On 3/10/26 8:18 PM, Sam James wrote: > OK, but what do we do about the dev-python/chardet case? How do we > signal to people that they shouldn't bump to it and shouldn't depend on >> =7 (the bad version)? > > We can rely on people "just knowing" for chardet because it's maintained > by @python, but what do we do for maintainer-needed packages say in this > state?
This seems best suited to preemptively package.mask'ing >=xyz , with a suitable explanation. Attempting to bump to it will automatically "fail", and it is already visibility == 0 to pkgcheck so other packages cannot depend on it unless similarly visibility == 0. -- Eli Schwartz
OpenPGP_signature.asc
Description: OpenPGP digital signature
