On Thu, 20 Feb 2003, Jeremy C. Reed wrote:

> > The problem is, how do you know which packages depend on curses, or
> > openssl, or gettext, in order to get this imaginary dependency?
>
> I don't understand why it is imaginary. For example, I know that apache2
> built with SSL needs openssl and I know what binaries I built need a
> curses (as listed in an earlier email).

It's imaginary, because it vanishes in a puff of smoke when you look
at it funny. Dependencies that vary depending on what happens to be
installed on the build system are bogus.

> The problem is that it is built in one environment, then maybe the rpm
> for openssl is removed (or the apache2 package is installed on a different
> box without openssl).

Same thing if I upgrade to NetBSD 1.5.4 from NetBSD 1.5.3. How does
openssl/buildlink.mk deal with that? It doesn't. Therefore, seeing as
it's not helping, I wish it would just go away.

> All that is needed is a pkgsrc option that says I really want to use and
> depend on the pkgsrc version of openssl (or whatever). (I just send-pr'd
> a patch for gtexinfo.)

You mean always? For everything that uses openssl? That's not
acceptable. While that would be a great boon to those who stubbornly
refuse to install their vendor RPM's, or who refuse to track the
NetBSD release for security fixes, it would make everyone else install
openssl *twice*.

> > The system you describe is fully in place for openssl, and yet, hidden
> > dependencies go undetected for years. I think we'd be doing non-NetBSD
> > pkgsrc users a better service if we just said, "You need these things
> > to run NetBSD pkgsrc, and that's that."
>
> That list would be long: file (I packaged), ldconfig (I packaged glibc),
> dc (I packaged), awk, sed, openssl, gtexinfo, a curses, et cetera. Many of
> these requirements are (or should) be available in pkgsrc.
>
> But since the pkgsrc already provides openssl, ncurses, gtexinfo,
> whatever, we might as well allow the pkgsrc user to use them.
>
> It seems strange to use pkgsrc for some stuff, but use rpm (or dpkg or
> Solaris package) to get some dependencies that are already available with
> pkgsrc too.

It's more than strange -- it's whacked out.

Let's turn that around, though. Why should we maintain openssl in
pkgsrc, when every system vendor (including NetBSD), already maintains
openssl in the base system?

Frederick