1 |
On 10/11/2011 10:28 PM, Mike Gilbert wrote: |
2 |
> On 10/12/2011 12:54 AM, Zac Medico wrote: |
3 |
>> On 10/11/2011 12:56 PM, Michał Górny wrote: |
4 |
>>> Or go with a saner defaults... |
5 |
>> |
6 |
>> So, are any of the following sane? |
7 |
>> |
8 |
>> 1) Pull in updates for packages even though those packages won't be used |
9 |
>> for anything. |
10 |
>> |
11 |
> |
12 |
> Francisco raised a possibly valid point in his original message: though |
13 |
> packages may not be currently used for anything, but they could contain |
14 |
> un-patched security flaws. |
15 |
|
16 |
If they contain something that's accessed at runtime, then they should |
17 |
be in RDEPEND or PDEPEND, no exceptions. |
18 |
|
19 |
> This seems pretty unlikely to me given the sorts of packages that are |
20 |
> build-time-only deps, but it could be possible. |
21 |
|
22 |
We can try to split up people who care about this into categories: |
23 |
|
24 |
1) People who are "security conscious" or just plain paranoid can set |
25 |
EMERGE_DEFAULT_OPTS="--with-bdeps=y" to ease their minds. |
26 |
|
27 |
2) People who want all build-time deps up to date at all times, in case |
28 |
they decide to rebuild something on a whim, can set |
29 |
EMERGE_DEFAULT_OPTS="--with-bdeps=y" to keep everything up to date. This |
30 |
is what I do. |
31 |
|
32 |
3) People who think they might use a particular package and want to |
33 |
ensure that it's the latest version can add that package to the world |
34 |
file. They can look for possible candidates in the output of `emerge |
35 |
--pretend --depclean --with-bdeps=n`. |
36 |
-- |
37 |
Thanks, |
38 |
Zac |