Subject: Re: BUILDLINK_DEPENDS.expat
To: Todd Vierling <>
From: Johnny Lam <>
List: tech-pkg
Date: 03/23/2006 11:06:11
Todd Vierling wrote:
> On Thu, 23 Mar 2006, Johnny Lam wrote:
>>If this is the case, I would rather we rename the variables to prevent any
>>further confusion for developers or users:
> If this is done, we may want a third one (BUILDLINK_SECURITY_DEPENDS?),
> because that's the other reason for using RECOMMENDED today.  Otherwise I'm
> happy with this, because it does reflect the usage of these variables.

I don't think having a "security" depends is a good idea, and I would 
rather see the practice of bumping dependencies for security-related 
reasons go away.  We should manage security-related issues externally 
instead of shoehorning them into a package dependency graph.


	-- Johnny Lam <>