Bug#1042964: shim-signed: policy violation: Recommends a package that is not in debian main

Thu, 03 Aug 2023 04:27:20 -0700 

Package: shim-signed
Version: 1.39+15.7-1
Severity: serious
Justification: Policy 2.2.1
X-Debbugs-Cc: zorka.jor...@allfreemail.net

Dear Maintainer,

shim-signed currently Recommends secureboot-db package, which is not in debian 
main.

This is a violation of debian policy 2.2.1 
https://www.debian.org/doc/debian-policy/ch-archive.html#the-main-archive-area

```
In addition, the packages in main:

- must not require or recommend a package outside of main for compilation or 
execution (thus, the package must not declare a Pre-Depends, Depends, 
Recommends, Build-Depends, Build-Depends-Indep, or Build-Depends-Arch 
relationship on a non-main package unless that package is only listed as a 
non-default alternative for a package in main)
```

This was previously mentioned 4 years ago in #932358 and #1041449. Neither of 
those bugreports had any maintainer reaction.

Please either remove shim-signed from debian, since it violates debian policy, 
or change the package dependencies to no longer recommend packages outside of 
debian main.

Alternatively, please provide information why this package should keep the 
recommendation on a package that is not in debian main, and address the 4 year 
old bugreport in #932358 and #1041449

Severity set as serious because this is a violation of debian policy, and 
because there has been no reaction in 4 years about this issue.



-- System Information:
Debian Release: 12.1
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 6.1.0-10-amd64 (SMP w/1 CPU thread; PREEMPT)
Locale: LANG=C, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages shim-signed depends on:
ii  grub-efi-amd64-bin         2.06-13
ii  grub2-common               2.06-13
ii  shim-helpers-amd64-signed  1+15.7+1
ii  shim-signed-common         1.39+15.7-1

Versions of packages shim-signed recommends:
pn  secureboot-db  <none>

shim-signed suggests no packages.

-- no debconf information

Reply via email to