Subject: Re: dependencies & security vulnerabilities
To: Greg Troxel <>
From: Jeremy C. Reed <>
List: tech-pkg
Date: 08/01/2005 09:47:56
On Mon, 1 Aug 2005, Greg Troxel wrote:

> The issue at hand is whether to bump PKGREVISION for depending
> packages when there is a security fix but no ABI change.

I didn't read it that way. I thought it was to stop setting 
BUILDLINK_RECOMMENDED to the new updated version.

(I can't think of any PKGREVISION's being bumped for the depending 
packages just for security issues -- unless the ABI changes.)

I don't know if it matters to me either way. I do like how bumping 
BUILDLINK_RECOMMENDED encourages me to update the package. Also, it is 
called "recommended" and doesn't have to be used.

  Jeremy C. Reed

  	  	 	 BSD News, BSD tutorials, BSD links