Bill Nottingham wrote:
Tom Lane (tgl@xxxxxxxxxx) said:
RPM already tracks architecture for detected library dependencies. This
really only comes into play for BuildRequires that could reasonably be
multilib and any hardcoded library requires. So, not 75% of packages.
More like 2%.
That doesn't make me feel better unless there's some pretty clear rule
for figuring out which packages are the 2%. Right at the moment it
seems to me that *any* BuildRequires is vulnerable, because a SRPM by
definition has no library dependencies. Please explain why it's not.
If foo-devel requires foo, due to libfoo.so being a symlink to libfoo.so.3,
the architecture is already tracked.
If foo-devel reqires bar-devel, it is not.
Bill
gcc suffers the same issue with glibc-devel.
https://bugzilla.redhat.com/show_bug.cgi?id=471666
--
Orion Poplawski
Technical Manager 303-415-9701 x222
NWRA/CoRA Division FAX: 303-415-9702
3380 Mitchell Lane orion@xxxxxxxxxxxxx
Boulder, CO 80301 http://www.cora.nwra.com
--
fedora-devel-list mailing list
fedora-devel-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-devel-list
