於 二,2009-07-07 於 14:44 +0100,John5342 提到: > 2009/7/7 Ding-Yi Chen <dchen@xxxxxxxxxx>: > > > > Any comments? > > In theory your proposal sounds great but i see just one major flaw > that probably doesn't have a solution. Your idea of packages being > built based on dependencies should work great apart from the fact that > most packages don't tend to have hard dependencies on versions. > Hypothetically in F11 package X-1.2.X relies on package Y-1.2. Later > in the release cycle Y-1.3 is released followed later by X-1.3. Eve > though X-1.3 actually requires Y-1.3 the maintainer probably never > thinks to update the required version (assuming there even was one in > the first place). Now your system can easily fail. It picks X-1.3 from > F-11 (because thats the latest one) but Y-1.3 isn't allowed (because > one of its dependencies is black listed) so it falls back to Y-1.2 > which was the latest in F-10. Everything builds fine because they are > source compatible but Y-1.2 doesnt have a crucial bug fixed. Now your > software is broken. All systems have bugs and may break. So you don't use any of them? :-) The scenario you raised could happen if not so many people use the package X. Otherwise, it would likely be spot by people who use yum update X, as Y-1.3 is not dragged in. Given X-1.3 is broken without Y-1.3, thus bug will likely be spot. Well, Y depends on black-listed packages doesn't mean Y cannot be upgraded at all. As long as the the newer Y does not require higher version of black-listed packages. But if black-listed packages requires Y, or Y is black-listed, then Y will not be upgraded. In those cases, it is expected behavior that X should not be upgraded to X-1.3 because Y cannot be upgraded to Y-1.3. Yes, you find out the limitation of Denture, but no, Denture is not broken. :-) > Believe it or not i actually tried something similar for some of my > internal servers and i like the idea but its impossible to get the > dependencies right which makes the whole idea a no go. Believe it or not I actually tried something similar, but by hand though. I agree some maintainers does not accurately specify the dependency. but it is not beyond fix. One way to overcome this is maintaining a small datafile that contain the *true* dependency. Denture is not meant to be used to upgrade the whole system, but an automated tool to build a target package and corresponding mid-packages under specified constrain. So you only need to correct the dependencies of the target packages and mid-packages if you really need the target package. > > -- > There are 10 kinds of people in the world: Those who understand binary > and those who don't... > I like your signature. :-) -- Ding-Yi Chen Software Engineer Internationalization Group Red Hat, Inc. Looking to carve out IT costs? www.apac.redhat.com/promo/carveoutcosts/ -- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list
