Re: external dependencies; trolling for more feedback, pushing to make it official ; -)
- From: Kjartan Maraas <kmaraas broadpark no>
- To: Elijah Newren <newren gmail com>
- Cc: release-team gnome org, Matthias Clasen <mclasen redhat com>, desktop-devel-list gnome org
- Subject: Re: external dependencies; trolling for more feedback, pushing to make it official ; -)
- Date: Fri, 22 Sep 2006 12:10:55 +0200
tor, 21,.09.2006 kl. 16.51 -0600, skrev Elijah Newren:
> On 9/11/06, Matthias Clasen <mclasen redhat com> wrote:
> > The topic came up earlier, and I think there was a general consensus
> > that it is a good idea to freeze the versions of external dependencies,
> > and use tarball modules for them in the gnome-2.18 moduleset in jhbuild.
>
> Due to the feedback received so far, I've modifed the exact wording of
> the proposal and the list of versions a couple times so far. I
> thought it'd be worth posting the most recent version and asking if
> there was any further feedback on it or objections to it being
> adopted:
>
> The basics:
> The versions of external dependencies that Gnome module may depend
> upon are listed on a link from the release schedule
> (http://live.gnome.org/TwoPointSeventeen/External Dependencies,
> for this release). It may be updated at any time by the
> release-team.
>
Looks very good.
> Getting the list updated:
> If you want to add a new dependency or want one of the versions
> updated, make a good case for it on desktop-devel-list. In
> particular, provide reasons why it is important to bump the
> version number, explain any impact (compile and run time) on other
> modules, and list any additional external dependencies it would
> pull in. Be prepared for others to take a few days to test it (in
> particular, to ensure it builds) before giving a thumbs up or
> down.
>
I'd like to see fontconfig updated to 2.4.1 since 2.4.0 lost API by
accident. Also GnuTLS seems to have had a few releases with fixes for
security issues in the 1.4.x series that we might want to look at.
Other possible updates:
- dbus: 0.93 contains a bunch of bugfixes and we probably want to help
push dbus along towards a quality 1.0 release.
- libgpg-error: 1.4 has some changes but nothing that is compelling
enough to bump it I guess
- libgcrypt: 1.2.3 has some minor bugfixes, not needed IMO
- libmusicbrainz: 2.1.4 fixes buffer overflows and memory leaks so I
would want to use that
- libtasn: 0.3.6 has a bunch of bugfixes over 0.3.4, but I don't know if
this is something we actually use or if it's just pulled in by gnutls.
- opencdk: 0.5.9 has a few minor bugfixes and build fixes it seems
- poppler: 0.5.4 fixes a bunch of bugs including crashes, build fixes,
rendering issues, etc
My impression is that we should bump fontconfig, dbus, poppler,
libmusicbrainz and possibly gnutls at least.
> Available enforcement mechanism:
> If a module depends on either a new external dependency not listed
> here or a newer version of an external dependency than one listed
> here, we may revert to an older version of that module for Gnome
> 2.17.x (which may result in reversions of other modules too). The
> development version of that module can again be used once either
> this page is updated by the release-team or the new(er) external
> dependency is made optional.
>
Or we could make it a prerequisite for module maintainers to go through
the petition to get the dependency version bumped before adding the dep
in the module?
Cheers
Kjartan
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]
