1 |
-----BEGIN PGP SIGNED MESSAGE----- |
2 |
Hash: SHA256 |
3 |
|
4 |
Hi all... Mozilla had a bug recently ( |
5 |
http://bugs.gentoo.org/show_bug.cgi?id=489838 ) that I think has much |
6 |
wider implications for all packages, and I would like to discuss how |
7 |
to best address this. |
8 |
|
9 |
The synopsis of the situation is that the latest firefox ebuild now |
10 |
depends on icu, specifically icu-50.1 or above. When this version of |
11 |
firefox was added to the tree, the lowest version of icu in the tree |
12 |
was icu-51.0 -- in fact, icu-48 through icu-50 were dropped from the |
13 |
tree about 2 months prior to the new firefox being added. |
14 |
|
15 |
The bug that was filed, is that a user didn't do a full emerge -uDN |
16 |
@world prior to emerging (upgrading?) firefox, and they had icu-49 |
17 |
already installed. Because the firefox dep didn't have a minimum |
18 |
version, portage didn't see upgrading icu as a requirement before |
19 |
firefox emerged. |
20 |
|
21 |
I fully agree with the user and other commenters on the bug, that |
22 |
after --sync'ing a user should be able to 'emerge [-u] firefox' and |
23 |
all necessary dependency updates would be applied. |
24 |
|
25 |
However, it's been a long-standing general practise that if there are |
26 |
no deps in the tree older than what is necessary for a package, that |
27 |
package doesn't need to have a minimum version on the dependency atom. |
28 |
As such, issues similar to this are probably lying in wait all other |
29 |
the place in the tree. |
30 |
|
31 |
To mitigate this, i see three possibilities: |
32 |
|
33 |
1 - make it clear in documentation for end users that they need to |
34 |
emerge -uDN @world after a --sync, otherwise they may see breakage and |
35 |
if they do it's not a bug when an emerge -uDN @world fixes it. IMO |
36 |
this is not a desirable solution but it best matches what is |
37 |
unofficially required now. |
38 |
|
39 |
2 - make a policy for developers that they need to add minimum |
40 |
versions on dependency atoms so that their package will trigger |
41 |
dependency updates, for all dependencies that have in the last year |
42 |
(**) had a version in the tree older than what the package needs. |
43 |
This is the most "correct" solution, but requires all devs to do the work. |
44 |
|
45 |
3 - change portage behaviour s.t. somehow when resolving dependencies |
46 |
it does not consider installed atoms that are missing from the tree to |
47 |
be valid at satisfying a dependency of a package. This would resolve |
48 |
the issue without dev's as a whole needing to do anything different, |
49 |
but would also have unforseen consequences since this is a major |
50 |
behavioural change for portage's dependency resolution. |
51 |
|
52 |
Thoughts? |
53 |
-----BEGIN PGP SIGNATURE----- |
54 |
Version: GnuPG v2.0.22 (GNU/Linux) |
55 |
|
56 |
iF4EAREIAAYFAlJ6XSIACgkQ2ugaI38ACPAWtgEAsiXy5LmYriPMeRanleI7fqNK |
57 |
faU2TwOpvykeYfEwpqQA/AirKpkPwpSp6tGau1PPjeOIGUuz6dZgnL8KkZ/J9JEa |
58 |
=VUYT |
59 |
-----END PGP SIGNATURE----- |