On Mar 10, 2016, at 12:04 PM, Daniel J. Luke wrote: > On Mar 10, 2016, at 12:46 PM, Rainer Müller wrote: >> On 2016-03-10 16:34, Ryan Schmidt wrote: >>>> The longer we wait, the harder it will be to catch these. >>>> Should we rev-bump all dependents of OpenSSL now? >>> >>> Those that haven't already had their version or revision increased since >>> the openssl update, yes, I would say. >> >> That is difficult to determine now. To find that out requires going >> through the list of dependents manually... >> >> I will assume all ports with commits since the OpenSSL update in r146162 >> either already got a rev-bump or a version upgrade, so they do not need >> it anymore: > > That's probably safe, but I don't think there is a compelling reason to try > and only revbump the minimal set of ports (better to have some needless > rebuilds/downloads of binary archives than to have mysteriously broken ports).
You can't programmatically revbump safely, because in ports with subports you have to manually determine which subport(s) to revbump and how to do so. e.g. the php port is definitely a special case. So if you're manually examining all ports that depend on openssl, you can run an "svn log" on them to see if any commits after r146162 updated the version or revision. _______________________________________________ macports-dev mailing list macports-dev@lists.macosforge.org https://lists.macosforge.org/mailman/listinfo/macports-dev
