Subject: Re: dependencies & security vulnerabilities
To: Greg Troxel <firstname.lastname@example.org>
From: Jeremy C. Reed <email@example.com>
Date: 08/01/2005 09:47:56
On Mon, 1 Aug 2005, Greg Troxel wrote:
> The issue at hand is whether to bump PKGREVISION for depending
> packages when there is a security fix but no ABI change.
I didn't read it that way. I thought it was to stop setting
BUILDLINK_RECOMMENDED to the new updated version.
(I can't think of any PKGREVISION's being bumped for the depending
packages just for security issues -- unless the ABI changes.)
I don't know if it matters to me either way. I do like how bumping
BUILDLINK_RECOMMENDED encourages me to update the package. Also, it is
called "recommended" and doesn't have to be used.
Jeremy C. Reed
BSD News, BSD tutorials, BSD links