1 |
Hi all, |
2 |
|
3 |
|
4 |
I noticed that dev-util/cmake depends on dev-libs/expat and that |
5 |
libexpat upstream (where I'm involved) is in the process of |
6 |
dropping GNU Autotools altogether in favor of CMake in the near future, |
7 |
potentially the next release (without any known target release date). |
8 |
|
9 |
CMake bundles a (previously outdated and vulnerable) copy of expat so |
10 |
I'm not sure if re-activating that bundle — say with a new use flag |
11 |
"system-expat" — would be a good thing to resort to for breaking the |
12 |
cycle, with regard to security in particular. |
13 |
|
14 |
Do you have any ideas how to avoid a bad circular dependency issue for |
15 |
our users in the future? Are you aware of similar problems and |
16 |
solutions from the past? |
17 |
|
18 |
Thanks and best |
19 |
|
20 |
|
21 |
|
22 |
Sebastian |