[Bug 177483] Review Request: subversion-api-docs
bugzilla at redhat.com
bugzilla at redhat.com
Mon Mar 6 17:04:02 UTC 2006
Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug report.
Summary: Review Request: subversion-api-docs
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=177483
------- Additional Comments From toshio at tiki-lounge.com 2006-03-06 12:03 EST -------
I don't think that'll work::
$ repoquery --requires --repoid=development subversion-devel
apr-devel
apr-util-devel
subversion = 1.3.0-4.2
So whether we depend on subversion or subversion-devel we're creating a
situation where we cannot update subversion-core because the documentation is
out of sync.
OTOH, not including the release portion of EVR in the package dependencies makes
it less likely that the scenario I mentioned where a neon security flaw is
blocked by out-of-sync subversion/subversion-api-docs could occur but the
example would still be valid for security flaws in subversion itself.
You argue yourself, that exact EVR isn't necessary for the package dependencies
because an upgrade will just add accuracy to what is already there. My argument
is just an extension of this: it's better that the subversion-api-docs are not
made dependent on subversion and are placed in their own
%{_docdir}/subversion-api-docs directory because it eliminates a potential
security problem in trade for a similar accuracy of the documentation.
--
Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.
More information about the fedora-extras-list
mailing list