMwJpaYH6MW2hiLUNiJcP0FttMqRjOd9s4kjWU6/7/rADYHr/o0yjz+lk0Q
tRebUjBuMPi/kZQHjep1jACKQjuIDU0QM/PMBuf6EerJnhJUu3GcVBCthyZAnhUW
YyEN7By2s2o+/ZBIjSSu7bvYP/hgwV4SrMx5HAqMxYzWCUvYBFfIFvmg9K3DViCB
d+YQFMP1L/bHdR0LtSmklvINCBDfDdrceF62LG6ltWEApsDWjFKSOUJgf9y7P/vv
/j9J/JYodc8pNYPuG2/KIJWH6vdlDy59TeMzFzAd2vebBdOyZ2SZ0+UBUh9nUm1u
kRf6gNy2nzmdXGmlcdAbNDvJslCOL7e++WgcyGwa7PjXspJUW83c188sDvP1GikU
oQz+1tRZbwiE+nIIuu8muukfzNibKFEMkbeoGemSn+O5Z24eSHMvMWIX/ZorixtH
+CWSF9wl3IJMflf/jxk941rx7MRCTKjQ3yAJVrLw0SoP5qb07E0maxYLv19ZBnrQ
eIu/T5T+phU=
=Ck2S
-----END PGP SIGNATURE-----




Information forwarded to debian-bugs-dist@lists.debian.org, Debian Policy List <debian-policy@lists.debian.org>:
Bug#620566; Package debian-policy. (Sun, 03 Apr 2011 21:21:02 GMT) Full text and rfc822 format available.

Acknowledgement sent to Michael Prokop <mika@debian.org>:
Extra info received and forwarded to list. Copy sent to Debian Policy List <debian-policy@lists.debian.org>. (Sun, 03 Apr 2011 21:21:03 GMT) Full text and rfc822 format available.

Message #35 received at 620566@bugs.debian.org (full text, mbox):

From: Michael Prokop <mika@debian.org>
To: Julien Cristau <jcristau@debian.org>, 620566@bugs.debian.org
Subject: Re: Bug#620566: dpkg: "version number does not start with digit" is in contrast to policy
Date: Sun, 3 Apr 2011 23:06:21 +0200
[Message part 1 (text/plain, inline)]
* Julien Cristau [Son Apr 03, 2011 at 10:16:47 +0200]:
> On Sun, Apr  3, 2011 at 05:03:47 +0200, Guillem Jover wrote:
> > On Sat, 2011-04-02 at 21:28:08 +0200, Christian Hofstaedtler wrote:

> > > dpkg 1.16.0 appears to refuse to install packages which have a Version:
> > > field which does not start with a digit.

> > This is in line with the recent changes to properly parse and validate
> > the data dpkg has to handle.

> > > The Debian policy currently states:
> > > The upstream_version may contain only alphanumerics[33] and the
> > > characters . + - : ~ (full stop, plus, hyphen, colon, tilde) and *should*
> > > start with a digit.

> > > I don't see why this would forbid versions starting with an
> > > anlphanumeric character.

> > Well, while I generally agree dpkg does not need to be as strict as
> > policy when it might make sense to be laxer outside Debian, in this
> > case I don't see the point in allowing the version to start with an
> > alphabetic character. This is an interface other software rely on,
> > and expect it to be as specified, so making sure dpkg validates and
> > disallows bogus values seems the correct thing to do.

> I don't see the point in disallowing these versions in dpkg, they won't
> cause any problem anywhere, they're just discouraged by policy...  Maybe
> we want dak to forbid them, but that's a different thing.

Yeah, actually the change is breaking existing packages which used
to work just fine (disclaimer: no, the ones I'm talking about aren't
available in the official Debian pool).

I understand the change but a timeframe for upgrading would be nice
with warnings instead of erroring out.

regards,
-mika-
[signature.asc (application/pgp-signature, inline)]

Removed tag(s) sid. Request was from kurt@roeckx.be (Kurt Roeckx) to control@bugs.debian.org. (Sun, 03 Apr 2011 22:45:03 GMT) Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, Debian Policy List <debian-policy@lists.debian.org>:
Bug#620566; Package debian-policy. (Mon, 04 Apr 2011 03:18:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to Russ Allbery <rra@debian.org>:
Extra info received and forwarded to list. Copy sent to Debian Policy List <debian-policy@lists.debian.org>. (Mon, 04 Apr 2011 03:18:03 GMT) Full text and rfc822 format available.

Message #42 received at 620566@bugs.debian.org (full text, mbox):

From: Russ Allbery <rra@debian.org>
To: 620566@bugs.debian.org, Guillem Jover <guillem@debian.org>, Christian Hofstaedtler <ch@grml.org>
Subject: Re: Bug#620566: dpkg: "version number does not start with digit" is in contrast to policy
Date: Sun, 03 Apr 2011 20:07:57 -0700
Julien Cristau <jcristau@debian.org> writes:
> On Sun, Apr  3, 2011 at 05:03:47 +0200, Guillem Jover wrote:

>> Well, while I generally agree dpkg does not need to be as strict as
>> policy when it might make sense to be laxer outside Debian, in this
>> case I don't see the point in allowing the version to start with an
>> alphabetic character. This is an interface other software rely on, and
>> expect it to be as specified, so making sure dpkg validates and
>> disallows bogus values seems the correct thing to do.

> I don't see the point in disallowing these versions in dpkg, they won't
> cause any problem anywhere, they're just discouraged by policy...  Maybe
> we want dak to forbid them, but that's a different thing.

I'm not a fan of having DAK reject things that Policy says are allowed.
The primary purpose of Policy is to document the requirements for the
Debian archive, so if the Debian archive doesn't allow something, Policy
should say that.  Otherwise, it's just confusing.  Out-of-archive packages
are always allowed (and sometimes expected) to ignore bits of Policy.

I think we should either allow it or not allow it, but Policy and DAK
should agree.

-- 
Russ Allbery (rra@debian.org)               <http://www.eyrie.org/~eagle/>




Information forwarded to debian-bugs-dist@lists.debian.org, Debian Policy List <debian-policy@lists.debian.org>:
Bug#620566; Package debian-policy. (Mon, 04 Apr 2011 03:21:02 GMT) Full text and rfc822 format available.

Acknowledgement sent to Russ Allbery <rra@debian.org>:
Extra info received and forwarded to list. Copy sent to Debian Policy List <debian-policy@lists.debian.org>. (Mon, 04 Apr 2011 03:21:02 GMT) Full text and rfc822 format available.

Message #47 received at 620566@bugs.debian.org (full text, mbox):

From: Russ Allbery <rra@debian.org>
To: 620566@bugs.debian.org, Michael Prokop <mika@debian.org>
Subject: Re: Bug#620566: dpkg: "version number does not start with digit" is in contrast to policy
Date: Sun, 03 Apr 2011 20:12:03 -0700
Michael Prokop <mika@debian.org> writes:

> Yeah, actually the change is breaking existing packages which used to
> work just fine (disclaimer: no, the ones I'm talking about aren't
> available in the official Debian pool).

> I understand the change but a timeframe for upgrading would be nice with
> warnings instead of erroring out.

I think this is more an objection to the dpkg change than to the Policy
change, correct?  Policy doesn't govern out-of-archive packages, and I
think it's reasonable to just forbid version numbers starting with a
letter in the Debian archive rather than saying "should not" about
something that's syntactical.

My inclination is to second this, but I want to make sure that we've
answered your and Julien's objections first.

-- 
Russ Allbery (rra@debian.org)               <http://www.eyrie.org/~eagle/>




Information forwarded to debian-bugs-dist@lists.debian.org, Debian Policy List <debian-policy@lists.debian.org>:
Bug#620566; Package debian-policy. (Mon, 04 Apr 2011 03:33:13 GMT) Full text and rfc822 format available.

