| 1 |
On 06/30/2015 02:12 PM, Zac Medico wrote: |
| 2 |
> |
| 3 |
>> Suppose ten years from now everything is written in Go. I have 500 |
| 4 |
>> statically linked Go packages on my system, all of whose dependencies |
| 5 |
>> were built and compiled-in at install time. Now someone finds a remote |
| 6 |
>> root vulnerability in the go-openssl library. I know some of the |
| 7 |
>> packages I have installed were built against it. What do I do? |
| 8 |
> |
| 9 |
> Use slot-operator := deps, together with the emerge --with-bdeps=y |
| 10 |
> option. Then, if you bump the sub-slot of the go-openssl library, all of |
| 11 |
> your go packages that have it in DEPEND with a slot-operator := |
| 12 |
> dependency will be rebuilt automatically. |
| 13 |
> |
| 14 |
|
| 15 |
Right, and now what if go-openssl was built on-the-fly 500 times and |
| 16 |
there's no package for it? |
Archives