Package: quota Version: 4.04-2+deb10u1 Severity: wishlist [I’ve checked that this bug affects 4.05-1 as well. Due to a separate problem, already AFAICT fixed upstream, the workaround suggested below does /not/ work for the version in testing.]
The (versioned) dependencies on libnl-3-200, libnl-genl-3-200 currently specified by the quota package are only relevant to the single quota_nld binary. As circumventing these dependencies produces no apparent ill effects when using the rest of the package, could they please be downgraded to Recommends:? (Note that per the CTTE decision recorded in Debian Bug#119517, slight breakage due to missing Recommends: is considered acceptable.) Alternatively, could the binary in question please be moved off to a separate binary package? TIA. Background I’m concerned with, specifically, the amount of runnable code in the (base) system – and its implications on security. I assume that /not/ having some package installed is ought to be the ultimate guarantee that no security flaw in said package is going to affect a given system. Hence is my interest in minimalistic Debian installs. As a workaround, I’ve installed two otherwise empty packages that specify versioned Provides: on libnl-3-200 and libnl-genl-3-200, both (= 3.2.7), respectively [1‒2]. The packages were produced with nope.sh [3], like: $ fakeroot -- nope libnl-3-200=3.2.7 ; \ fakeroot -- nope libnl-genl-3-200=3.2.7 [1] http://am-1.org/~ivan/dist/no-libnl-3-200_0.1_all.deb [2] http://am-1.org/~ivan/dist/no-libnl-genl-3-200_0.1_all.deb [3] http://am-1.org/~ivan/src/nope.sh Note that in 4.05-1, /all/ the binaries are made to link with /all/ the libraries, thus making the workaround above unsuitable. This upstream bug has since been fixed: commit 00d61f21bfa3ccf40826ce22de12cfeeab8a40a5 Author: Dmitry V. Levin <l...@altlinux.org> AuthorDate: 2019-04-01 02:23:59 +0300 Commit: Jan Kara <j...@suse.cz> CommitDate: 2019-04-01 17:11:11 +0200 Revert "configure.ac: fix pkg_check_modules calls" CFLAGS and LIBS are variables that users are entitled to modify in order to compile the package, so do not tamper with CFLAGS and LIBS. COM_ERR_CFLAGS, EXT2FS_CFLAGS, DBUS_CFLAGS, LIBNL3_CFLAGS, TIRPC_CFLAGS, COMM_ERR_LIBS, EXT2FS_LIBS, DBUS_LIBS, LIBNL3_LIBS, and TIRPC_LIBS should be used directly where appropriate and apparently they already are. This reverts commit b54d97d677481287faa5d6b98c92f111141c1af3. Signed-off-by: Dmitry V. Levin <l...@altlinux.org> Signed-off-by: Jan Kara <j...@suse.cz> -- FSF associate member #7257 http://am-1.org/~ivan/