Acknowledgement sent to Cyril Brulebois <kibi@debian.org>:
Extra info received and forwarded to list. Copy sent to Debian Policy List <debian-policy@lists.debian.org>. (Mon, 04 Apr 2011 03:33:13 GMT) Full text and rfc822 format available.

Message #52 received at 620566@bugs.debian.org (full text, mbox):

From: Cyril Brulebois <kibi@debian.org>
To: Russ Allbery <rra@debian.org>, 620566@bugs.debian.org
Cc: Guillem Jover <guillem@debian.org>, Christian Hofstaedtler <ch@grml.org>
Subject: Re: Bug#620566: dpkg: "version number does not start with digit" is in contrast to policy
Date: Mon, 4 Apr 2011 05:31:12 +0200
[Message part 1 (text/plain, inline)]
Russ Allbery <rra@debian.org> (03/04/2011):
> I'm not a fan of having DAK reject things that Policy says are
> allowed.

Neither am I.

> I think we should either allow it or not allow it, but Policy and
> DAK should agree.

Yes, pretty please.

KiBi.
[signature.asc (application/pgp-signature, inline)]

Information forwarded to debian-bugs-dist@lists.debian.org, Debian Policy List <debian-policy@lists.debian.org>:
Bug#620566; Package debian-policy. (Mon, 04 Apr 2011 07:06:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to Raphael Hertzog <hertzog@debian.org>:
Extra info received and forwarded to list. Copy sent to Debian Policy List <debian-policy@lists.debian.org>. (Mon, 04 Apr 2011 07:06:03 GMT) Full text and rfc822 format available.

Message #57 received at 620566@bugs.debian.org (full text, mbox):

From: Raphael Hertzog <hertzog@debian.org>
To: Russ Allbery <rra@debian.org>, 620566@bugs.debian.org
Cc: Michael Prokop <mika@debian.org>
Subject: Re: Bug#620566: dpkg: "version number does not start with digit" is in contrast to policy
Date: Mon, 4 Apr 2011 08:54:26 +0200
On Sun, 03 Apr 2011, Russ Allbery wrote:
> My inclination is to second this, but I want to make sure that we've
> answered your and Julien's objections first.

And for complete reference, dpkg accepts those version in
/var/lib/dpkg/status (so that dpkg still works for users with affected
packages installed) but will not a accept to install a .deb with a bad
version anymore.

Cheers,
-- 
Raphaël Hertzog ◈ Debian Developer

Follow my Debian News ▶ http://RaphaelHertzog.com (English)
                      ▶ http://RaphaelHertzog.fr (Français)




Information forwarded to debian-bugs-dist@lists.debian.org, Debian Policy List <debian-policy@lists.debian.org>:
Bug#620566; Package debian-policy. (Mon, 04 Apr 2011 07:27:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to Jonathan Nieder <jrnieder@gmail.com>:
Extra info received and forwarded to list. Copy sent to Debian Policy List <debian-policy@lists.debian.org>. (Mon, 04 Apr 2011 07:27:03 GMT) Full text and rfc822 format available.

Message #62 received at 620566@bugs.debian.org (full text, mbox):

From: Jonathan Nieder <jrnieder@gmail.com>
To: 620566@bugs.debian.org
Cc: Raphael Hertzog <hertzog@debian.org>, Michael Prokop <mika@debian.org>
Subject: Re: dpkg: "version number does not start with digit" is in contrast to policy
Date: Mon, 4 Apr 2011 02:23:25 -0500
Raphael Hertzog wrote:
> On Sun, 03 Apr 2011, Russ Allbery wrote:

>> My inclination is to second this, but I want to make sure that we've
>> answered your and Julien's objections first.
>
> And for complete reference, dpkg accepts those version in
> /var/lib/dpkg/status (so that dpkg still works for users with affected
> packages installed) but will not a accept to install a .deb with a bad
> version anymore.

One possibility would be to mandate in policy that:

1. upstream_version must start with a digit;
2. package management tools should accept an upstream_version that does
   not start with a digit.

But that would be somewhat confusing in my opinion, and it might be
hard to sell (2) as something that belongs in policy.  If there were a
separate packaging system manual, life would be easier.  Lacking that,
I can see the potential value of dpkg validating the packages it
installs (though it's painful).




Information forwarded to debian-bugs-dist@lists.debian.org, Debian Policy List <debian-policy@lists.debian.org>:
Bug#620566; Package debian-policy. (Mon, 04 Apr 2011 09:03:28 GMT) Full text and rfc822 format available.

Acknowledgement sent to Julien Cristau <jcristau@debian.org>:
Extra info received and forwarded to list. Copy sent to Debian Policy List <debian-policy@lists.debian.org>. (Mon, 04 Apr 2011 09:03:29 GMT) Full text and rfc822 format available.

Message #67 received at 620566@bugs.debian.org (full text, mbox):

From: Julien Cristau <jcristau@debian.org>
To: Russ Allbery <rra@debian.org>, 620566@bugs.debian.org
Cc: Guillem Jover <guillem@debian.org>, Christian Hofstaedtler <ch@grml.org>
Subject: Re: Bug#620566: dpkg: "version number does not start with digit" is in contrast to policy
Date: Mon, 4 Apr 2011 11:00:15 +0200
On Sun, Apr  3, 2011 at 20:07:57 -0700, Russ Allbery wrote:

> Julien Cristau <jcristau@debian.org> writes:
> > On Sun, Apr  3, 2011 at 05:03:47 +0200, Guillem Jover wrote:
> 
> >> Well, while I generally agree dpkg does not need to be as strict as
> >> policy when it might make sense to be laxer outside Debian, in this
> >> case I don't see the point in allowing the version to start with an
> >> alphabetic character. This is an interface other software rely on, and
> >> expect it to be as specified, so making sure dpkg validates and
> >> disallows bogus values seems the correct thing to do.
> 
> > I don't see the point in disallowing these versions in dpkg, they won't
> > cause any problem anywhere, they're just discouraged by policy...  Maybe
> > we want dak to forbid them, but that's a different thing.
> 
> I'm not a fan of having DAK reject things that Policy says are allowed.
> The primary purpose of Policy is to document the requirements for the
> Debian archive, so if the Debian archive doesn't allow something, Policy
> should say that.  Otherwise, it's just confusing.  Out-of-archive packages
> are always allowed (and sometimes expected) to ignore bits of Policy.
> 
> I think we should either allow it or not allow it, but Policy and DAK
> should agree.
> 
Agreed, dak should only reject these names if policy does.  I have no
particular opinion on the policy change, I just think the dpkg change is
wrong.

Cheers,
Julien




Information forwarded to debian-bugs-dist@lists.debian.org, Debian Policy List <debian-policy@lists.debian.org>:
Bug#620566; Package debian-policy. (Mon, 04 Apr 2011 09:51:30 GMT) Full text and rfc822 format available.

Acknowledgement sent to Michael Prokop <mika@debian.org>:
Extra info received and forwarded to list. Copy sent to Debian Policy List <debian-policy@lists.debian.org>. (Mon, 04 Apr 2011 09:51:32 GMT) Full text and rfc822 format available.

Message #72 received at 620566@bugs.debian.org (full text, mbox):

From: Michael Prokop <mika@debian.org>
To: Russ Allbery <rra@debian.org>
Cc: 620566@bugs.debian.org
Subject: Re: Bug#620566: dpkg: "version number does not start with digit" is in contrast to policy
Date: Mon, 4 Apr 2011 11:46:26 +0200
[Message part 1 (text/plain, inline)]
* Russ Allbery [Sun Apr 03, 2011 at 08:12:03PM -0700]:
> Michael Prokop <mika@debian.org> writes:

> > Yeah, actually the change is breaking existing packages which used to
> > work just fine (disclaimer: no, the ones I'm talking about aren't
> > available in the official Debian pool).

