| 1 |
On Fri, 2019-01-18 at 22:22 +0000, James Le Cuirot wrote: |
| 2 |
> On Fri, 18 Jan 2019 21:13:34 +0100 |
| 3 |
> Michał Górny <mgorny@g.o> wrote: |
| 4 |
> |
| 5 |
> > So apparently 14.2% of dependencies allow any slot of OpenSSL which is |
| 6 |
> > most likely wrong, and 1.4% explicitly claim that's what the package |
| 7 |
> > wants. This could be valid only if e.g. the package supported multiple |
| 8 |
> > ABIs of OpenSSL libraries and used dlopen() with a few possible SONAMEs |
| 9 |
> > which I honestly doubt any of those packages is doing. |
| 10 |
> > |
| 11 |
> > In other words, 14.2% of dependencies on OpenSSL are plain wrong, |
| 12 |
> > and 6.4% are wrong in a way that isn't going to be reported by repoman. |
| 13 |
> > 1.4% of cases are using ':*' which probably indicates the developer |
| 14 |
> > decided to silence repoman without understanding how slot operators work |
| 15 |
> > which is a horrible thing from QA perspective. |
| 16 |
> > |
| 17 |
> > We also have a few cases that require specific OpenSSL subslot (e.g. |
| 18 |
> > forcing old version into :0 slot) but *none* actually using the binary |
| 19 |
> > compatibility slots. |
| 20 |
> |
| 21 |
> I have noticed this and more generally that slot operators are poorly |
| 22 |
> understood, which is frustrating. I was initially inclined to say that |
| 23 |
> I think the model still fits and we should educate devs better but... |
| 24 |
|
| 25 |
At some point you realize that the sheer amount of knowledge needed to |
| 26 |
contribute to Gentoo is just too large. You can't expect people to |
| 27 |
spend days (finding and) reading documentation for all the corner cases. |
| 28 |
I believe that if we can make something more obvious, we should go for |
| 29 |
it. |
| 30 |
|
| 31 |
> > Secondly, it is confusing to users. If we remove old versions and only |
| 32 |
> > keep binary compatibility slots, users can be easily tricked into |
| 33 |
> > installing them and being surprised it's not a complete package. If we |
| 34 |
> > keep old versions, we end up having different revisions of the same |
| 35 |
> > version in different slots which is also easily confused. |
| 36 |
> |
| 37 |
> I can't say I've ever seen this happen but I don't speak to many users. |
| 38 |
> I'll buy it. |
| 39 |
|
| 40 |
I don't know if it happens, to be honest. However, I'm going for |
| 41 |
the assumptions that there is no reason why a regular user would need to |
| 42 |
know the purpose or meaning of different version schemes and slotting |
| 43 |
on various packages. |
| 44 |
|
| 45 |
> What do you think? |
| 46 |
> |
| 47 |
> I'm on board as I have to deal with this a lot in games and I think |
| 48 |
> there were one or two more on my list to add. |
| 49 |
> |
| 50 |
> The only downside is that packages requiring what is currently the |
| 51 |
> latest version would need to be updated later, though I guess you could |
| 52 |
> use || instead. Take libpng, for example: |
| 53 |
> |
| 54 |
> > > ( =media-libs/libpng-1.6* media-libs/libpng-bin-compat:1.6 ) |
| 55 |
> |
| 56 |
> Or perhaps? |
| 57 |
> |
| 58 |
> > > ( media-libs/libpng:0/16 media-libs/libpng-bin-compat:1.6 ) |
| 59 |
> |
| 60 |
|
| 61 |
This happens with the current model as well, and I don't think '1.6*' |
| 62 |
solution is commonly applicable. For the less friendly cases, you need |
| 63 |
stuff like: |
| 64 |
|
| 65 |
|| ( dev-libs/openssl:0/0 dev-libs/openssl:1.0.0 ) |
| 66 |
|
| 67 |
which isn't very obvious either. |
| 68 |
|
| 69 |
-- |
| 70 |
Best regards, |
| 71 |
Michał Górny |
Archives