[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Circular build dependency in maven-plugin-tools


On Thu, Jan 8, 2009 at 10:27 AM, Torsten Werner
<mail.twerner@googlemail.com> wrote:
> On Thu, Jan 8, 2009 at 10:19 AM, Vincent Fourmond <fourmond@gmail.com> wrote:
>> Maybe I'm interfering here, but I'm pretty sure that such a dirty
>> hack is a no-go for the security team.
> that hack in not needed in Debian because the package is in unstable.
> Can you explain what is the problem for the security team?

  Imagine there is a huge security hole in this package. Do you really
think the security team will want to use the *problematic* package to
build a *clean* one ?

>> I'm tempted to report a RC bug for that.
> Do you plan RC bug reports against gcc which needs itself for building

  gcc is a nightmare - it is one of the very few things where you
can't work around the bootstrapping problem.

> or against make because debian/rules is a Makefile?

  make does not build-depend on make (anyway, it is build-essential).

  The problem here is that you don't have a complex package: one
binary, which build-depends on itself. Surely, you can work around
that, can't you ?



Reply to: