On Sat, Dec 15, 2018 at 07:04:55PM -0600, Bruce Dubbs via blfs-dev wrote: > On 12/15/2018 06:36 PM, Ken Moffat via blfs-dev wrote: > > On Sat, Dec 15, 2018 at 05:02:17PM -0600, Bruce Dubbs via blfs-dev wrote: > > > On 12/15/2018 04:12 PM, Ken Moffat via blfs-dev wrote: > > > > Picking up on recent changes: > > > > > > > 2. node.js-10.14.2 > > > > > > > > In #11440, Bruce listed the changes, including : > > > > > > > > | ### Notable Changes > > > > | > > > > | * deps: > > > > | * upgrade to c-ares v1.15.0 > > > > > > > > and then applied it although the book still uses 1.14.0. As I have > > > > noted on the -book list, c-ares v1.15.0 has been available on github > > > > since 23rd October, although the c-ares website has not yet been > > > > updated to show that (and they do not, apparently, use odd numbers > > > > for development). > > > > > > > > So, on the face of it some usage(s) of node.js will be broken. > > > > > > node built OK for me, but I'll check this out. At a minimum it looks > > > like I > > > need to update currency for c-ares > > > > Can I, sarcastically, ask if you think that upstream's idea of > > notable changes should be ignored ? You went to the trouble of > > noting what they changed (thanks), but then ignored it, and my > > response on -book. > > Don't attribute to ignorance what can be explained by dementia. :) >
I will be worried if that is true. I'm sure you thought that your daily script to check versions would have picked up the current version of c-ares, but can I respectfully suggest that when something like that is mentioned, you check if we are using it (compare librsvg where we were stalled for months). That certainly doesn't prevent problems in what we commit - we all omit things - but it might help. > > > > 3. poppler-0.72.0 > > > > > > > > It seems that every new poppler release continues to break its > > > > users. > > > > > > I disagree with this. It seems that some users use private parts of > > > poppler > > > that are not a part of the official api. When these provate parts change, > > > then their apps break. > > > > > > I'll note that cups recently cleaned up their act and stopped using stuff > > > from poppler not designed for public use. > > > > > > > Over the years, there have been many breakages from poppler. > > > > The most benign view of this that I can find is > > http://dilfridge.blogspot.com/2015/01/poppler-is-contributing-to-global.html > > > > > > I've had a private report that this breaks inkscape. > > > > > I did find this patch: > > > https://git.archlinux.org/svntogit/packages.git/tree/trunk/poppler-fixes-from-master.patch?h=packages/inkscape > > > > And I'll note that Arch currently have poppler-0.72.0 in *testing*. > > Breakage from new poppler versions is expected. > > Agree, but the difference is on who to blame. > > -- Bruce I think I'll have to give you that one: https://bugs.freedesktop.org/show_bug.cgi?id=7054 (Comment 1) - apparently, the problem is blamed on xpdf ;-) What is worrying is (from Comment 6) "I know that you're not guaranteeing compatibility until 1.0 so you can do what ever you want" - that was over 11 years ago, the current version is still less than 1.0 although the version of libpoppler.so from 0.72.0 is now apparently .83.0.0. Or, cynically, I can suggest that 83 is well after 1, which is why the users link to .so.NN instead of .so, and therefore removing an old version after an upgrade will require a recompile (a quick look at this system from November shows both inkscape and cups-filters link to libpoppler.so.82). Nevertheless, the fact remains that packages used what poppler offered, and continue to pay the price. I'm not good at development, so I don't like dropping in new versions which are widely used until after I've confirmed that they don't break my builds and usages. We will have to disagree on this, as on security. ĸen -- I'm saving up 22 shillings and 10 pence (almost a pound!) per week to buy an ARM-13. http://www.antipope.org/charlie/blog-static/2018/11/brexit-means-brexit.html -- http://lists.linuxfromscratch.org/listinfo/blfs-dev FAQ: http://www.linuxfromscratch.org/blfs/faq.html Unsubscribe: See the above information page