> > I understand the change but a timeframe for upgrading would be nice with
> > warnings instead of erroring out.

> I think this is more an objection to the dpkg change than to the Policy
> change, correct?

ACK

> Policy doesn't govern out-of-archive packages, and I think it's
> reasonable to just forbid version numbers starting with a letter
> in the Debian archive rather than saying "should not" about
> something that's syntactical.

ACK

> My inclination is to second this, but I want to make sure that we've
> answered your and Julien's objections first.

Thanks!

regards,
-mika-
[signature.asc (application/pgp-signature, inline)]

Information forwarded to debian-bugs-dist@lists.debian.org, Debian Policy List <debian-policy@lists.debian.org>:
Bug#620566; Package debian-policy. (Mon, 04 Apr 2011 10:33:10 GMT) Full text and rfc822 format available.

Acknowledgement sent to Bill Allombert <Bill.Allombert@math.u-bordeaux1.fr>:
Extra info received and forwarded to list. Copy sent to Debian Policy List <debian-policy@lists.debian.org>. (Mon, 04 Apr 2011 10:33:12 GMT) Full text and rfc822 format available.

Message #77 received at 620566@bugs.debian.org (full text, mbox):

From: Bill Allombert <Bill.Allombert@math.u-bordeaux1.fr>
To: Jonathan Nieder <jrnieder@gmail.com>, 620566@bugs.debian.org
Cc: Raphael Hertzog <hertzog@debian.org>, Michael Prokop <mika@debian.org>
Subject: Re: Bug#620566: dpkg: "version number does not start with digit" is in contrast to policy
Date: Mon, 4 Apr 2011 12:03:39 +0200
[Message part 1 (text/plain, inline)]
On Mon, Apr 04, 2011 at 02:23:25AM -0500, Jonathan Nieder wrote:
> Raphael Hertzog wrote:
> > On Sun, 03 Apr 2011, Russ Allbery wrote:
> 
> >> My inclination is to second this, but I want to make sure that we've
> >> answered your and Julien's objections first.
> >
> > And for complete reference, dpkg accepts those version in
> > /var/lib/dpkg/status (so that dpkg still works for users with affected
> > packages installed) but will not a accept to install a .deb with a bad
> > version anymore.
> 
> One possibility would be to mandate in policy that:
> 
> 1. upstream_version must start with a digit;

Unfortunately, we cannot force upstream to use a version that start by a digit,
We would need to document a mangling process for upstream version that start
by a letter.

I really fail to see the motivation for this change in dpkg.

So far, I am objecting to the change as it is.

Cheers,
-- 
Bill. <ballombe@debian.org>

Imagine a large red swirl here. 
[signature.asc (application/pgp-signature, inline)]

Information forwarded to debian-bugs-dist@lists.debian.org, Debian Policy List <debian-policy@lists.debian.org>:
Bug#620566; Package debian-policy. (Mon, 04 Apr 2011 11:09:03 GMT) Full text and rfc822 format available.

Message #80 received at 620566@bugs.debian.org (full text, mbox):

From: Carsten Hey <carsten@debian.org>
To: 620566@bugs.debian.org
Subject: Re: Bug#620566: dpkg: "version number does not start with digit" is in contrast to policy
Date: Mon, 4 Apr 2011 12:59:43 +0200
* Bill Allombert [2011-04-04 12:03 +0200]:
> Unfortunately, we cannot force upstream to use a version that start by a digit,
> We would need to document a mangling process for upstream version that start
> by a letter.

Quoting policy:
| epoch
|
| This is a single (generally small) unsigned integer. It may be
| omitted, in which case zero is assumed. If it is omitted then the
| upstream_version may not contain any colons.

upstream_version git1234 could be prefixed with epoch 0 and thus lead to
the version number 0:git1234-debian_revision.  Maybe this could be
mentioned in the policy.

Regards
Carsten




Information forwarded to debian-bugs-dist@lists.debian.org, Debian Policy List <debian-policy@lists.debian.org>:
Bug#620566; Package debian-policy. (Mon, 04 Apr 2011 12:18:31 GMT) Full text and rfc822 format available.

Acknowledgement sent to Raphael Hertzog <hertzog@debian.org>:
Extra info received and forwarded to list. Copy sent to Debian Policy List <debian-policy@lists.debian.org>. (Mon, 04 Apr 2011 12:19:00 GMT) Full text and rfc822 format available.

Message #85 received at 620566@bugs.debian.org (full text, mbox):

From: Raphael Hertzog <hertzog@debian.org>
To: Bill Allombert <Bill.Allombert@math.u-bordeaux1.fr>
Cc: Jonathan Nieder <jrnieder@gmail.com>, 620566@bugs.debian.org
Subject: Re: Bug#620566: dpkg: "version number does not start with digit" is in contrast to policy
Date: Mon, 4 Apr 2011 14:13:26 +0200
Hi,

On Mon, 04 Apr 2011, Bill Allombert wrote:
> > 1. upstream_version must start with a digit;
> 
> Unfortunately, we cannot force upstream to use a version that start by a digit,
> We would need to document a mangling process for upstream version that start
> by a letter.

We have no upstream with such versions currently in Debian. I don't really
see the point of your objection. There's no supplementary work involved in
Debian.

I doubt we'll ever have to mangle the version name to satisfy the
constraint but even if we have to, it's trivial to add a leading 0.

Cheers,
-- 
Raphaël Hertzog ◈ Debian Developer

Follow my Debian News ▶ http://RaphaelHertzog.com (English)
                      ▶ http://RaphaelHertzog.fr (Français)




Information forwarded to debian-bugs-dist@lists.debian.org, Debian Policy List <debian-policy@lists.debian.org>:
Bug#620566; Package debian-policy. (Mon, 04 Apr 2011 12:34:28 GMT) Full text and rfc822 format available.

Acknowledgement sent to Raphael Hertzog <hertzog@debian.org>:
Extra info received and forwarded to list. Copy sent to Debian Policy List <debian-policy@lists.debian.org>. (Mon, 04 Apr 2011 12:34:30 GMT) Full text and rfc822 format available.

Message #90 received at 620566@bugs.debian.org (full text, mbox):

From: Raphael Hertzog <hertzog@debian.org>
To: Carsten Hey <carsten@debian.org>, 620566@bugs.debian.org
Subject: Re: Bug#620566: dpkg: "version number does not start with digit" is in contrast to policy
Date: Mon, 4 Apr 2011 14:28:01 +0200
On Mon, 04 Apr 2011, Carsten Hey wrote:
> upstream_version git1234 could be prefixed with epoch 0 and thus lead to
> the version number 0:git1234-debian_revision.  Maybe this could be
> mentioned in the policy.

No, the check is on the first digit of the "upstream version". The epoch
is ignored.

Cheers,
-- 
Raphaël Hertzog ◈ Debian Developer

Follow my Debian News ▶ http://RaphaelHertzog.com (English)
                      ▶ http://RaphaelHertzog.fr (Français)




Information forwarded to debian-bugs-dist@lists.debian.org, Debian Policy List <debian-policy@lists.debian.org>:
Bug#620566; Package debian-policy. (Mon, 04 Apr 2011 12:45:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to Bill Allombert <Bill.Allombert@math.u-bordeaux1.fr>:
Extra info received and forwarded to list. Copy sent to Debian Policy List <debian-policy@lists.debian.org>. (Mon, 04 Apr 2011 12:45:06 GMT) Full text and rfc822 format available.

