Hello
On 24.02.24 19:23, Marcel Telka wrote:
Sorry, this is not true. Proof:
$ pkg contents -mr library/python/cryptography-39 | grep ^depend.*openssl
dependfmri=pkg:/library/security/openssl-31@3.1.5-2024.0.0.0 type=require
$ grep -i ssl components/python/cryptography/Makefile
REQUIRED_PACKAGES += library/security/openssl-31
$
Please note that you said "all" so single counter example is enough to
prove your statement is not true.
As mentioned on the list some old components landed in that list which
we can ignore, that does however not proof that the Mechanism we use to
configure componentes works for each and every component. One such
component which Goetz and I can see on the list that is actually not per
default building agianst openssl 3.1 in ist's non default location is
nginx. It requires script specific settings to properly link to
openssl3.1. As this is a Hobbyist driven non payed OpenSource project,
reducing churn is a very sensible idea. These small script changes can
take many compile cycles af trial and error and thus we loose
contributors either to frustration or simply them giving up on trying to
fix the component. We will not be able to catch the people falling
through the net so we need to make it easy for contributors to help.
Long story short I agree with Goetz suggestion and that mediator change
was planned once we had a suitably small list of packages we can merge
in a time window where we can tell people not to update and thus kill
their system. With the current CI we have to use non default locations
so it's always a question of picking your poison when we do. Linux
distros have updated their CI to be able to make these changes, but we
still need such an infrastructure change. I have as project to add such
a feature to the infrastructure but that will only start showing up
during this year.
-Till
_______________________________________________
oi-dev mailing list
oi-dev@openindiana.org
https://openindiana.org/mailman/listinfo/oi-dev
