Subject: Re: Package update disaster
To: Jeremy C. Reed <>
From: Thor Lancelot Simon <>
List: tech-pkg
Date: 10/09/2004 12:12:02
On Fri, Oct 08, 2004 at 02:32:07PM -0700, Jeremy C. Reed wrote:
> On Fri, 8 Oct 2004, Karsten Kruse wrote:
> > Agreed. However, that does not solve the one big design-flaw in pkgsrc:
> > to build a package you need it's dependencies installed. Maybe it's
> How is that a design flaw? How can you build something that requires
> something that is not available?

There are two related problems here.

The first is that package Makefiles are often updated to require whatever
version of a dependency the updating developer happens to be working with,
even though there's no difference that would actually make the package,
rebuilt from source with the older version of the dependency, not work.

Obviously getting this right for the *binary* case is hard but we could
be a little more careful to not cause needless dependency rebuilds in the
source case.

A related problem, though, is that sometimes the opposite mistake is
made -- look at the ap_perl package, where the binary package gets only,
say, perl5 >= perl5.8.3 built into it, because that's what the Makefile
had; but in fact, the built binary will depend on the later version
that it was actually linked with, so when you install it on a system
that _actually_ has 5.8.3, it doesn't work.

I think it would make sense to be a little more careful about recording
higher dependency versions than necessary in Makefiles, but also to record
the dependency in the *built binary package* as the actual version linked
with, or higher, not the dependency version given in the Makefile.  This
would kill two annoying upgrade problems in one shot, no?