Re: bump openssl dependents?

[Tobias Nygren <tnn%NetBSD.org@localhost>]

On Thu, 17 Jan 2008 07:01:23 -0600 (CST)
"Jeremy C. Reed" <reed%reedmedia.net@localhost> wrote:

> I think we need to update PKGREVISIONs for packages depending on openssl.
> 
> See pkgsrc guide:
> 
> 14.2.2. Updating BUILDLINK_API_DEPENDS.pkg in buildlink3.mk files
> 
> "In some cases, the packages that depend on this new version may need 
> their PKGREVISIONs increased ..."
> 
> 19.1.11. How to handle incrementing versions when fixing an existing 
> package
> 
> "PKGREVISION must also be incremented when dependencies have ABI changes."
> 
> 
> I am guessing this doesn't matter for pkgsrc on NetBSD which don't depend 
> on the openssl package. But for other platforms it may be needed.
> 
> For example, if the dependent packages foo-1.2.3 links with 
> libcrypto.so.0.9.7 (instead of now libcrypto.so.0.9.8), then foo needs to 
> become foo-1.2.3nb1. (Or how we will we know the difference between two 
> different packages with identical version?)

Technically I suppose you're correct. But that's alot of packages to
bump for a change that only affects people who actively chose to not
use builtin openssl. I can't make this call, but if pmc wants to have
hundreds of packages bumped I will see it through. I'll make a survey
of exactly how many packages we're talking about. I would guess at least
500, maybe more.

Side note: pkg_rolling-replace is useful for fixing this kind of
breakage. pkg_admin set rebuild=YES openssl; pkg_rolling-replace -rsv.