[Slackbuilds-users] Clarification of REQUIRES and dependencies

[Willy Sudiarto Raharjo]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

>> for me, it's a no When you want install 2, you will need to
>> install 3 and by then you will have 2 and 3 installed. Adding all
>> deps may not be a problem for a package which doesn't have so
>> many deps, but consider packages that have LOTS of deps, it will
>> be a huge job for the maintainer to track all "direct" deps.
> 
> I think you mean "indirect" deps (level 2)?  To me, "direct" deps
> and "level 1" deps are the same thing?

in this case, 1 requires 2 AND 3, but 2 already cover 3 in REQUIRES
if it's indirect, then of course it should not be listed in REQUIRES

 > But what about updates.  If a new version of 3 builds with a different
> soname, both 1 and 2 need to be rebuilt.  If 3 is not listed in
> 1's REQUIRES=, how will we know that 1 needs to be rebuilt?  This
> is not a theoretical question

that's our job as users to take care of those as well
we can't ask the maintainer to take notes on every soname bump in README
if we don't want to worry about soname bump, we can just keep the
current version on our system and choose not to upgrade and it will
keep working. This is i guess what Pat does in -stable. He update a
package when there's a security vulnerabilities or there's serious or
very annoying but in it, but he must make sure that it doesn't
introduce soname changes which requires him to rebuilt any other
packages depending on that one.


- -- 
Willy Sudiarto Raharjo
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iEYEARECAAYFAlR3JSkACgkQiHuDdNczM4H6CwCeKmrlH3N9gxaueYo2r/Y3Czde
KK0AoIg9WgvqjQu6mEGtGiNYMiNDt9U7
=/5ch
-----END PGP SIGNATURE-----