| 1 |
-----BEGIN PGP SIGNED MESSAGE----- |
| 2 |
Hash: SHA256 |
| 3 |
|
| 4 |
Hi all... Mozilla had a bug recently ( |
| 5 |
http://bugs.gentoo.org/show_bug.cgi?id=489838 ) that I think has much |
| 6 |
wider implications for all packages, and I would like to discuss how |
| 7 |
to best address this. |
| 8 |
|
| 9 |
The synopsis of the situation is that the latest firefox ebuild now |
| 10 |
depends on icu, specifically icu-50.1 or above. When this version of |
| 11 |
firefox was added to the tree, the lowest version of icu in the tree |
| 12 |
was icu-51.0 -- in fact, icu-48 through icu-50 were dropped from the |
| 13 |
tree about 2 months prior to the new firefox being added. |
| 14 |
|
| 15 |
The bug that was filed, is that a user didn't do a full emerge -uDN |
| 16 |
@world prior to emerging (upgrading?) firefox, and they had icu-49 |
| 17 |
already installed. Because the firefox dep didn't have a minimum |
| 18 |
version, portage didn't see upgrading icu as a requirement before |
| 19 |
firefox emerged. |
| 20 |
|
| 21 |
I fully agree with the user and other commenters on the bug, that |
| 22 |
after --sync'ing a user should be able to 'emerge [-u] firefox' and |
| 23 |
all necessary dependency updates would be applied. |
| 24 |
|
| 25 |
However, it's been a long-standing general practise that if there are |
| 26 |
no deps in the tree older than what is necessary for a package, that |
| 27 |
package doesn't need to have a minimum version on the dependency atom. |
| 28 |
As such, issues similar to this are probably lying in wait all other |
| 29 |
the place in the tree. |
| 30 |
|
| 31 |
To mitigate this, i see three possibilities: |
| 32 |
|
| 33 |
1 - make it clear in documentation for end users that they need to |
| 34 |
emerge -uDN @world after a --sync, otherwise they may see breakage and |
| 35 |
if they do it's not a bug when an emerge -uDN @world fixes it. IMO |
| 36 |
this is not a desirable solution but it best matches what is |
| 37 |
unofficially required now. |
| 38 |
|
| 39 |
2 - make a policy for developers that they need to add minimum |
| 40 |
versions on dependency atoms so that their package will trigger |
| 41 |
dependency updates, for all dependencies that have in the last year |
| 42 |
(**) had a version in the tree older than what the package needs. |
| 43 |
This is the most "correct" solution, but requires all devs to do the work. |
| 44 |
|
| 45 |
3 - change portage behaviour s.t. somehow when resolving dependencies |
| 46 |
it does not consider installed atoms that are missing from the tree to |
| 47 |
be valid at satisfying a dependency of a package. This would resolve |
| 48 |
the issue without dev's as a whole needing to do anything different, |
| 49 |
but would also have unforseen consequences since this is a major |
| 50 |
behavioural change for portage's dependency resolution. |
| 51 |
|
| 52 |
Thoughts? |
| 53 |
-----BEGIN PGP SIGNATURE----- |
| 54 |
Version: GnuPG v2.0.22 (GNU/Linux) |
| 55 |
|
| 56 |
iF4EAREIAAYFAlJ6XSIACgkQ2ugaI38ACPAWtgEAsiXy5LmYriPMeRanleI7fqNK |
| 57 |
faU2TwOpvykeYfEwpqQA/AirKpkPwpSp6tGau1PPjeOIGUuz6dZgnL8KkZ/J9JEa |
| 58 |
=VUYT |
| 59 |
-----END PGP SIGNATURE----- |
Archives