On Fri, 2019-01-18 at 22:22 +0000, James Le Cuirot wrote: > On Fri, 18 Jan 2019 21:13:34 +0100 > Michał Górny <[email protected]> wrote: > > > So apparently 14.2% of dependencies allow any slot of OpenSSL which is > > most likely wrong, and 1.4% explicitly claim that's what the package > > wants. This could be valid only if e.g. the package supported multiple > > ABIs of OpenSSL libraries and used dlopen() with a few possible SONAMEs > > which I honestly doubt any of those packages is doing. > > > > In other words, 14.2% of dependencies on OpenSSL are plain wrong, > > and 6.4% are wrong in a way that isn't going to be reported by repoman. > > 1.4% of cases are using ':*' which probably indicates the developer > > decided to silence repoman without understanding how slot operators work > > which is a horrible thing from QA perspective. > > > > We also have a few cases that require specific OpenSSL subslot (e.g. > > forcing old version into :0 slot) but *none* actually using the binary > > compatibility slots. > > I have noticed this and more generally that slot operators are poorly > understood, which is frustrating. I was initially inclined to say that > I think the model still fits and we should educate devs better but...
At some point you realize that the sheer amount of knowledge needed to contribute to Gentoo is just too large. You can't expect people to spend days (finding and) reading documentation for all the corner cases. I believe that if we can make something more obvious, we should go for it. > > Secondly, it is confusing to users. If we remove old versions and only > > keep binary compatibility slots, users can be easily tricked into > > installing them and being surprised it's not a complete package. If we > > keep old versions, we end up having different revisions of the same > > version in different slots which is also easily confused. > > I can't say I've ever seen this happen but I don't speak to many users. > I'll buy it. I don't know if it happens, to be honest. However, I'm going for the assumptions that there is no reason why a regular user would need to know the purpose or meaning of different version schemes and slotting on various packages. > What do you think? > > I'm on board as I have to deal with this a lot in games and I think > there were one or two more on my list to add. > > The only downside is that packages requiring what is currently the > latest version would need to be updated later, though I guess you could > use || instead. Take libpng, for example: > > > > ( =media-libs/libpng-1.6* media-libs/libpng-bin-compat:1.6 ) > > Or perhaps? > > > > ( media-libs/libpng:0/16 media-libs/libpng-bin-compat:1.6 ) > This happens with the current model as well, and I don't think '1.6*' solution is commonly applicable. For the less friendly cases, you need stuff like: || ( dev-libs/openssl:0/0 dev-libs/openssl:1.0.0 ) which isn't very obvious either. -- Best regards, Michał Górny
signature.asc
Description: This is a digitally signed message part
