| 1 |
Hi all, |
| 2 |
|
| 3 |
|
| 4 |
I noticed that dev-util/cmake depends on dev-libs/expat and that |
| 5 |
libexpat upstream (where I'm involved) is in the process of |
| 6 |
dropping GNU Autotools altogether in favor of CMake in the near future, |
| 7 |
potentially the next release (without any known target release date). |
| 8 |
|
| 9 |
CMake bundles a (previously outdated and vulnerable) copy of expat so |
| 10 |
I'm not sure if re-activating that bundle — say with a new use flag |
| 11 |
"system-expat" — would be a good thing to resort to for breaking the |
| 12 |
cycle, with regard to security in particular. |
| 13 |
|
| 14 |
Do you have any ideas how to avoid a bad circular dependency issue for |
| 15 |
our users in the future? Are you aware of similar problems and |
| 16 |
solutions from the past? |
| 17 |
|
| 18 |
Thanks and best |
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
Sebastian |
Archives