Message #95 received at 620566@bugs.debian.org (full text, mbox):

From: Bill Allombert <Bill.Allombert@math.u-bordeaux1.fr>
To: Carsten Hey <carsten@debian.org>, 620566@bugs.debian.org
Subject: Re: Bug#620566: dpkg: "version number does not start with digit" is in contrast to policy
Date: Mon, 4 Apr 2011 14:41:40 +0200
On Mon, Apr 04, 2011 at 12:59:43PM +0200, Carsten Hey wrote:
> * Bill Allombert [2011-04-04 12:03 +0200]:
> > Unfortunately, we cannot force upstream to use a version that start by a digit,
> > We would need to document a mangling process for upstream version that start
> > by a letter.
> 
> Quoting policy:
> | epoch
> |
> | This is a single (generally small) unsigned integer. It may be
> | omitted, in which case zero is assumed. If it is omitted then the
> | upstream_version may not contain any colons.
> 
> upstream_version git1234 could be prefixed with epoch 0 and thus lead to
> the version number 0:git1234-debian_revision.  Maybe this could be
> mentioned in the policy.

This would not be compatible with the proposed change, because epoch is not
part of upstream_version, so upstream_version would still start with a letter.

Cheers,
-- 
Bill. <ballombe@debian.org>

Imagine a large red swirl here. 




Information forwarded to debian-bugs-dist@lists.debian.org, Debian Policy List <debian-policy@lists.debian.org>:
Bug#620566; Package debian-policy. (Mon, 04 Apr 2011 17:39:06 GMT) Full text and rfc822 format available.

Acknowledgement sent to Russ Allbery <rra@debian.org>:
Extra info received and forwarded to list. Copy sent to Debian Policy List <debian-policy@lists.debian.org>. (Mon, 04 Apr 2011 17:39:06 GMT) Full text and rfc822 format available.

Message #100 received at 620566@bugs.debian.org (full text, mbox):

From: Russ Allbery <rra@debian.org>
To: 620566@bugs.debian.org
Subject: Re: Bug#620566: dpkg: "version number does not start with digit" is in contrast to policy
Date: Mon, 04 Apr 2011 10:35:22 -0700
Raphael Hertzog <hertzog@debian.org> writes:

> We have no upstream with such versions currently in Debian. I don't
> really see the point of your objection. There's no supplementary work
> involved in Debian.

> I doubt we'll ever have to mangle the version name to satisfy the
> constraint but even if we have to, it's trivial to add a leading 0.

We could recommend that explicitly if it would help.  It would be my
recommendation even without the restriction on version numbers, since
alphanumerics would sort after any numbers, so you'd need an epoch
otherwise if upstream ever switched to more conventional versions.

-- 
Russ Allbery (rra@debian.org)               <http://www.eyrie.org/~eagle/>




Information forwarded to debian-bugs-dist@lists.debian.org, Debian Policy List <debian-policy@lists.debian.org>:
Bug#620566; Package debian-policy. (Mon, 04 Apr 2011 18:30:24 GMT) Full text and rfc822 format available.

Acknowledgement sent to Jonathan Nieder <jrnieder@gmail.com>:
Extra info received and forwarded to list. Copy sent to Debian Policy List <debian-policy@lists.debian.org>. (Mon, 04 Apr 2011 18:30:24 GMT) Full text and rfc822 format available.

Message #105 received at 620566@bugs.debian.org (full text, mbox):

From: Jonathan Nieder <jrnieder@gmail.com>
To: 620566@bugs.debian.org
Subject: Re: dpkg: "version number does not start with digit" is in contrast to policy
Date: Mon, 4 Apr 2011 13:29:45 -0500
Russ Allbery wrote:
> Raphael Hertzog <hertzog@debian.org> writes:

>> it's trivial to add a leading 0.
>
> We could recommend that explicitly if it would help.  It would be my
> recommendation even without the restriction on version numbers, since
> alphanumerics would sort after any numbers, so you'd need an epoch
> otherwise if upstream ever switched to more conventional versions.

Yes, that sounds good to me.

The remaining open question is how to deal with historical packages.
I personally would be happier if "dpkg" and higher-level tools did
not introduce incompatibilities with the historical format when it's
easy not to, since being able to install old packages to "bisect" an
old bug is very useful.  But I realize I might be in the minority.

(For example, old versions of badlands have version numbers starting
with "build".)

I am sympathetic to Guillem's view, which (if I understand correctly)
is that dpkg output is unfortunately trusted by some other programs
and that not preventing installation of packages with syntax problems
would in the long term create a buggy and unstable system.  Hopefully
he will chime in some time to explain whether the above concern about
using the packaging system with historical packages can be reconciled
with that (hint: I think so, and I think policy can help).




Information forwarded to debian-bugs-dist@lists.debian.org, Debian Policy List <debian-policy@lists.debian.org>:
Bug#620566; Package debian-policy. (Mon, 04 Apr 2011 19:42:05 GMT) Full text and rfc822 format available.

Acknowledgement sent to Russ Allbery <rra@debian.org>:
Extra info received and forwarded to list. Copy sent to Debian Policy List <debian-policy@lists.debian.org>. (Mon, 04 Apr 2011 19:42:05 GMT) Full text and rfc822 format available.

Message #110 received at 620566@bugs.debian.org (full text, mbox):

From: Russ Allbery <rra@debian.org>
To: 620566@bugs.debian.org
Subject: Re: Bug#620566: dpkg: "version number does not start with digit" is in contrast to policy
Date: Mon, 04 Apr 2011 12:40:01 -0700
Jonathan Nieder <jrnieder@gmail.com> writes:

> The remaining open question is how to deal with historical packages.  I
> personally would be happier if "dpkg" and higher-level tools did not
> introduce incompatibilities with the historical format when it's easy
> not to, since being able to install old packages to "bisect" an old bug
> is very useful.  But I realize I might be in the minority.

I think this is an interesting conversation, but so far as I can tell it's
not particularly relevant to Policy.  There are no such packages with
those version numbers currently in Debian, so Policy can simply say that
there will never be in the future either and be done with it.

There is a remaining issue for out-of-archive packages, but I think that's
between maintainers of those packages and the dpkg maintainers about what
dpkg may support beyond what Debian requires.

-- 
Russ Allbery (rra@debian.org)               <http://www.eyrie.org/~eagle/>




Information forwarded to debian-bugs-dist@lists.debian.org, Debian Policy List <debian-policy@lists.debian.org>:
Bug#620566; Package debian-policy. (Mon, 04 Apr 2011 19:57:13 GMT) Full text and rfc822 format available.

Acknowledgement sent to Jonathan Nieder <jrnieder@gmail.com>:
Extra info received and forwarded to list. Copy sent to Debian Policy List <debian-policy@lists.debian.org>. (Mon, 04 Apr 2011 19:57:13 GMT) Full text and rfc822 format available.

Message #115 received at 620566@bugs.debian.org (full text, mbox):

From: Jonathan Nieder <jrnieder@gmail.com>
To: 620566@bugs.debian.org
Subject: Re: dpkg: "version number does not start with digit" is in contrast to policy
Date: Mon, 4 Apr 2011 14:55:04 -0500
Russ Allbery wrote:

> I think this is an interesting conversation, but so far as I can tell it's
> not particularly relevant to Policy.  There are no such packages with
> those version numbers currently in Debian, so Policy can simply say that
> there will never be in the future either and be done with it.
>
> There is a remaining issue for out-of-archive packages, but I think that's
> between maintainers of those packages and the dpkg maintainers about what
> dpkg may support beyond what Debian requires.

