Subject: Re: RFC: recommended dependencies (diffs attached)
To: Thomas Klausner <wiz@NetBSD.org>
From: Rene Hexel <email@example.com>
Date: 01/09/2004 06:33:52
On 09/01/2004, at 2:24 AM, Thomas Klausner wrote:
>>> So it is only changed if _all_ dependent packages need
>>> a newer version?
>> Well, I'd replace all by "a majority of", but yes,
>> that's the idea.
> Ok, but we should make tools to find out when such a time
> comes for those that don't switch all at once.
I think this is less of a problem in practice then it
sounds here. Typically, when the API changes drastically,
you have a "majority of" (probably an "all of") case, in
which case you can switch the BUILDLINK_DEPENDS immediately.
The case where a creeping number of dependent packages
will require a newer version is probably the exception.
But yes, a script might be nice that detects such cases!
> And we should make clear that older libraries than the one
> currently in pkgsrc are _not supported_.
Yes, that should be documented.
> So we should make it even more recommended to have
> audit-packages installed.
Yes, that's a good idea.
> Perhaps even mandatory?
Perhaps not mandatory, but maybe the default. I.e.,
automatically install audit-packages (similar to 'digest'
and the like) unless ALLOW_VULNERABLE_PACKAGES is set.
> Which remindes me: The bulk build code should report failure if
> it finds the variable set.
Okay, I'll try to inject this into the bulk building
> Also, if the recommended version is overridden, that should be
> marked in the binary package too, perhaps as a BUILD_DEF; and
> pkg_add should warn when it finds it.