| 1 |
On 29 September 2013 09:14, Martin Vaeth |
| 2 |
<vaeth@××××××××××××××××××××××××.de>wrote: |
| 3 |
|
| 4 |
> this dependency will install for a user with |
| 5 |
> unstable keywords |
| 6 |
> |
| 7 |
|
| 8 |
That, in itself, indicates the user is usually OK with "new versions of |
| 9 |
things" ;) |
| 10 |
|
| 11 |
corelist -a says virtual/perl-Digest-MD5-2.520.0 should || ( perl v5.18 ) |
| 12 |
|
| 13 |
Though that virtual is already stable, and as a result, will result in the |
| 14 |
installation of that version of Digest::MD5 on perl versions <5.17 |
| 15 |
|
| 16 |
2.530.0 won't be in perl till 5.19+ |
| 17 |
|
| 18 |
One other reason you might want to consider that its *good* that we upgrade |
| 19 |
things from perl to versions in perl-core/*. |
| 20 |
|
| 21 |
CVEs. If a security hole is exposed in a version of something that is |
| 22 |
shipped with perl, we can simply adjust the virtual and get it to pull in a |
| 23 |
newer version via perl-core/* |
| 24 |
|
| 25 |
Here, the "unnecessary" dependency could in fact be nessecary to avoid a |
| 26 |
security hole in an older version that may be shipped with perl. |
| 27 |
|
| 28 |
And in such a case, its "good" that installing foo, that depends on |
| 29 |
"virtual/perl-SOMETHINGBROKEN" gets you a version more recent than in perl |
| 30 |
itself. |
| 31 |
|
| 32 |
|
| 33 |
-- |
| 34 |
Kent |
Archives