What about previously-in-archive packages?  And what about higher-level
packaging tools --- what document describes their contract with dpkg[1]?

It is relevant to policy because the proposed change in policy and its
implementation would have fallout.  It is worth considering whether
policy can do something to mitigate that, or at least whether there is
_some_ avenue in the Debian project to prevent this damage.

Jonathan

[1] Perhaps that contract can be informal.  It was not my impression
that that was the direction Guillem wants to go in (hence the dpkg bug
that sprouted this report in the first place) but I could easily be
wrong.




Information forwarded to debian-bugs-dist@lists.debian.org, Debian Policy List <debian-policy@lists.debian.org>:
Bug#620566; Package debian-policy. (Mon, 04 Apr 2011 20:06:05 GMT) Full text and rfc822 format available.

Acknowledgement sent to Russ Allbery <rra@debian.org>:
Extra info received and forwarded to list. Copy sent to Debian Policy List <debian-policy@lists.debian.org>. (Mon, 04 Apr 2011 20:06:05 GMT) Full text and rfc822 format available.

Message #120 received at 620566@bugs.debian.org (full text, mbox):

From: Russ Allbery <rra@debian.org>
To: 620566@bugs.debian.org
Subject: Re: Bug#620566: dpkg: "version number does not start with digit" is in contrast to policy
Date: Mon, 04 Apr 2011 13:04:04 -0700
Jonathan Nieder <jrnieder@gmail.com> writes:

> What about previously-in-archive packages?

Are there any of significance?  The example you gave in your previous mail
doesn't appear in the BTS at all, so I assume it's quite old if it was
ever in the archive.

Raphael said that dpkg wouldn't break already-installed packages.  Policy
primarily applies to packages going forward, plus to references to those
packages in versioned dependencies and the like.

> And what about higher-level packaging tools --- what document describes
> their contract with dpkg[1]?

I don't know that we have one at the moment; regardless, it's not Policy.

> It is relevant to policy because the proposed change in policy and its
> implementation would have fallout.  It is worth considering whether
> policy can do something to mitigate that, or at least whether there is
> _some_ avenue in the Debian project to prevent this damage.

Your primary concern is having existing packages stop working because
tools drop support for version numbers that they currently support?  Would
adding a non-normative footnote to that effect help?  Something like:

    In previous versions of Policy, upstream version numbers beginning
    with alphabetic characters were allowed but discouraged (a "should
    not" instead of a "must not").  There may, therefore, be older Debian
    packages with upstream versions starting with an alphabetic character.

-- 
Russ Allbery (rra@debian.org)               <http://www.eyrie.org/~eagle/>




Information forwarded to debian-bugs-dist@lists.debian.org, Debian Policy List <debian-policy@lists.debian.org>:
Bug#620566; Package debian-policy. (Mon, 04 Apr 2011 20:30:06 GMT) Full text and rfc822 format available.

Acknowledgement sent to Jonathan Nieder <jrnieder@gmail.com>:
Extra info received and forwarded to list. Copy sent to Debian Policy List <debian-policy@lists.debian.org>. (Mon, 04 Apr 2011 20:30:06 GMT) Full text and rfc822 format available.

Message #125 received at 620566@bugs.debian.org (full text, mbox):

From: Jonathan Nieder <jrnieder@gmail.com>
To: 620566@bugs.debian.org
Subject: Re: dpkg: "version number does not start with digit" is in contrast to policy
Date: Mon, 4 Apr 2011 15:27:17 -0500
Russ Allbery wrote:
> Jonathan Nieder <jrnieder@gmail.com> writes:

>> What about previously-in-archive packages?
>
> Are there any of significance?

I don't know.  The example I gave was from a dpkg bug report, and I
don't know if it was contrived or not (one would have to ask the
submitter).

I admit that the principle that dpkg can introduce and is introducing
many parsing regressions with policy as its justification is more
important to me than this particular example.  A reasonable
justification for the policy _and_ dpkg change would be "allowing this
is too much trouble, and almost no packages took advantage of it, so
let's disallow it and simplify life for everyone".  So please don't
take my comments here as a strong objection.

> ... if it was ever in the archive.

One can check at snapshot.debian.org.

>> And what about higher-level packaging tools --- what document describes
>> their contract with dpkg[1]?
>
> I don't know that we have one at the moment; regardless, it's not Policy.

In practice, Policy is being used that way.  I agree that that is not
really a good thing.

>> It is relevant to policy because the proposed change in policy and its
>> implementation would have fallout.  It is worth considering whether
>> policy can do something to mitigate that, or at least whether there is
>> _some_ avenue in the Debian project to prevent this damage.
>
> Your primary concern is having existing packages stop working because
> tools drop support for version numbers that they currently support?  Would
> adding a non-normative footnote to that effect help?  Something like:
>
>     In previous versions of Policy, upstream version numbers beginning
>     with alphabetic characters were allowed but discouraged (a "should
>     not" instead of a "must not").  There may, therefore, be older Debian
>     packages with upstream versions starting with an alphabetic character.

Personally, my primary concern is (as mentioned before) that dpkg still
be usable for testing old packages.

If Policy is not where the packaging system is documented, I don't
think a footnote is needed or would be helpful.  What would be useful
is a consensus that (for example) various tools working with version
numbers should accept versions starting with an alphabetic character.
An alternative would be a consensus that tools working with version
numbers should still behave reasonably [for some definition of
reasonable] when given an invalid one, so dpkg could be permissive as
it pleases.  Otherwise, the situation is kind of unfortunate.




Information forwarded to debian-bugs-dist@lists.debian.org, Debian Policy List <debian-policy@lists.debian.org>:
Bug#620566; Package debian-policy. (Mon, 04 Apr 2011 20:45:05 GMT) Full text and rfc822 format available.

Acknowledgement sent to Jonathan Nieder <jrnieder@gmail.com>:
Extra info received and forwarded to list. Copy sent to Debian Policy List <debian-policy@lists.debian.org>. (Mon, 04 Apr 2011 20:45:05 GMT) Full text and rfc822 format available.

Message #130 received at 620566@bugs.debian.org (full text, mbox):

From: Jonathan Nieder <jrnieder@gmail.com>
To: 620566@bugs.debian.org
Subject: Re: dpkg: "version number does not start with digit" is in contrast to policy
Date: Mon, 4 Apr 2011 15:41:53 -0500
Russ Allbery wrote:
> Jonathan Nieder <jrnieder@gmail.com> writes:

>> What about previously-in-archive packages?
>
> Are there any of significance?

Ah, I forgot to say: I think changing this to a "must" with advice to
add a 0 when the upstream version does not start with a number would
be a good change.  Based on your clarifications, I don't think there's
anything left to do after that.  Packaging system policy for ancient
and otherwise noncompliant packages can be left to the packaging
system maintainers.

Sorry for the confusion.




Information forwarded to debian-bugs-dist@lists.debian.org, Debian Policy List <debian-policy@lists.debian.org>:
Bug#620566; Package debian-policy. (Mon, 04 Apr 2011 23:18:04 GMT) Full text and rfc822 format available.

Acknowledgement sent to gregor herrmann <gregoa@debian.org>:
Extra info received and forwarded to list. Copy sent to Debian Policy List <debian-policy@lists.debian.org>. (Mon, 04 Apr 2011 23:18:04 GMT) Full text and rfc822 format available.

Message #135 received at 620566@bugs.debian.org (full text, mbox):

From: gregor herrmann <gregoa@debian.org>
To: 620566@bugs.debian.org
Subject: Re: Bug#620566: dpkg: "version number does not start with digit" is in contrast to policy
Date: Tue, 5 Apr 2011 00:53:57 +0200
[Message part 1 (text/plain, inline)]
On Mon, 04 Apr 2011 12:40:01 -0700, Russ Allbery wrote:

> I think this is an interesting conversation, but so far as I can tell it's
> not particularly relevant to Policy.  There are no such packages with
> those version numbers currently in Debian, so Policy can simply say that
> there will never be in the future either and be done with it.

