On Fri, Jun 20, 2008 at 7:51 AM, Michel Salim <michel.sylvan@xxxxxxxxx> wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > The recent push of xulrunner-1.9 and Firefox 3 broke Miro and devhelp > (https://admin.fedoraproject.org/updates/F9/pending/devhelp-0.19.1-2.fc9) > again. > > Is there a way to declare these kinds of dependencies that we are not > using right now? Should Miro and devhelp specifically require xulrunner > = %{version}-%{release} -- or perhaps a more administrative solution; > block a non-security release of xulrunner for at least one day and > automatically notify the maintainers of its dependents? xulrunner was suppose to stop this from happening with a stable api. I suspect that prior to v1.9 final there was no guarantee of this but now its stable you should be able to require >= 1.9 and 1.9.0.x until at leat 1.9.1 (Firefox 3.1) comes out. The idea of xulrunner in Fedora being that if there's a security bug in gecko they can ship a new version of xulrunner and all the apps that use it that are shipped in Fedora are automatically secured. Peter -- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list
