1 |
On 06/30/2015 02:12 PM, Zac Medico wrote: |
2 |
> |
3 |
>> Suppose ten years from now everything is written in Go. I have 500 |
4 |
>> statically linked Go packages on my system, all of whose dependencies |
5 |
>> were built and compiled-in at install time. Now someone finds a remote |
6 |
>> root vulnerability in the go-openssl library. I know some of the |
7 |
>> packages I have installed were built against it. What do I do? |
8 |
> |
9 |
> Use slot-operator := deps, together with the emerge --with-bdeps=y |
10 |
> option. Then, if you bump the sub-slot of the go-openssl library, all of |
11 |
> your go packages that have it in DEPEND with a slot-operator := |
12 |
> dependency will be rebuilt automatically. |
13 |
> |
14 |
|
15 |
Right, and now what if go-openssl was built on-the-fly 500 times and |
16 |
there's no package for it? |