There is (or better: was) cnews, in etch and lenny, with
cr.g7-40.{1,4}.

I noticed this because of
    dpkg-query: warning: parsing file '/var/lib/dpkg/available' near line 699262 package 'cnews':
     error in Version string 'cr.g7-40.4': version number does not start with digit
each time I build a package (maybe I should just remove oldstable
from my sources.list at some point :))
 
(Just as a side note, and not relevant for policy.)


Cheers,
gregor
 
-- 
 .''`.   http://info.comodo.priv.at/ -- GPG key IDs: 0x8649AA06, 0x00F3CFE4
 : :' :  Debian GNU/Linux user, admin, & developer - http://www.debian.org/
 `. `'   Member of VIBE!AT & SPI, fellow of Free Software Foundation Europe
   `-    NP: Tom Waits: Innocent When You Dream
[signature.asc (application/pgp-signature, inline)]

Information forwarded to debian-bugs-dist@lists.debian.org, Debian Policy List <debian-policy@lists.debian.org>:
Bug#620566; Package debian-policy. (Tue, 05 Apr 2011 08:09:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to Bill Allombert <Bill.Allombert@math.u-bordeaux1.fr>:
Extra info received and forwarded to list. Copy sent to Debian Policy List <debian-policy@lists.debian.org>. (Tue, 05 Apr 2011 08:09:03 GMT) Full text and rfc822 format available.

Message #140 received at 620566@bugs.debian.org (full text, mbox):

From: Bill Allombert <Bill.Allombert@math.u-bordeaux1.fr>
To: Guillem Jover <guillem@debian.org>, 620566@bugs.debian.org
Cc: Christian Hofstaedtler <ch@grml.org>
Subject: Re: Bug#620566: dpkg: "version number does not start with digit" is in contrast to policy
Date: Tue, 5 Apr 2011 10:06:48 +0200
[Message part 1 (text/plain, inline)]
On Sun, Apr 03, 2011 at 05:03:47AM +0200, Guillem Jover wrote:
> reassign 620566 debian-policy
> severity 620566 normal
> tags 620566 patch
> retitle 620566 Sync upstream version format with what dpkg accepts now
> thanks
> 
> On Sat, 2011-04-02 at 21:28:08 +0200, Christian Hofstaedtler wrote:
> > Package: dpkg
> > Version: 1.16.0
> > Severity: important
> > Tags: sid
> 
> > dpkg 1.16.0 appears to refuse to install packages which have a Version:
> > field which does not start with a digit.
> 
> This is in line with the recent changes to properly parse and validate
> the data dpkg has to handle.
> 
> > The Debian policy currently states:
> > The upstream_version may contain only alphanumerics[33] and the
> > characters . + - : ~ (full stop, plus, hyphen, colon, tilde) and *should*
> > start with a digit.
> > 
> > I don't see why this would forbid versions starting with an
> > anlphanumeric character.
> 
> Well, while I generally agree dpkg does not need to be as strict as
> policy when it might make sense to be laxer outside Debian, in this
> case I don't see the point in allowing the version to start with an
> alphabetic character. This is an interface other software rely on,
> and expect it to be as specified, so making sure dpkg validates and
> disallows bogus values seems the correct thing to do.
> 
> > Either dpkg should again install packages with such Version: fields, or
> > the policy should be changed to reflect this new requirement.
> 
> Then I guess this is a request to change the ‘should’ to a ‘must’.
> Attached patch against policy master.

I formally object to that change in policy, since no rationale is provided.
For the time being, #620566 is a bug in dpkg.

Cheers,
-- 
Bill. <ballombe@debian.org>

Imagine a large red swirl here. 
[signature.asc (application/pgp-signature, inline)]

Information forwarded to debian-bugs-dist@lists.debian.org, Debian Policy List <debian-policy@lists.debian.org>:
Bug#620566; Package debian-policy. (Fri, 08 Apr 2011 13:13:45 GMT) Full text and rfc822 format available.

Acknowledgement sent to Thorsten Glaser <tg@mirbsd.de>:
Extra info received and forwarded to list. Copy sent to Debian Policy List <debian-policy@lists.debian.org>. (Fri, 08 Apr 2011 13:13:58 GMT) Full text and rfc822 format available.

Message #145 received at 620566@bugs.debian.org (full text, mbox):

From: Thorsten Glaser <tg@mirbsd.de>
To: 620566@bugs.debian.org
Subject: Re: Bug#620566: dpkg: "version number does not start with digit" is in contrast to policy
Date: Fri, 8 Apr 2011 14:26:38 +0200 (CEST)
On Mon, 4 Apr 2011, Carsten Hey wrote:

> upstream_version git1234 could be prefixed with epoch 0 and thus lead to
> the version number 0:git1234-debian_revision.  Maybe this could be

Nah. Just drop the leading 'git'.


On Mon, 4 Apr 2011, Raphael Hertzog wrote:

> We have no upstream with such versions currently in Debian. I don't really

We have, mksh version numbers are mangled (see its watch file)
in a defined way. It uses a repacked source as .orig.tar.gz,
but since dpkg’s extraction mechanism doesn’t really care, for
a package with a normal tar.gz upstream this wouldn’t even matter.

bye,
//mirabilos
-- 
«MyISAM tables -will- get corrupted eventually. This is a fact of life. »
“mysql is about as much database as ms access” – “MSSQL at least descends
from a database” “it's a rebranded SyBase” “MySQL however was born from a
flatfile and went downhill from there” – “at least jetDB doesn’t claim to
be a database”	(#nosec)    ‣‣‣ Please let MySQL and MariaDB finally die!




Information forwarded to debian-bugs-dist@lists.debian.org, Debian Policy List <debian-policy@lists.debian.org>:
Bug#620566; Package debian-policy. (Fri, 08 Apr 2011 17:51:05 GMT) Full text and rfc822 format available.

Acknowledgement sent to Goswin von Brederlow <goswin-v-b@web.de>:
Extra info received and forwarded to list. Copy sent to Debian Policy List <debian-policy@lists.debian.org>. (Fri, 08 Apr 2011 17:51:06 GMT) Full text and rfc822 format available.

Message #150 received at 620566@bugs.debian.org (full text, mbox):

From: Goswin von Brederlow <goswin-v-b@web.de>
To: Raphael Hertzog <hertzog@debian.org>
Cc: 620566@bugs.debian.org, Russ Allbery <rra@debian.org>, Michael Prokop <mika@debian.org>
Subject: Re: Bug#620566: dpkg: "version number does not start with digit" is in contrast to policy
Date: Fri, 08 Apr 2011 19:47:00 +0200
Raphael Hertzog <hertzog@debian.org> writes:

> On Sun, 03 Apr 2011, Russ Allbery wrote:
>> My inclination is to second this, but I want to make sure that we've
>> answered your and Julien's objections first.
>
> And for complete reference, dpkg accepts those version in
> /var/lib/dpkg/status (so that dpkg still works for users with affected
> packages installed) but will not a accept to install a .deb with a bad
> version anymore.
>
> Cheers,

It does not allow them in available though breaking many systems that
have or in the past had a package with such a version available. At
least 4 people on irc have run into that problem that I saw already.

MfG
        Goswin




Information forwarded to debian-bugs-dist@lists.debian.org, Debian Policy List <debian-policy@lists.debian.org>:
Bug#620566; Package debian-policy. (Fri, 08 Apr 2011 18:36:02 GMT) Full text and rfc822 format available.

