New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Create dependencies.md #10779
Create dependencies.md #10779
Conversation
doc/dependencies.md
Outdated
Dependencies | ||
============ | ||
|
||
| Dependency | Version used | Minimum Required | Latest available | CVEs? | Shared | [Bundled Qt Library](https://doc.qt.io/qt-5/configure-options.html) | |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Would be useful to have somewhat of an introduction here - what is this document, what should it be used for, when is it to be updated, etc.
Also that instructions for installing dependencies are in the appropriate build-*.md
.
Concept ACK |
@laanwj where would you put it in An introduction seems like a good idea, and I could write some small blurb, but it would probably better if this is done by someone who knows what he's talking about :-) Also, do you think the link in the last line of this paragraph https://github.com/bitcoin/bitcoin/blob/master/doc/build-unix.md#dependencies (and corresponding lines in the oder |
Building, I guess. People look there sooner I think, and it's relevant to both.
Yes, such a overall overview can better go into |
I've added links from |
doc/dependencies.md
Outdated
|
||
These are the dependencies currently used by Bitcoin Core. You can find instructions for installing them in the `build-*.md` file for your platform. | ||
|
||
| Dependency | Version used | Minimum Required | Latest available | CVEs? | Shared | [Bundled Qt Library](https://doc.qt.io/qt-5/configure-options.html) | |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Let's not try to track latest available here...
For CVEs, rather than yes/no, it'd be more useful to link where to check for exploits.
doc/dependencies.md
Outdated
| Dependency | Version used | Minimum Required | Latest available | CVEs? | Shared | [Bundled Qt Library](https://doc.qt.io/qt-5/configure-options.html) | | ||
| --- | --- | --- | --- | --- | --- | --- | | ||
| openssl | 1.0.1k | | [1.0.1u](https://www.openssl.org/source) | Yes | | | | ||
| ccache | 3.3.4 | | [3.3.4](https://ccache.samba.org/download.html) | No | | | |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
No indication on which dependencies are optional?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
wouldn't that info have to be in the platform-specific files?
doc/dependencies.md
Outdated
| openssl | 1.0.1k | | [1.0.1u](https://www.openssl.org/source) | Yes | | | | ||
| ccache | 3.3.4 | | [3.3.4](https://ccache.samba.org/download.html) | No | | | | ||
| libevent | 2.1.8-stable | 2.0.22 | [2.1.8-stable](https://github.com/libevent/libevent/releases) | No | | | | ||
| Qt | 5.7.1 | 4.7+ | [5.9.1](https://download.qt.io/official_releases/qt/) | No | | | |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Qt is typically considered as individual components. We don't need all of it.
doc/dependencies.md
Outdated
|
||
#### OpenSSL 1.0.1k | ||
|
||
[CVE-2015-0286](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0286), [CVE-2015-0287](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0287), [CVE-2015-0289](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0289), [CVE-2015-0293](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0293), [CVE-2015-0209](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0209), [CVE-2015-0288](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0288), [CVE-2015-1788](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1788), [CVE-2015-1789](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1789), [CVE-2015-1790](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1790), [CVE-2015-1792](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1792), [CVE-2015-1791](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1791), [CVE-2015-1793](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1793), [CVE-2015-3196](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3196), [CVE-2015-3194](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3194), [CVE-2015-3195](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3195), [CVE-2015-3197](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3197), [CVE-2016-0800](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0800), [CVE-2016-0705](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0705), [CVE-2016-0798](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0798), [CVE-2016-0797](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0797), [CVE-2016-0799](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0799), [CVE-2016-0702](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0702), [CVE-2016-2107](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2107), [CVE-2016-2105](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2105), [CVE-2016-2106](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2106), [CVE-2016-2108](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2108), [CVE-2016-2109](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2109), [CVE-2016-2176](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2176), [CVE-2016-2177](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2177), [CVE-2016-2178](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2178), [CVE-2016-2179](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2179), [CVE-2016-2180](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2180), [CVE-2016-2181](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2181), [CVE-2016-2182](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2182), [CVE-2016-6302](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6302), [CVE-2016-6303](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6303), [CVE-2016-6304](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6304), [CVE-2016-6306](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6306) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This doesn't seem to belong here.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
like I've written in the original PR description, for now I just took the text verbatim from #8639, but I can ofc adapt it
I've removed the "latest available" column now as requested by @luke-jr . I can also remove the listed CVEs, since they will probably get outdated pretty quickly, too. I also like the idea of putting in links to check for vulnerabilities, but I don't really know where they should link to. |
ACK after squashing into one commit |
squashed |
e91b961 Create dependencies.md, and link dependencies file from README & build docs (flack) Pull request description: As @fanquake mentioned in #8639, this should probably be a file in `doc/`, so I went ahead and pulled the issue text via the github API and dumped it into a file. No modifications made, except one spelling fix. This makes the info easier to find, and it will get a proper version history, too. Tree-SHA512: 6ba4c37c97200972a74724e0e346d6ad5947c01ad18638e15250f2b4cd747dd744aba16e306c98d59f35736542a5eded7a17b6a5ce6aebc63c0a9dc969b365ef
As @fanquake mentioned in #8639, this should probably be a file in
doc/
, so I went ahead and pulled the issue text via the github API and dumped it into a file. No modifications made, except one spelling fix. This makes the info easier to find, and it will get a proper version history, too.