On Tue, Jun 10, 2003, Ralf S. Engelschall wrote: > > The PreReq dependency is required to trigger rebuilds because this > > is the only kind stored by rpm in the package database. The BuildPreReq > > information is lost. > > But one can argue that it is just fair that RPM throws this info away > now (after installing) it is no longer required for it.
You can only guess about the reasoning behind RPM, after all the PreReq conditions are not exactly the right information either. RPM implements a much more powerful (but also informal and error-prone) mechanism to describe other kinds of dependencies, including the "need-to-rebuild" which is triggers. Something we, safely, do not use. > > Index information cannot be used as a substitute because it is only > > valid for packages in the repository which often do have dependencies > > different from installed packages. > > Can you provide more details or an example? I'm not sure whether > I understand this correctly. program A requires library B. program A is upgraded in the repository to use its own implementation C. library B is upgraded in the repository. Let's say a security issue. Users will upgrade library B but will not rebuild program A which no longer depends on library B _in the repository_. However, they are still using the older version of program A which still contains the vulnerable version of library B. Now you could say that security advisories will catch this, but if this is not security relevant, but "just" a bugfix I don't think that we will tell every user that there is a hidden dependency. -- ,eM""=. a"-. Michael van Elst dWWMWM" - :GM==; [EMAIL PROTECTED] :WWMWMw=--. "W=' cable & wireless 9WWMm==-. "-Wmw-" CABLE & WIRELESS ______________________________________________________________________ The OpenPKG Project www.openpkg.org Developer Communication List [EMAIL PROTECTED]