On Mon, May 19, 2008 at 02:41:57PM +0200, Michal Suchanek wrote: > > Is the problem with source dependencies resolved already? > > Last time I tried to build something the build dependencies were exact > (= something) which is very bad for users who try to build anything, > and I read some discussion earlier on this list where it was pointed > out that this is unacceptable for security as well.
No-one has yet convinced me that any other scheme would be better. Exact dependencies make security fixes much easier to get right, as you don't have to worry about building against an older version of a package and getting the security bug cross-module-inlined. I have a mail somewhere describing a README.Source standard (or similar), which I intend to do in my next uploads. That should make it easier for users rebuilding, backporters, etc. Thanks Ian _______________________________________________ debian-haskell mailing list [email protected] http://urchin.earth.li/mailman/listinfo/debian-haskell
