On Mon, Jun 10, 2024 at 11:57 PM Adam Williamson <adamwill@xxxxxxxxxxxxxxxxx> wrote: > > On Mon, 2024-06-10 at 20:57 +0200, Fabio Valentini wrote: > > On Mon, Jun 10, 2024 at 8:52 PM Fabio Valentini <decathorpe@xxxxxxxxx> wrote: > > > > > > On Mon, Jun 10, 2024 at 8:49 PM Colin Walters <walters@xxxxxxxxxx> wrote: > > > > > > > > Worth a bit of wide distribution as I'm sure I'm not the only one who got burned: > > > > https://bugzilla.redhat.com/show_bug.cgi?id=2291191 > > > > > > The build of Julia that has this has been unpushed from > > > f40-updates-testing already: > > > https://bodhi.fedoraproject.org/updates/FEDORA-2024-8a00986001 > > > > > > Not sure why these changes landed in the f40 branch only, but not in rawhide. > > > > Side note: The commits that are on the f40 branch *only* definitely > > look suspicious: > > https://src.fedoraproject.org/rpms/julia/commits/f40 > > > > Looks like Julia is bundling LLVM, libuv, libunwind, gmp, curl (!), > > libssh2 (!), and mbedtls (!) ... > > https://src.fedoraproject.org/rpms/julia/blob/f40/f/sources > > Back story is in https://bugzilla.redhat.com/show_bug.cgi?id=2274270 . > Not really suspicious, just an upstream terminally inhospitable to > downstreams. It kinda looks like we should just ditch the package, to > me. You are right - I meant to say it was suspicious that these commits were only done in the f40 branch, but are not present in rawhide. Usually packages are worked on in rawhide *first* and then changes are merged or backported to stable branches. Reading up on the bug, the situation with Julia does indeed sound like a major clusterf***. If Julia only supports running on top of the same versions of libraries that it was built against, maybe it needs to be rebuilt any time any of those libraries change? It also sounds like Julia packages are distributed as pre-compiled binaries? That seems like a major security issue if Julia is just downloading pre-compiled binaries from somewhere and running them ... Fabio -- _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
