Gentoo Archives: gentoo-dev

From: Rich Freeman <rich0@g.o>
To: gentoo-dev <gentoo-dev@l.g.o>
Subject: Re: [gentoo-dev] minimalistic emerge
Date: Fri, 08 Aug 2014 16:32:06
Message-Id: CAGfcS_kNvkHaPwM9RVPM0Em=5bUSTAWq5cFO1ubRhw9o1FqA1g@mail.gmail.com
In Reply to: Re: [gentoo-dev] minimalistic emerge by Ian Stakenvicius
1 On Fri, Aug 8, 2014 at 11:45 AM, Ian Stakenvicius <axs@g.o> wrote:
2 > However, if you don't want to do this, just "emerge -u
3 > @world" -- that will only update packages in your world file, and will
4 > only force dependency updates when the new version is required (based
5 > on minimum versions in package dependencies).
6
7 I'm not 100% certain, but I believe this will also update dependencies
8 if the currently-installed version is dropped from the repository. On
9 the testing branch that happens a lot more often, but it will probably
10 happen on stable more often than perhaps Igor desires.
11
12 Keeping around package-versions that have been removed from the tree
13 is problematic for a few reasons:
14 1. They could have security flaws and you'll never know. Gentoo does
15 not issue security bulletins/etc for versions of packages no longer in
16 our repository.
17 2. They could have compatibility issues and you'll never know. If
18 foo v1,2,3 are in the tree and foo v1 doesn't work with bar, then bar
19 will have a >=foo-2 dependency. If only foo v2 and 3 are in the tree
20 then the bar maintainer won't test it on v1, and won't exclude it from
21 the dependencies most likely.
22
23 This came up in the dynamic deps thread. Setting aside all those
24 issues, suffice it to say that lots of bad things can go wrong when
25 you start keeping around packages or package-versions which aren't in
26 the tree. We don't do releases like other distros, so old data gets
27 stale really fast.
28
29 Rich