On 06/30/2015 02:12 PM, Zac Medico wrote: > >> Suppose ten years from now everything is written in Go. I have 500 >> statically linked Go packages on my system, all of whose dependencies >> were built and compiled-in at install time. Now someone finds a remote >> root vulnerability in the go-openssl library. I know some of the >> packages I have installed were built against it. What do I do? > > Use slot-operator := deps, together with the emerge --with-bdeps=y > option. Then, if you bump the sub-slot of the go-openssl library, all of > your go packages that have it in DEPEND with a slot-operator := > dependency will be rebuilt automatically. >
Right, and now what if go-openssl was built on-the-fly 500 times and there's no package for it?