tor, 21,.09.2006 kl. 16.51 -0600, skrev Elijah Newren: > On 9/11/06, Matthias Clasen <[EMAIL PROTECTED]> wrote: > > The topic came up earlier, and I think there was a general consensus > > that it is a good idea to freeze the versions of external dependencies, > > and use tarball modules for them in the gnome-2.18 moduleset in jhbuild. > > Due to the feedback received so far, I've modifed the exact wording of > the proposal and the list of versions a couple times so far. I > thought it'd be worth posting the most recent version and asking if > there was any further feedback on it or objections to it being > adopted: > > The basics: > The versions of external dependencies that Gnome module may depend > upon are listed on a link from the release schedule > (http://live.gnome.org/TwoPointSeventeen/External Dependencies, > for this release). It may be updated at any time by the > release-team. > Looks very good.
> Getting the list updated: > If you want to add a new dependency or want one of the versions > updated, make a good case for it on desktop-devel-list. In > particular, provide reasons why it is important to bump the > version number, explain any impact (compile and run time) on other > modules, and list any additional external dependencies it would > pull in. Be prepared for others to take a few days to test it (in > particular, to ensure it builds) before giving a thumbs up or > down. > I'd like to see fontconfig updated to 2.4.1 since 2.4.0 lost API by accident. Also GnuTLS seems to have had a few releases with fixes for security issues in the 1.4.x series that we might want to look at. Other possible updates: - dbus: 0.93 contains a bunch of bugfixes and we probably want to help push dbus along towards a quality 1.0 release. - libgpg-error: 1.4 has some changes but nothing that is compelling enough to bump it I guess - libgcrypt: 1.2.3 has some minor bugfixes, not needed IMO - libmusicbrainz: 2.1.4 fixes buffer overflows and memory leaks so I would want to use that - libtasn: 0.3.6 has a bunch of bugfixes over 0.3.4, but I don't know if this is something we actually use or if it's just pulled in by gnutls. - opencdk: 0.5.9 has a few minor bugfixes and build fixes it seems - poppler: 0.5.4 fixes a bunch of bugs including crashes, build fixes, rendering issues, etc My impression is that we should bump fontconfig, dbus, poppler, libmusicbrainz and possibly gnutls at least. > Available enforcement mechanism: > If a module depends on either a new external dependency not listed > here or a newer version of an external dependency than one listed > here, we may revert to an older version of that module for Gnome > 2.17.x (which may result in reversions of other modules too). The > development version of that module can again be used once either > this page is updated by the release-team or the new(er) external > dependency is made optional. > Or we could make it a prerequisite for module maintainers to go through the petition to get the dependency version bumped before adding the dep in the module? Cheers Kjartan _______________________________________________ desktop-devel-list mailing list desktop-devel-list@gnome.org http://mail.gnome.org/mailman/listinfo/desktop-devel-list