Date: Mon, 6 Aug 2007 13:38:08 -0400 From: Kris Kennaway <kris@obsecurity.org> To: Michael Nottebrock <lofi@freebsd.org> Cc: Henrik Brix Andersen <henrik@brixandersen.dk>, Kris Kennaway <kris@obsecurity.org>, cvs-all@freebsd.org, ports-committers@freebsd.org, Pav Lucistnik <pav@freebsd.org>, cvs-ports@freebsd.org, Alexander Leidinger <Alexander@leidinger.net> Subject: Re: cvs commit: ports/Mk bsd.port.mk Message-ID: <20070806173808.GA39444@rot26.obsecurity.org> In-Reply-To: <46B7072E.8070307@freebsd.org> References: <200706281553.l5SFr56i099807@repoman.freebsd.org> <20070802181715.46yikycm8gc8g8kk@webmail.leidinger.net> <20070803125410.GB1062@tirith.brixandersen.dk> <200708032144.57558.lofi@freebsd.org> <20070803204215.GA68620@rot26.obsecurity.org> <20070806074318.q9mw6ulngg00gwsw@webmail.leidinger.net> <20070806065634.GA31676@rot26.obsecurity.org> <20070806113855.0fcq213io0www04k@webmail.leidinger.net> <46B7072E.8070307@freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, Aug 06, 2007 at 01:34:06PM +0200, Michael Nottebrock wrote: > Alexander Leidinger schrieb: > > Kris, what technical reasons are against explicit dependencies, in > > your opinion? > Explicit dependencies would be great, if they can be guaranteed to be > correct, which basically means we need a way auto-generate them. Maybe > this could be done in a similar way to the security check target - run > ldd/objdump over installed executables and libraries, record symbol > names somewhere, determine dependencies by comparing records ... > > Explicit dependencies that need to be determined and maintained manually > by port maintainers are useless, since they'll be almost guaranteed to > be wrong most of the time for those ports that would profit the most > (shave off the most implicit dependencies) from having them. Yes, this is the most serious problem. Also there is no need to introduce a new variable to handle it: if you want to record explicit dependencies a better way is to use LIB_ or RUN_DEPENDS and track the direct vs inherited dependencies differently in the package database. Kris
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20070806173808.GA39444>