Hi, sorry for asking to CC: debian-haskell, it does not seem to allow mails from non-subscribers. Am Sonntag, den 09.03.2008, 23:02 +0100 schrieb Bastian Blank: > On Sun, Mar 09, 2008 at 07:42:59PM +0100, Joachim Breitner wrote: > > haskell libraries have the unfortunate requirement to need exactly the > > version of dependencies installed that they were built against. > > Can you please explain why? And does a rebuild in the same environment > also break it? AFAIK the compiler, GHC, does heavy cross-module optimization and inlining. I’m not fully aware of the technical details, but I was told by people who hopefully know that we should keep the binary dependencies strict. So > > binary dependencies are fixed (==) to the version that was installed > > during installation. > > Exact version is >> x, << x+1. You mean exact revision. You are right, sorry. I do mean revision. > > Currently, we also fix the build-dependencies, to keep the packages in > > sync across different arches, and do sourceful uploads of all depending > > package when we upgrade a library. I don’t like this situation, and I’m > > wondering if we could not do binNMUs to keep the packages in sync. > > BinNMUs will only work with loose build-deps. Exactly, but loose build deps would lead to packages getting out of sync unless we do binNMUs to fix that. Example: (Library B depends on A.) 1 New version of A is uploaded 2 B is uninstallable current situation: 3 New sourceful version of B has to be uploaded manually 4 buildds build new version of B against new version of A on all platforms (but the uploaders) automatically what I’d like to have: 3 We notice that B is uninstallable (with some script’s help) 4 binNMUs are schedueled for all archs where the new version of A is installed 5 buildds build new binary versions I’m just not sure if point 4 wouldn’t be too much of a burden for the buildds and w-b admins. > > I’m also guessing that not having strict build-dependencies might make > > work easier for releasing or security updates, but that’s just guesswork > > on my side :-) > > You are already in touch with security? This is a large problem. No, I wasn’t aware that is was such a problem. I’ll get in touch with them in case we have to stick to the strict build-dep situation. With loose build-deps, there woudn’t be a large problem with security, would there? Thanks for your reply, Joachim -- Joachim "nomeata" Breitner Debian Developer nomeata@debian.org | ICQ# 74513189 | GPG-Keyid: 4743206C JID: nomeata@joachim-breitner.de | http://people.debian.org/~nomeata
Attachment:
signature.asc
Description: Dies ist ein digital signierter Nachrichtenteil