Acknowledgement sent to Raphael Hertzog <hertzog@debian.org>:
Extra info received and forwarded to list. Copy sent to Debian Policy List <debian-policy@lists.debian.org>. (Fri, 08 Apr 2011 18:36:03 GMT) Full text and rfc822 format available.

Message #155 received at 620566@bugs.debian.org (full text, mbox):

From: Raphael Hertzog <hertzog@debian.org>
To: Goswin von Brederlow <goswin-v-b@web.de>
Cc: 620566@bugs.debian.org, Russ Allbery <rra@debian.org>, Michael Prokop <mika@debian.org>
Subject: Re: Bug#620566: dpkg: "version number does not start with digit" is in contrast to policy
Date: Fri, 8 Apr 2011 20:33:16 +0200
On Fri, 08 Apr 2011, Goswin von Brederlow wrote:
> It does not allow them in available though breaking many systems that
> have or in the past had a package with such a version available. At
> least 4 people on irc have run into that problem that I saw already.

It does allow them in available. Those people are confused
or affected by something else.

They might not know how to get rid of the warnings though (dpkg
--clear-avail).

Cheers,
-- 
Raphaël Hertzog ◈ Debian Developer

Follow my Debian News ▶ http://RaphaelHertzog.com (English)
                      ▶ http://RaphaelHertzog.fr (Français)




Information forwarded to debian-bugs-dist@lists.debian.org, Debian Policy List <debian-policy@lists.debian.org>:
Bug#620566; Package debian-policy. (Sun, 22 May 2011 21:51:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to ch@grml.org:
Extra info received and forwarded to list. Copy sent to Debian Policy List <debian-policy@lists.debian.org>. (Sun, 22 May 2011 21:51:03 GMT) Full text and rfc822 format available.

Message #160 received at 620566@bugs.debian.org (full text, mbox):

From: chris h <ch@grml.org>
To: 620566@bugs.debian.org
Cc: Guillem Jover <guillem@debian.org>, Bill Allombert <Bill.Allombert@math.u-bordeaux1.fr>, Raphael Hertzog <hertzog@debian.org>, Russ Allbery <rra@debian.org>
Subject: Re: Bug#620566: dpkg: "version number does not start with digit" is in contrast to policy
Date: Sun, 22 May 2011 23:47:59 +0200
On Tue, Apr 5, 2011 at 10:06 AM, Bill Allombert
<Bill.Allombert@math.u-bordeaux1.fr> wrote:
> I formally object to that change in policy, since no rationale is provided.
> For the time being, #620566 is a bug in dpkg.

So, should this bug then be assigned back to dpkg?
Is there anything which prevents fixing this bug?

Thanks,
  -ch




Information forwarded to debian-bugs-dist@lists.debian.org, Debian Policy List <debian-policy@lists.debian.org>:
Bug#620566; Package debian-policy. (Tue, 24 May 2011 19:42:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to Bill Allombert <Bill.Allombert@math.u-bordeaux1.fr>:
Extra info received and forwarded to list. Copy sent to Debian Policy List <debian-policy@lists.debian.org>. (Tue, 24 May 2011 19:42:03 GMT) Full text and rfc822 format available.

Message #165 received at 620566@bugs.debian.org (full text, mbox):

From: Bill Allombert <Bill.Allombert@math.u-bordeaux1.fr>
To: Guillem Jover <guillem@debian.org>, 620566@bugs.debian.org, control@bugs.debian.org
Subject: Re: Bug#620566: dpkg: "version number does not start with digit" is in contrast to policy
Date: Tue, 24 May 2011 21:39:30 +0200
Hello,

I am reassigning this bug to dpkg for the following reason:

1) No rationale are provided for the change.

2) This change breaks actual packages. Even if no such package exist in squeeze, users
could still want to install older or unofficial packages, or created with dpkg-repack.

3) As a matter of policy, we should not encourage developpers to upload packages that
conflict with Debian policy and then ask for a policy change to match before a consensus
for the change is established, since this creates an unwanted pressure on the policy 
process by breaking the status quo principle.

4) No consensus exist on the policy change.

5) Even this policy change was accepted, it would still be a bug in dpkg to reject
packages that were made before this policy was implemented.

Cheers,
-- 
Bill. <ballombe@debian.org>

Imagine a large red swirl here. 




Bug reassigned from package 'debian-policy' to 'dpkg'. Request was from Bill Allombert <ballombe@debian.org> to control@bugs.debian.org. (Tue, 24 May 2011 20:24:02 GMT) Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, Dpkg Developers <debian-dpkg@lists.debian.org>:
Bug#620566; Package dpkg. (Tue, 24 May 2011 21:12:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to Raphael Hertzog <hertzog@debian.org>:
Extra info received and forwarded to list. Copy sent to Dpkg Developers <debian-dpkg@lists.debian.org>. (Tue, 24 May 2011 21:12:05 GMT) Full text and rfc822 format available.

Message #172 received at 620566@bugs.debian.org (full text, mbox):

From: Raphael Hertzog <hertzog@debian.org>
To: Bill Allombert <Bill.Allombert@math.u-bordeaux1.fr>, 620566@bugs.debian.org, debian-policy@lists.debian.org
Cc: Guillem Jover <guillem@debian.org>
Subject: Re: Bug#620566: dpkg: "version number does not start with digit" is in contrast to policy
Date: Tue, 24 May 2011 23:08:55 +0200
Hi,

On Tue, 24 May 2011, Bill Allombert wrote:
> 2) This change breaks actual packages. Even if no such package exist in squeeze, users
> could still want to install older or unofficial packages, or created with dpkg-repack.

The next version of dpkg has --force-bad-version to work around this.

I'm not sure it's highly constructive to ask Guillem to revert the change
at this point since the impact on Debian is very low and a way has been
provided to install packages with bad versions.

Please reconsider. I think it's been well explained that version numbers
ought to start with a "number".

Cheers,
-- 
Raphaël Hertzog ◈ Debian Developer

Follow my Debian News ▶ http://RaphaelHertzog.com (English)
                      ▶ http://RaphaelHertzog.fr (Français)




Information forwarded to debian-bugs-dist@lists.debian.org, Dpkg Developers <debian-dpkg@lists.debian.org>:
Bug#620566; Package dpkg. (Fri, 27 May 2011 21:57:06 GMT) Full text and rfc822 format available.

Acknowledgement sent to Joey Hess <joeyh@debian.org>:
Extra info received and forwarded to list. Copy sent to Dpkg Developers <debian-dpkg@lists.debian.org>. (Fri, 27 May 2011 21:57:06 GMT) Full text and rfc822 format available.

Message #177 received at 620566@bugs.debian.org (full text, mbox):

From: Joey Hess <joeyh@debian.org>
To: 620566@bugs.debian.org, debian-policy@lists.debian.org
Subject: Re: Bug#620566: dpkg: "version number does not start with digit" is in contrast to policy
Date: Fri, 27 May 2011 09:46:49 -0400
[Message part 1 (text/plain, inline)]
Raphael Hertzog wrote:
> Please reconsider. I think it's been well explained that version numbers
> ought to start with a "number".

Where? Also, f is a number around here. 

Example breakage includes the bitlbee bzr snapshots, which many stable
users of bitlbee were probably using.

-- 
see shy jo
[signature.asc (application/pgp-signature, inline)]

Information forwarded to debian-bugs-dist@lists.debian.org, Dpkg Developers <debian-dpkg@lists.debian.org>:
Bug#620566; Package dpkg. (Thu, 16 Jun 2011 09:00:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to ch@grml.org:
Extra info received and forwarded to list. Copy sent to Dpkg Developers <debian-dpkg@lists.debian.org>. (Thu, 16 Jun 2011 09:00:05 GMT) Full text and rfc822 format available.

