Re: external dependencies; trolling for more feedback, pushing to make it official ; -)

tor, 21,.09.2006 kl. 16.51 -0600, skrev Elijah Newren:
> On 9/11/06, Matthias Clasen <mclasen redhat com> wrote:
> > The topic came up earlier, and I think there was a general consensus
> > that it is a good idea to freeze the versions of external dependencies,
> > and use tarball modules for them in the gnome-2.18 moduleset in jhbuild.
> Due to the feedback received so far, I've modifed the exact wording of
> the proposal and the list of versions a couple times so far.  I
> thought it'd be worth posting the most recent version and asking if
> there was any further feedback on it or objections to it being
> adopted:
>   The basics:
>     The versions of external dependencies that Gnome module may depend
>     upon are listed on a link from the release schedule
>     ( Dependencies,
>     for this release).  It may be updated at any time by the
>     release-team.
Looks very good.

>   Getting the list updated:
>     If you want to add a new dependency or want one of the versions
>     updated, make a good case for it on desktop-devel-list. In
>     particular, provide reasons why it is important to bump the
>     version number, explain any impact (compile and run time) on other
>     modules, and list any additional external dependencies it would
>     pull in. Be prepared for others to take a few days to test it (in
>     particular, to ensure it builds) before giving a thumbs up or
>     down.
I'd like to see fontconfig updated to 2.4.1 since 2.4.0 lost API by
accident. Also GnuTLS seems to have had a few releases with fixes for
security issues in the 1.4.x series that we might want to look at.

Other possible updates:

- dbus: 0.93 contains a bunch of bugfixes and we probably want to help
push dbus along towards a quality 1.0 release.

- libgpg-error: 1.4 has some changes but nothing that is compelling
enough to bump it I guess

- libgcrypt: 1.2.3 has some minor bugfixes, not needed IMO

- libmusicbrainz: 2.1.4 fixes buffer overflows and memory leaks so I
would want to use that

- libtasn: 0.3.6 has a bunch of bugfixes over 0.3.4, but I don't know if
this is something we actually use or if it's just pulled in by gnutls.

- opencdk: 0.5.9 has a few minor bugfixes and build fixes it seems

- poppler: 0.5.4 fixes a bunch of bugs including crashes, build fixes,
rendering issues, etc

My impression is that we should bump fontconfig, dbus, poppler,
libmusicbrainz and possibly gnutls at least.

>   Available enforcement mechanism:
>     If a module depends on either a new external dependency not listed
>     here or a newer version of an external dependency than one listed
>     here, we may revert to an older version of that module for Gnome
>     2.17.x (which may result in reversions of other modules too). The
>     development version of that module can again be used once either
>     this page is updated by the release-team or the new(er) external
>     dependency is made optional.
Or we could make it a prerequisite for module maintainers to go through
the petition to get the dependency version bumped before adding the dep
in the module?


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]