1 |
On 29 September 2013 09:14, Martin Vaeth |
2 |
<vaeth@××××××××××××××××××××××××.de>wrote: |
3 |
|
4 |
> this dependency will install for a user with |
5 |
> unstable keywords |
6 |
> |
7 |
|
8 |
That, in itself, indicates the user is usually OK with "new versions of |
9 |
things" ;) |
10 |
|
11 |
corelist -a says virtual/perl-Digest-MD5-2.520.0 should || ( perl v5.18 ) |
12 |
|
13 |
Though that virtual is already stable, and as a result, will result in the |
14 |
installation of that version of Digest::MD5 on perl versions <5.17 |
15 |
|
16 |
2.530.0 won't be in perl till 5.19+ |
17 |
|
18 |
One other reason you might want to consider that its *good* that we upgrade |
19 |
things from perl to versions in perl-core/*. |
20 |
|
21 |
CVEs. If a security hole is exposed in a version of something that is |
22 |
shipped with perl, we can simply adjust the virtual and get it to pull in a |
23 |
newer version via perl-core/* |
24 |
|
25 |
Here, the "unnecessary" dependency could in fact be nessecary to avoid a |
26 |
security hole in an older version that may be shipped with perl. |
27 |
|
28 |
And in such a case, its "good" that installing foo, that depends on |
29 |
"virtual/perl-SOMETHINGBROKEN" gets you a version more recent than in perl |
30 |
itself. |
31 |
|
32 |
|
33 |
-- |
34 |
Kent |