Comment 15 for bug 635848

Requiring main package seems like the obvious thing to do... up to the point where a debuginfo package is blocking a security (or other important) update from getting applied. Since the debuginfo packages live in separate repositories and do not affect the actual functionality of the packages they are for, the current situation is simply the lesser of two evils.