Subject: Re: dependencies & security vulnerabilities
To: Johnny C. Lam <>
From: Greg Troxel <>
List: tech-pkg
Date: 07/31/2005 20:27:42
I concur that dependencies should only be about ABI (where ABI
includes calling conventions and output of scripts used by other
packages, in additino to shlibs).  I've found RECOMMENDED to be
stricter than I want and hence set IGNORE_RECOMMENDED.

It seems the real issue with RECOMMENDED is ensuring that a package
which can be built with various ABI flavors of a dependency is built
with the 'right' one so binary packages interwork.  But, I am not the
least bit sure I really understand this nuance.

        Greg Troxel <>