1 |
On Fri, Aug 8, 2014 at 11:45 AM, Ian Stakenvicius <axs@g.o> wrote: |
2 |
> However, if you don't want to do this, just "emerge -u |
3 |
> @world" -- that will only update packages in your world file, and will |
4 |
> only force dependency updates when the new version is required (based |
5 |
> on minimum versions in package dependencies). |
6 |
|
7 |
I'm not 100% certain, but I believe this will also update dependencies |
8 |
if the currently-installed version is dropped from the repository. On |
9 |
the testing branch that happens a lot more often, but it will probably |
10 |
happen on stable more often than perhaps Igor desires. |
11 |
|
12 |
Keeping around package-versions that have been removed from the tree |
13 |
is problematic for a few reasons: |
14 |
1. They could have security flaws and you'll never know. Gentoo does |
15 |
not issue security bulletins/etc for versions of packages no longer in |
16 |
our repository. |
17 |
2. They could have compatibility issues and you'll never know. If |
18 |
foo v1,2,3 are in the tree and foo v1 doesn't work with bar, then bar |
19 |
will have a >=foo-2 dependency. If only foo v2 and 3 are in the tree |
20 |
then the bar maintainer won't test it on v1, and won't exclude it from |
21 |
the dependencies most likely. |
22 |
|
23 |
This came up in the dynamic deps thread. Setting aside all those |
24 |
issues, suffice it to say that lots of bad things can go wrong when |
25 |
you start keeping around packages or package-versions which aren't in |
26 |
the tree. We don't do releases like other distros, so old data gets |
27 |
stale really fast. |
28 |
|
29 |
Rich |