On 2011-01-11 at 16:36:27 [+0100], Brecht Machiels <brecht@xxxxxxxxxxx> wrote: > On Tue, 11 Jan 2011 16:28:36 +0100, Mark Watts <miraiwarren@xxxxxxxxx> > wrote: > > > Just a question really: if the package maintainer/developer knows the > > needed version of library dependencies then can't they just specify a > > single > > version (e.g. depend == media-sound/amarok-2.3.2-r1) rather than a range > > (e.g. depend >= media-sound/amarok-2.3.2-r1)? Wouldn't that provide the > > desired stability as long as the package manager has no arbitrary limits > > on what older versions are available? > > Newer library versions might fix important security problems. So you'd > want to upgrade. > > Now that I think of it, libraries can sometimes be built with different > options (Unicode support in Python comes to mind, for example). These > options will need to be specified for the dependency. > > Maybe it would be good to specify dependencies not in terms of versions > but simply as a hash of the package to uniquely identify them? But then > you can no longer say an application needs at least version ... One way this can be solved (openSUSE does it this way) is to let each package declare a set of 'provides' and then declare the dependencies on those instead of the package as such. So the python package could for instance provide 'python-2.6' & 'python-with-unicode'. However, if there would be a python package without unicode support, both packages would have to be named differently anyway. But declaring 'provides' explicitly is much more robust if the options of a package may change over time. cheers, Oliver