[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

first pass at KDE/JACK hint, openssl disaster, etc.

This is a first pass at working out what needs to go in at once
for KDE to get in.  I think if these are tried together we can
get a more meaningful result from update_output.txt.

These are all roots of fairly substantial dependency trees,
with some additional subtrees which probably need to go in all at once noted.
* jack-audio-connection-kit
* flac
  * libtunepimp
* id3lib3.8.3 (build-dep of flac)
* taglib (for kdemultimedia)
* openexr (for kdelibs, kdebase)
* arts
  * openal
* qt-x11-free
  * qscintilla, python-qt3, sip4-qt3
  * cppunit, gnuradio-core
  * qca
* kdelibs
-- waiting for lm-sensors, which waits for rrdtool, which waits for perl
  * kdesdk, kdevelop3
-- kdesdk waits for subversion, which has RC bugs and waits for way too
   much stuff (perl, andswig1.3 which waits for pike 7.6, which has RC bugs)
-- remove kdesdk, kdevelop3?
  * libkexif
  * kdepim
  * libkipi
  * licq
  * ksimus
  * dbus
-- waiting for monodoc, which waits for nunit, but both should go in
* wireless-tools (for kdenetwork)
-- netapplet needs to be removed or updated
* kdebase
* unixodbc
  * php4 -- built against bad libssl !!
  * gdal, openscenegraph, libgdal-grass
  * freetds
* wv2, imagemagick (for koffice)
-- imagemagick is waiting for perl

Yaaaargh.  There are of course unbuilt packages, timeouts, and RC bugs
on various of these.

I think we can do some work on the edges:
# ties flac to libmodplug
remove cynthiune.app/0.9.4-2
# ties flac to libmodplug, RC bugs #324978, 332282, 332773
remove vlc/0.8.1.svn20050314-1
# bug #332919
remove xine-lib/1.0.1-1
hint libmodplug/1:0.7-5

This removes one more little tree from the Giant Tangle.

Forcing fltk1.1 in would be a good thing as well.

After those and libsigc++-1.2 and libpng go in, and once perl works,
I'm beginning to think a soft freeze will be desirable (no uploads except
to fix RC bugs or undergo the C++ transition); the vast majority
of other delayed packages are all tied up in this one giant tangle.

Finally, one more point.  The openssl 0.9.8 upload was a disaster.

It's vital to get people to rebuild their packages against openssl0.9.7
-- and to kick out of testing packages which are built against new openssl --
because it would be so very wrong to delay KDE for that.

In particular php4 needs to be rebuilt to break the linkage.
(Or kicked out, but that would require kicking out a bunch of other packages.)
Also tellico needs to be kicked or rebuilt for the same reason.
And openssh-krb5 needs to be rebuilt for the same reason (kdeutils depends
on it).

If we don't stop this now, everything depending on openssl will have to
go in at the same time as all of KDE and JACK and flac and unixodbc.

That requires a d-d-a message.  I propose that it say this:
DO NOT upload packages built against libssl-dev or libssl0.9.8.
All packages should be built against libssl0.9.7-dev (libssl0.9.7) at this time.
Packages in this list:
have been built against the new openssl and must be rebuilt against the
old one.

The new openssl is not ready for etch and will keep your packages out of it,
possibly for months.  It will probably also cause packages to malfunction at
runtime if they end up linked to both new and old openssl (and there are
no Conflicts: to prevent this at this time).  This was an unauthorized
transition and we are doing our best to stop the bad effects of it.

Nathanael Nerode  <neroden@twcny.rr.com>

Make sure your vote will count.

Reply to: