On Fri, 12 Aug 2011 09:32:26 +0200, AS (Andreas) wrote: > > So, where are we now? > > yum install bar doesn't update foo-libs automagically. Which is why you may benefit from an explicit dependency *if* you publish such an updated "bar" that needs a specific minimum version of foo-libs: http://fedoraproject.org/wiki/Packaging:Guidelines#Explicit_Requires In this thread Paul has given a real-world example: https://bugzilla.redhat.com/show_bug.cgi?id=642796 $ rpm -qR libcurl|grep ssh libssh2(x86-64) >= 1.2.7 libssh2.so.1()(64bit) Such explicit deps are neither the norm nor mandatory. In Fedora-land, a full "yum update" (or the equivalent thereof with a different tool) is needed frequently anyway because of the updates-flood and because of "yum install" not considering newest packages only. It isn't any secret that Fedora users encounter lots of dep problems when installing without updating frequently. Back to subpackages. I could repeat my 1st reply in this thread, but let's see. We try to keep builds from the same src.rpm (and not limited to that) in sync for various reasons. Not just because a program/extension included in a subpkg may strictly require the very latest base pkg. Or vice versa (the guidelines even mention the pitfall of creating a circular dep): https://fedoraproject.org/wiki/Packaging/Guidelines#RequiringBasePackage A foo.src.rpm that builds libs *and* programs doesn't need to be split into several packages. It could also be split into foo + foo-utils or libfoo + foo, and the naming scheme doesn't change which is the base pkg and which is the subpkg. So, if the build creates multiple subpackages, you *could* treat the libs pkg like a separate/external build. However, library subpkg builds are special because they build from the same src.rpm, with no risk that the library package will change its name and break the explicit subpkg dep created within the same package set, with no versioned BuildRequires on an external library package, with no configure script checking for a minimum library version -> any programs built within the same src.rpm may immediately use this very latest lib API. So, what is safer? * To treat a foo-libs subpackage like a base package and have foo (or e.g. foo-utils) depend on it with full NEVR? * Or to treat it like an ordinary/individual library package with just the automatic SONAME dep and reconsider an explicit dep only when building against new library updates? http://fedoraproject.org/wiki/Packaging:Guidelines#Explicit_Requires -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel
