From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id 93776138334 for ; Wed, 18 Dec 2019 21:08:33 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 92775E094E; Wed, 18 Dec 2019 21:08:30 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 2E287E08C4 for ; Wed, 18 Dec 2019 21:08:28 +0000 (UTC) Received: from pomiot (c142-245.icpnet.pl [85.221.142.245]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) (Authenticated sender: mgorny) by smtp.gentoo.org (Postfix) with ESMTPSA id B9F4734D4FA; Wed, 18 Dec 2019 21:08:26 +0000 (UTC) Message-ID: <7d48d909584a9cd9ee48326312852fd8d330b282.camel@gentoo.org> Subject: Re: [gentoo-dev] Needs ideas: Upcoming circular dependency: expat <> CMake From: =?UTF-8?Q?Micha=C5=82_G=C3=B3rny?= To: gentoo-dev@lists.gentoo.org Date: Wed, 18 Dec 2019 22:08:21 +0100 In-Reply-To: <85c9df6f-fcf5-61d7-90af-a375f5c75088@gentoo.org> References: <1a722f8f-36b5-c313-b6e1-eac75e0839c5@gentoo.org> <85c9df6f-fcf5-61d7-90af-a375f5c75088@gentoo.org> Organization: Gentoo Content-Type: multipart/signed; micalg="pgp-sha512"; protocol="application/pgp-signature"; boundary="=-853iJQpbmxYQ6IO+hSkk" User-Agent: Evolution 3.32.5 Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-dev@lists.gentoo.org Reply-to: gentoo-dev@lists.gentoo.org X-Auto-Response-Suppress: DR, RN, NRN, OOF, AutoReply MIME-Version: 1.0 X-Archives-Salt: 0c10718e-1038-4f64-9eef-c6ac2f9d266e X-Archives-Hash: 6ebcaf19816b90de3463559f3a6be02d --=-853iJQpbmxYQ6IO+hSkk Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable On Wed, 2019-12-18 at 22:02 +0100, Sebastian Pipping wrote: > Hi all, >=20 >=20 > I noticed that dev-util/cmake depends on dev-libs/expat and that > libexpat upstream (where I'm involved) is in the process of > dropping GNU Autotools altogether in favor of CMake in the near future, > potentially the next release (without any known target release date). >=20 > CMake bundles a (previously outdated and vulnerable) copy of expat so > I'm not sure if re-activating that bundle =E2=80=94 say with a new use fl= ag > "system-expat" =E2=80=94 would be a good thing to resort to for breaking = the > cycle, with regard to security in particular. >=20 > Do you have any ideas how to avoid a bad circular dependency issue for > our users in the future? Are you aware of similar problems and > solutions from the past? >=20 I know that's an unhappy idea but maybe it's time to include CMake in stage3. Then it would be just a matter of temporarily enabling bundled libs for stage builds, I guess. --=20 Best regards, Micha=C5=82 G=C3=B3rny --=-853iJQpbmxYQ6IO+hSkk Content-Type: application/pgp-signature; name="signature.asc" Content-Description: This is a digitally signed message part Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNATURE----- iQGTBAABCgB9FiEEx2qEUJQJjSjMiybFY5ra4jKeJA4FAl36lUZfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEM3 NkE4NDUwOTQwOThEMjhDQzhCMjZDNTYzOUFEQUUyMzI5RTI0MEUACgkQY5ra4jKe JA7tnAgAoeyGmYGtZPSVs2yQY52nRYyrrOdhgJbB3nPvu05J7O1C+yZg0leKhR0j 4zh3CkJ1q+YPsuG9bgJVbrelOKjWu5nO4TdPuvUKsq5BnrQzdAOebk2dN1QCOMdL /SlWFkNTFhxS8GZ52cZcE2qYyuJJU46tS9QAJ2h2TG8fgUxtVIzab8XtbBgu+5tj nqrlS0vjIEtGrZoSQ+4Izn6/PuV1xHlIRqDup7mIrxgZFQYg1c4RKWYoC0conVyi zgMLN6H+K68LRwsb17G+51I6X8H3xHac/Wz2MGXDLwiHBj6rUooItAZB0qjKVIMG oW18a1URYZWcM6gOunAEDvuc3IDUIA== =koF9 -----END PGP SIGNATURE----- --=-853iJQpbmxYQ6IO+hSkk--