Hi, On 11/28/25 2:24 PM, Adrian Bunk wrote:
There is significant established practice for using arch:all in this way.
Which is not particularly relevant when building an architecture ecosystem in arch:all would prevent providing security support.
The way I understand it, the problem isn't the arch:all, but the static linking.
Sourceful uploads to fix an issue are unproblematic, because they generate new arch:all packages anyway.
The worst case we need to look at is that we need to rebuild all dependent packages, in order, and ensure the rebuilt version is installed during build. With our current infrastructure, that is equivalent to an API change, i.e. the -dev package requires a new name.
This is annoying on the NEW processing side (which already has to deal with the ABI hashes in Haskell packages), but should be solvable by a naming convention and wildcards.
Longer term, since we're picking up a lot of software with no API or ABI stability guarantees, it may be a good idea to have a way to encode API/ABI information in a way that is equivalent to modifying the package name, but can be automated better (e.g. generating Build-Depends from a Cargo.lock).
Simon