Subject: pkg/18157: openssl buildlink (DEPENDS in general!?) doesn't work properly
To: None <gnats-bugs@gnats.netbsd.org>
From: None <tv@pobox.com>
List: netbsd-bugs
Date: 09/03/2002 12:49:00
>Number:         18157
>Category:       pkg
>Synopsis:       openssl buildlink (DEPENDS in general!?) doesn't work properly
>Confidential:   no
>Severity:       critical
>Priority:       high
>Responsible:    pkg-manager
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Tue Sep 03 09:48:00 PDT 2002
>Closed-Date:
>Last-Modified:
>Originator:     Todd Vierling
>Release:        NetBSD 1.6
>Organization:
	DUH.ORG:  Pointing out the obvious since 1994.

>Environment:

>Description:

When trying to build a package that depends on openssl via buildlink (say,
"lynx"), the dependency on security/openssl now kicks in because the base
system version doesn't contain the "SA fix".  However, if the
ACCEPTABLE_LICENSES is not correct for openssl, its build fails.

This *SHOULD* make the build of the dependent package fail ... yet it
happily goes about building using the base system's openssl and simply
throws up warnings about "no package matching openssl>=..." at install
time.  Whee!  The "SA fix" didn't fix.

(I've now updated my base system, so this doesn't happen anymore, but this
may point to a much larger DEPENDS deficiency that needs fixing fast.  
Hence the critical/high severity/priority.)

>How-To-Repeat:

Install lynx from pkgsrc on a pre-1.6_RC2 system with ACCEPTABLE_LICENSES
unset.

>Fix:

pkgsrc team's department.
>Release-Note:
>Audit-Trail:
>Unformatted: