| 1 |
On Fri, Aug 16, 2019 at 07:10:27PM +0200, Michał Górny wrote: |
| 2 |
> Hi, |
| 3 |
> |
| 4 |
> leio asked me yesterday for the possibility of marking packages |
| 5 |
> as deprecated, so that CI would issue warnings when other packages |
| 6 |
> depend on them. I think that's quite a good idea, so I'd like to |
| 7 |
> propose a simple implementation for it. |
| 8 |
> |
| 9 |
> The idea is to provide profiles/package.deprecated using the same format |
| 10 |
> as package.mask. However, unlike the latter it wouldn't cause any user- |
| 11 |
> visible results but only affect pkgcheck (and possibly repoman, if |
| 12 |
> someone writes the check). |
| 13 |
> |
| 14 |
> Basically you'd put something like: |
| 15 |
> |
| 16 |
> # name <email> (date) |
| 17 |
> # We don't like this package anymore, so we want to remove it ASAP. |
| 18 |
> dev-foo/bar |
| 19 |
> |
| 20 |
> # name <email> (date) |
| 21 |
> # Old slot is not nice at all. |
| 22 |
> dev-bar/frobnicate:0.1 |
| 23 |
> |
| 24 |
> # name <email> (date) |
| 25 |
> # Nononono, don't use that. |
| 26 |
> <dev-zoo/elephant- |
| 27 |
> 11.0 |
| 28 |
> |
| 29 |
> This would cause matching packages to be marked as deprecated. It |
| 30 |
> wouldn't affect normal install behavior but pkgcheck/CI would complain |
| 31 |
> if any package had a dependency that can only be satisfied |
| 32 |
> by the deprecated packages. |
| 33 |
> |
| 34 |
> What do you think? |
| 35 |
> |
| 36 |
> -- |
| 37 |
> Best regards, |
| 38 |
> Michał Górny |
| 39 |
> |
| 40 |
|
| 41 |
I really like this idea as well. It would also benefit the security team to know |
| 42 |
which packages need to be fixed/removed before a vulnerable package can be |
| 43 |
ridded of. |
| 44 |
|
| 45 |
e.g. the sys-devel/automake:{1.9, 1.10} thing from today... |
| 46 |
|
| 47 |
-- |
| 48 |
Cheers, |
| 49 |
Aaron |
Archives