Message #182 received at 620566@bugs.debian.org (full text, mbox):

From: chris h <ch@grml.org>
To: 620566@bugs.debian.org
Cc: debian-policy@lists.debian.org, Guillem Jover <guillem@debian.org>, Bill Allombert <Bill.Allombert@math.u-bordeaux1.fr>, Raphael Hertzog <hertzog@debian.org>
Subject: Re: Bug#620566: dpkg: "version number does not start with digit" is in contrast to policy
Date: Thu, 16 Jun 2011 10:57:09 +0200
Has there been any progress on this bug?
We (Grml) would like to switch back to short Version: strings for our
kernel packages, as they already have the major "version number" in
the package name, to allow co-installation of multiple versions, and
there's no point in duplicating this info in the Version field.
(Making the Version field relatively long and unreadable.)

Thanks,
  -ch




Changed Bug title to 'dpkg: "version number does not start with digit" is in' from 'Sync upstream version format with what dpkg accepts now' Request was from chris h <ch@grml.org> to control@bugs.debian.org. (Thu, 16 Jun 2011 09:00:53 GMT) Full text and rfc822 format available.

Bug Marked as found in versions dpkg/1.16.0. Request was from chris h <ch@grml.org> to control@bugs.debian.org. (Thu, 16 Jun 2011 09:00:54 GMT) Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, Dpkg Developers <debian-dpkg@lists.debian.org>:
Bug#620566; Package dpkg. (Thu, 16 Jun 2011 09:24:22 GMT) Full text and rfc822 format available.

Acknowledgement sent to Raphael Hertzog <hertzog@debian.org>:
Extra info received and forwarded to list. Copy sent to Dpkg Developers <debian-dpkg@lists.debian.org>. (Thu, 16 Jun 2011 09:24:23 GMT) Full text and rfc822 format available.

Message #191 received at 620566@bugs.debian.org (full text, mbox):

From: Raphael Hertzog <hertzog@debian.org>
To: chris h <ch@grml.org>
Cc: 620566@bugs.debian.org, debian-policy@lists.debian.org, Guillem Jover <guillem@debian.org>, Bill Allombert <Bill.Allombert@math.u-bordeaux1.fr>
Subject: Re: Bug#620566: dpkg: "version number does not start with digit" is in contrast to policy
Date: Thu, 16 Jun 2011 11:23:41 +0200
Hi,

On Thu, 16 Jun 2011, chris h wrote:
> We (Grml) would like to switch back to short Version: strings for our
> kernel packages, as they already have the major "version number" in
> the package name, to allow co-installation of multiple versions, and
> there's no point in duplicating this info in the Version field.
> (Making the Version field relatively long and unreadable.)

"0" is very short. If you don't need the version at all, you don't need to
put a text string either.

Cheers,
-- 
Raphaël Hertzog ◈ Debian Developer

Follow my Debian News ▶ http://RaphaelHertzog.com (English)
                      ▶ http://RaphaelHertzog.fr (Français)




Added tag(s) wontfix; removed tag(s) patch. Request was from Raphael Hertzog <hertzog@debian.org> to control@bugs.debian.org. (Thu, 11 Aug 2011 20:51:18 GMT) Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, Dpkg Developers <debian-dpkg@lists.debian.org>:
Bug#620566; Package dpkg. (Thu, 11 Aug 2011 20:57:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to Raphael Hertzog <hertzog@debian.org>:
Extra info received and forwarded to list. Copy sent to Dpkg Developers <debian-dpkg@lists.debian.org>. (Thu, 11 Aug 2011 20:57:03 GMT) Full text and rfc822 format available.

Message #198 received at 620566@bugs.debian.org (full text, mbox):

From: Raphael Hertzog <hertzog@debian.org>
To: 620566@bugs.debian.org
Subject: Version numbers will continue to have to start with a digit
Date: Thu, 11 Aug 2011 15:36:51 +0200
tag 620566 = wontfix
thanks

It looks like Guillem is not willing to revert this change and neither am
I (because I don't really care, the impact is null since we have no official
packages affected by this).

So I'm tagging this bug accordingly.

Cheers,
-- 
Raphaël Hertzog ◈ Debian Developer

Follow my Debian News ▶ http://RaphaelHertzog.com (English)
                      ▶ http://RaphaelHertzog.fr (Français)




Information forwarded to debian-bugs-dist@lists.debian.org, Dpkg Developers <debian-dpkg@lists.debian.org>:
Bug#620566; Package dpkg. (Wed, 28 Sep 2011 22:33:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to "Keats" <neokeats@hotmail.com>:
Extra info received and forwarded to list. Copy sent to Dpkg Developers <debian-dpkg@lists.debian.org>. (Wed, 28 Sep 2011 22:33:03 GMT) Full text and rfc822 format available.

Message #203 received at 620566@bugs.debian.org (full text, mbox):

From: "Keats" <neokeats@hotmail.com>
To: <620566@bugs.debian.org>
Subject: RE : Version numbers will continue to have to start with a digit
Date: Thu, 29 Sep 2011 00:29:45 +0200
[Message part 1 (text/plain, inline)]
>tag 620566 = wontfix
>thanks

>It looks like Guillem is not willing to revert this change and neither am
>I (because I don't really care, the impact is null since we have no official
>packages affected by this).

>So I'm tagging this bug accordingly.

>Cheers,
>-- 
>Raphaël Hertzog ◈ Debian Developer

arf that’s why opensource sucks...
so let’s change something that was working just for fun... 
and f***k those ho have a problem since i’m not affected...

upgrading an old ubuntu 10.4 to 11.4 produce the bug for example...
nevermind, linux users are used to spend time to reinstall the system if they don’t use/upgrade it regulary during more than 6months...

[Message part 2 (text/html, inline)]

Reply sent to Guillem Jover <guillem@debian.org>:
You have taken responsibility. (Sun, 15 Jul 2012 22:54:03 GMT) Full text and rfc822 format available.

Notification sent to Christian Hofstaedtler <ch@grml.org>:
Bug acknowledged by developer. (Sun, 15 Jul 2012 22:54:03 GMT) Full text and rfc822 format available.

Message #208 received at 620566-done@bugs.debian.org (full text, mbox):

From: Guillem Jover <guillem@debian.org>
To: Christian Hofstaedtler <ch@grml.org>, 620566-done@bugs.debian.org
Subject: Re: Bug#620566: dpkg: "version number does not start with digit" is in contrast to policy
Date: Mon, 16 Jul 2012 00:46:00 +0200
Hi,

On Sat, 2011-04-02 at 21:28:08 +0200, Christian Hofstaedtler wrote:
> Package: dpkg
> Version: 1.16.0
> Severity: important
> Tags: sid

> dpkg 1.16.0 appears to refuse to install packages which have a Version:
> field which does not start with a digit.
> 
> The Debian policy currently states:
> The upstream_version may contain only alphanumerics[33] and the
> characters . + - : ~ (full stop, plus, hyphen, colon, tilde) and *should*
> start with a digit.
> 
> I don't see why this would forbid versions starting with an
> anlphanumeric character.
> 
> Either dpkg should again install packages with such Version: fields, or
> the policy should be changed to reflect this new requirement.

dpkg now (since 1.16.1) allows to install such packages with bogus
versions with the new --force-bad-version option either from the
command-line or one of the config files, so I don't see any issue
here anymore. Thus closing.

thanks,
guillem



Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Mon, 13 Aug 2012 07:27:36 GMT) Full text and rfc822 format available.

Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Wed Apr 16 08:28:48 2014; Machine Name: beach.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.