[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Needed: tooling to detect references to buggy */stable packages (was
|
From: |
Maxime Devos |
|
Subject: |
Re: Needed: tooling to detect references to buggy */stable packages (was: Re: [PATCHES] ImageMagick security updates without grafting) |
|
Date: |
Mon, 05 Apr 2021 11:53:36 +0200 |
|
User-agent: |
Evolution 3.34.2 |
On Sun, 2021-04-04 at 16:14 -0400, Mark H Weaver wrote:
> Maxime Devo wrote:
> > * In some places we have the following pattern:
> >
> > [...]
> I don't understand this. Why would it need to be made unconditional?
I don't understand either anymore.
> [...]
>
> At the present time, I'm more inclined to add machinery to automatically
> add _implicit_ #:disallowed-references, to enforce this checking at
> package build time. This would require rebuilding everything that
> depends on a '*/stable' package, which means that this kind of tooling
> could not be applied directly to 'master', but would need to go through
> 'staging'.
That seems good to me. I believe the current plan is:
* Add a 'stable' property to the gtk-doc/stable, dblatex/stable ... packages.
* Change gnu-build-system, glib-or-gtk-build-system ... to implicitely add
packages in inputs, propagated-inputs or native-inputs that have the 'stable'
property to #:disallowed-references, unless the package that is being built is
a 'stable' package itself.
And an idea for the future is:
* Implicitely add all packages in native-inputs to #:disallowed-references,
unless they are in inputs or propagated-inputs as well.
* Verify everything still works well (when cross-compiling and when compiling
natively), and fix breakage.
Greetings,
Maxime.
signature.asc
Description: This is a digitally signed message part