[prev in list] [next in list] [prev in thread] [next in thread] 

List:       gentoo-dev
Subject:    Re: [gentoo-dev] minimalistic emerge
From:       Rich Freeman <rich0 () gentoo ! org>
Date:       2014-08-08 16:31:59
Message-ID: CAGfcS_kNvkHaPwM9RVPM0Em=5bUSTAWq5cFO1ubRhw9o1FqA1g () mail ! gmail ! com
[Download RAW message or body]

On Fri, Aug 8, 2014 at 11:45 AM, Ian Stakenvicius <axs@gentoo.org> wrote:
> However, if you don't want to do this, just "emerge -u
> @world" -- that will only update packages in your world file, and will
> only force dependency updates when the new version is required (based
> on minimum versions in package dependencies).

I'm not 100% certain, but I believe this will also update dependencies
if the currently-installed version is dropped from the repository.  On
the testing branch that happens a lot more often, but it will probably
happen on stable more often than perhaps Igor desires.

Keeping around package-versions that have been removed from the tree
is problematic for a few reasons:
1.  They could have security flaws and you'll never know.  Gentoo does
not issue security bulletins/etc for versions of packages no longer in
our repository.
2.  They could have compatibility issues and you'll never know.  If
foo v1,2,3 are in the tree and foo v1 doesn't work with bar, then bar
will have a >=foo-2 dependency.  If only foo v2 and 3 are in the tree
then the bar maintainer won't test it on v1, and won't exclude it from
the dependencies most likely.

This came up in the dynamic deps thread.  Setting aside all those
issues, suffice it to say that lots of bad things can go wrong when
you start keeping around packages or package-versions which aren't in
the tree.  We don't do releases like other distros, so old data gets
stale really fast.

Rich

[prev in list] [next in list] [prev in thread] [next in thread]