On Sun, 19 May 2002, Greg A. Woods wrote:
> How do you propose to do that -- i.e. implement a means of allowing
> flexible from-source dependencies but sticking to fixed dependencies for
> binary packages?  It would seem on first glance that such goals are
> diametrically opposed to each other.  How is the pkgsrc infrastructure
> to know that someone won't type "make package" after building an
> out-of-sync module?

Implementation seems easy enough: when you type "make package" (or
pkg_tarup, or any other command that makes a binary package), the
tools can know exactly what you have installed at that instant.  That
information could be embedded in the binary package, and indeed
Frederick Bruckman mentioned that binary packages already contain
"@blddep" information.

People who build binary packages for use by others (as opposed to
building binary packages for their own use) should probably be cautious,
and restrict themselves to building packages with all the latest
dependencies.  The bulk-build infrastructure can help people who want
to produce large sets of binary packages whose dependencies are all
consistent with the latest pkgsrc.

> People who build only from source can play fast and loose at their own
> risk, but such risk must not be allowed to leak into the way binary
> packages are managed.

When you say "binary packages", I think you mean "publicly available (or
official) binary packages".

When I say "binary packages", I include packages that I make myself via
"make package", "make bin-install" or "pkg_tarup".

--apb (Alan Barrett)