| 1 |
Marius Mauch wrote: |
| 2 |
|
| 3 |
>> > > > No point, would rather add a RSYNC_OPTS var finally instead, |
| 4 |
>> > > > which gives the same functionality (and much more). |
| 5 |
>> |
| 6 |
>> > Yeah, RSYNC_OPTIONS would remove all that hardcoded stuff and put |
| 7 |
>> > it in make.globals instead. |
| 8 |
>> |
| 9 |
>> From make.globals: |
| 10 |
>> |
| 11 |
>> # ***************************** |
| 12 |
>> # ** DO NOT EDIT THIS FILE ** |
| 13 |
>> # *************************************************** |
| 14 |
>> # **** CHANGES TO make.conf *OVERRIDE* THIS FILE **** |
| 15 |
>> # *************************************************** |
| 16 |
>> # ** Incremental Variables Accumulate Across Files ** |
| 17 |
>> # ** USE, CONFIG_*, and FEATURES are incremental ** |
| 18 |
>> # *************************************************** |
| 19 |
> |
| 20 |
> Your point being? |
| 21 |
|
| 22 |
Users are discouraged from changing make.globals. It would be better to |
| 23 |
implement in make.conf or as a command line option to emerge itself. It is |
| 24 |
a configuration item for a user preference, not a (global) portage |
| 25 |
preference... |
| 26 |
|
| 27 |
> |
| 28 |
> Which except for the SLOT issues are all fixed as far as I'm concernced. |
| 29 |
> |
| 30 |
|
| 31 |
That is not a small issue. |
| 32 |
|
| 33 |
> I get see your point here. |
| 34 |
> `glsa-check -p affected` will shouw you exactly the *minimal* updates |
| 35 |
> necessary to fix all known vulnerabilities. Not that hard to isolate |
| 36 |
> the version bumps from the revbumps, is it? |
| 37 |
> Also your idea has another major problem that renders it more or less |
| 38 |
> useless: |
| 39 |
> - you have foo-1.0 installed |
| 40 |
> - foo-1.0-r1 with major changes is added to the tree |
| 41 |
> - a security update based on -r1 is added to the tree as foo-1.0-s2 |
| 42 |
> Now what? |
| 43 |
> a) install -s2 including the changes from -r1 |
| 44 |
> b) add another ebuild -s1 that is foo-1.0 with the security update but |
| 45 |
> without the -r1 updates |
| 46 |
|
| 47 |
If major changes are introduced, it _should be foo-1.0 -> foo-1.1, not |
| 48 |
foo-1.0 -> foo-1.0-r1. As far as I know, the -r is for minor packaging |
| 49 |
relating revisions specific to gentoo, not upgrades to the underlying |
| 50 |
package itself. But relying on that is living in a dream world, so that |
| 51 |
does pretty much make my idea useless. You would have to attempt to do |
| 52 |
something along the lines of -r1-s1, which would require a ridiculous |
| 53 |
amount of ugly hacking. In spite of that, I am still not convinced it is a |
| 54 |
bad idea... |
| 55 |
|
| 56 |
> That's not really what you want. |
| 57 |
> -s updates might (will) be overlaid with version or revision bumps from |
| 58 |
> time to time, for this to be of any use it has to happen at the |
| 59 |
> resolver level (visiblity filter). |
| 60 |
|
| 61 |
"Normal" emerges would take -s2 over -r1 or -s1. The change is transparent |
| 62 |
when not in "glsa-only" mode. |
| 63 |
|
| 64 |
> Everything but the last one is already possible. For the last one you |
| 65 |
> currently have to read the changelog. |
| 66 |
|
| 67 |
It does not allow for backporting, it is not safe to use in an automated |
| 68 |
environment, it does not work in a production environment, and it does not |
| 69 |
scale well. |
| 70 |
|
| 71 |
|
| 72 |
-- |
| 73 |
gentoo-portage-dev@g.o mailing list |
Archives