Create dependencies.md #10779
Create dependencies.md #10779
Conversation
doc/dependencies.md
Outdated
| Dependencies | ||
| ============ | ||
|
|
||
| | Dependency | Version used | Minimum Required | Latest available | CVEs? | Shared | [Bundled Qt Library](https://doc.qt.io/qt-5/configure-options.html) | |
There was a problem hiding this comment.
Would be useful to have somewhat of an introduction here - what is this document, what should it be used for, when is it to be updated, etc.
Also that instructions for installing dependencies are in the appropriate build-*.md.
|
Concept ACK |
|
@laanwj where would you put it in An introduction seems like a good idea, and I could write some small blurb, but it would probably better if this is done by someone who knows what he's talking about :-) Also, do you think the link in the last line of this paragraph https://github.com/bitcoin/bitcoin/blob/master/doc/build-unix.md#dependencies (and corresponding lines in the oder |
Building, I guess. People look there sooner I think, and it's relevant to both.
Yes, such a overall overview can better go into |
|
I've added links from |
doc/dependencies.md
Outdated
|
|
||
| These are the dependencies currently used by Bitcoin Core. You can find instructions for installing them in the `build-*.md` file for your platform. | ||
|
|
||
| | Dependency | Version used | Minimum Required | Latest available | CVEs? | Shared | [Bundled Qt Library](https://doc.qt.io/qt-5/configure-options.html) | |
There was a problem hiding this comment.
Let's not try to track latest available here...
For CVEs, rather than yes/no, it'd be more useful to link where to check for exploits.
doc/dependencies.md
Outdated
| | Dependency | Version used | Minimum Required | Latest available | CVEs? | Shared | [Bundled Qt Library](https://doc.qt.io/qt-5/configure-options.html) | | ||
| | --- | --- | --- | --- | --- | --- | --- | | ||
| | openssl | 1.0.1k | | [1.0.1u](https://www.openssl.org/source) | Yes | | | | ||
| | ccache | 3.3.4 | | [3.3.4](https://ccache.samba.org/download.html) | No | | | |
There was a problem hiding this comment.
No indication on which dependencies are optional?
There was a problem hiding this comment.
wouldn't that info have to be in the platform-specific files?
doc/dependencies.md
Outdated
| | openssl | 1.0.1k | | [1.0.1u](https://www.openssl.org/source) | Yes | | | | ||
| | ccache | 3.3.4 | | [3.3.4](https://ccache.samba.org/download.html) | No | | | | ||
| | libevent | 2.1.8-stable | 2.0.22 | [2.1.8-stable](https://github.com/libevent/libevent/releases) | No | | | | ||
| | Qt | 5.7.1 | 4.7+ | [5.9.1](https://download.qt.io/official_releases/qt/) | No | | | |
There was a problem hiding this comment.
Qt is typically considered as individual components. We don't need all of it.
doc/dependencies.md
Outdated
|
|
||
| #### OpenSSL 1.0.1k | ||
|
|
||
| [CVE-2015-0286](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0286), [CVE-2015-0287](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0287), [CVE-2015-0289](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0289), [CVE-2015-0293](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0293), [CVE-2015-0209](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0209), [CVE-2015-0288](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0288), [CVE-2015-1788](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1788), [CVE-2015-1789](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1789), [CVE-2015-1790](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1790), [CVE-2015-1792](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1792), [CVE-2015-1791](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1791), [CVE-2015-1793](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1793), [CVE-2015-3196](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3196), [CVE-2015-3194](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3194), [CVE-2015-3195](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3195), [CVE-2015-3197](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3197), [CVE-2016-0800](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0800), [CVE-2016-0705](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0705), [CVE-2016-0798](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0798), [CVE-2016-0797](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0797), [CVE-2016-0799](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0799), [CVE-2016-0702](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0702), [CVE-2016-2107](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2107), [CVE-2016-2105](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2105), [CVE-2016-2106](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2106), [CVE-2016-2108](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2108), [CVE-2016-2109](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2109), [CVE-2016-2176](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2176), [CVE-2016-2177](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2177), [CVE-2016-2178](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2178), [CVE-2016-2179](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2179), [CVE-2016-2180](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2180), [CVE-2016-2181](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2181), [CVE-2016-2182](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2182), [CVE-2016-6302](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6302), [CVE-2016-6303](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6303), [CVE-2016-6304](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6304), [CVE-2016-6306](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6306) |
There was a problem hiding this comment.
This doesn't seem to belong here.
There was a problem hiding this comment.
like I've written in the original PR description, for now I just took the text verbatim from #8639, but I can ofc adapt it
|
I've removed the "latest available" column now as requested by @luke-jr . I can also remove the listed CVEs, since they will probably get outdated pretty quickly, too. I also like the idea of putting in links to check for vulnerabilities, but I don't really know where they should link to. |
|
ACK after squashing into one commit |
|
squashed |
e91b961 Create dependencies.md, and link dependencies file from README & build docs (flack) Pull request description: As @fanquake mentioned in #8639, this should probably be a file in `doc/`, so I went ahead and pulled the issue text via the github API and dumped it into a file. No modifications made, except one spelling fix. This makes the info easier to find, and it will get a proper version history, too. Tree-SHA512: 6ba4c37c97200972a74724e0e346d6ad5947c01ad18638e15250f2b4cd747dd744aba16e306c98d59f35736542a5eded7a17b6a5ce6aebc63c0a9dc969b365ef
As @fanquake mentioned in #8639, this should probably be a file in
doc/, so I went ahead and pulled the issue text via the github API and dumped it into a file. No modifications made, except one spelling fix. This makes the info easier to find, and it will get a proper version history, too.