On Sun, Mar 13, 2005 at 02:02:29PM +0000, Henning Makholm wrote: > Scripsit Kurt Roeckx > > > And how can you know you can actually build it if you > > never tried it? > > That's the point, actually: If I build-depend on autoconf, I *cannot* > know that it will actually build after the next update to autoconf, > because most likely nobody will try it.
If it's known that a new major version of autoconf is uploaded to the archive that might break some packages, it's rather easy to see which packages build depend and you can very if they still work or not. This goes for all build dependencies for a package. Also, there are some people (including me) who rebuild the whole archive regularly (but uncoordinated) to look for pacakges that no longer build. There are more things than just autoconf updates that make packages suddenly fail to build. Or are you saying that all build dependencies should be removed, since they all can cause you problems. Maybe you want to have everything your packages requires to build in your .orig.tar.gz file? Including things like all headers from libc and gcc. You know, gcc might change some day and your package might no longer build because it's more strict about some things, maybe you should also include your own copy of gcc in it for all arches. I find the argument that it might break some time because of new version your package build depends on a bad reason. Where does that stop? Some packages for instance have their own copy of libz or gettext included. I find that a bad thing, they should all be changed to build depend on the packages that provide it and not use the included version if possible. There are several reasons why you want that, one of them being that it's alot easier to have all packages fixed if there is a security bug found in one of those packages. Kurt -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
