1 |
On Fri, Aug 16, 2019 at 07:10:27PM +0200, Michał Górny wrote: |
2 |
> Hi, |
3 |
> |
4 |
> leio asked me yesterday for the possibility of marking packages |
5 |
> as deprecated, so that CI would issue warnings when other packages |
6 |
> depend on them. I think that's quite a good idea, so I'd like to |
7 |
> propose a simple implementation for it. |
8 |
> |
9 |
> The idea is to provide profiles/package.deprecated using the same format |
10 |
> as package.mask. However, unlike the latter it wouldn't cause any user- |
11 |
> visible results but only affect pkgcheck (and possibly repoman, if |
12 |
> someone writes the check). |
13 |
> |
14 |
> Basically you'd put something like: |
15 |
> |
16 |
> # name <email> (date) |
17 |
> # We don't like this package anymore, so we want to remove it ASAP. |
18 |
> dev-foo/bar |
19 |
> |
20 |
> # name <email> (date) |
21 |
> # Old slot is not nice at all. |
22 |
> dev-bar/frobnicate:0.1 |
23 |
> |
24 |
> # name <email> (date) |
25 |
> # Nononono, don't use that. |
26 |
> <dev-zoo/elephant- |
27 |
> 11.0 |
28 |
> |
29 |
> This would cause matching packages to be marked as deprecated. It |
30 |
> wouldn't affect normal install behavior but pkgcheck/CI would complain |
31 |
> if any package had a dependency that can only be satisfied |
32 |
> by the deprecated packages. |
33 |
> |
34 |
> What do you think? |
35 |
> |
36 |
> -- |
37 |
> Best regards, |
38 |
> Michał Górny |
39 |
> |
40 |
|
41 |
I really like this idea as well. It would also benefit the security team to know |
42 |
which packages need to be fixed/removed before a vulnerable package can be |
43 |
ridded of. |
44 |
|
45 |
e.g. the sys-devel/automake:{1.9, 1.10} thing from today... |
46 |
|
47 |
-- |
48 |
Cheers, |
49 |
Aaron |