From owner-freebsd-ports@FreeBSD.ORG Tue Mar 9 08:36:32 2010 Return-Path: Delivered-To: freebsd-ports@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 6C9BB1065680 for ; Tue, 9 Mar 2010 08:36:32 +0000 (UTC) (envelope-from perryh@pluto.rain.com) Received: from agora.rdrop.com (agora.rdrop.com [199.26.172.34]) by mx1.freebsd.org (Postfix) with ESMTP id 48A078FC36 for ; Tue, 9 Mar 2010 08:36:32 +0000 (UTC) Received: from agora.rdrop.com (66@localhost [127.0.0.1]) by agora.rdrop.com (8.13.1/8.12.7) with ESMTP id o298BahI093045 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Tue, 9 Mar 2010 00:11:37 -0800 (PST) (envelope-from perryh@pluto.rain.com) Received: (from uucp@localhost) by agora.rdrop.com (8.13.1/8.12.9/Submit) with UUCP id o298Baga093044; Tue, 9 Mar 2010 00:11:36 -0800 (PST) Received: from fbsd61 by pluto.rain.com (4.1/SMI-4.1-pluto-M2060407) id AA13547; Tue, 9 Mar 10 00:10:59 PST Date: Tue, 09 Mar 2010 00:16:07 -0800 From: perryh@pluto.rain.com To: ertr1013@student.uu.se Message-Id: <4b9603c7.KpO1BMZK7fQsGdMr%perryh@pluto.rain.com> References: <201003081150.o28Bo5QI078355@lurza.secnetix.de> <20100308122657.GA89375@owl.midgard.homeip.net> In-Reply-To: <20100308122657.GA89375@owl.midgard.homeip.net> User-Agent: nail 11.25 7/29/05 Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Cc: olli@lurza.secnetix.de, freebsd-ports@freebsd.org Subject: Re: editors/joe + textproc/aspell: dependency problem? X-BeenThere: freebsd-ports@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Porting software to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 09 Mar 2010 08:36:32 -0000 Erik Trulsson wrote: > If a port declares that it depends on file/library/whatever "foo" > from the port "bar", but you have "foo" installed from the port > "baz" then the dependency check will be fine (since it finds > "foo") but when the dependency should be registered in the package > database it will try to register a dependency on the package > "bar", which is not installed, and then no dependency is > registered. > > It might be better if a dependency was registered on the package > that the depended-on file actually was installed from, but this is > currently not done. I'd call it a bug not to do it, since it leads to a vulnerability. After the above sequence, a request to remove baz will succeed without so much as a warning, leaving the port with the unregistered dependency on "foo" broken.