/bitcoin

Create dependencies.md #10779

Open
wants to merge 3 commits into
from
+46 −3

Conversation

Reviewers

@laanwj laanwj

@luke-jr luke-jr

Assignees
No one assigned
Labels
Docs and Output
Projects
None yet
Milestone
No milestone
4 participants
@flack @laanwj @luke-jr @fanquake
@flack
Contributor

flack commented Jul 9, 2017

As @fanquake mentioned in #8639, this should probably be a file in doc/, so I went ahead and pulled the issue text via the github API and dumped it into a file. No modifications made, except one spelling fix. This makes the info easier to find, and it will get a proper version history, too.

fanquake added the Docs and Output label Jul 9, 2017

doc/dependencies.md
+Dependencies
+============
+
+| Dependency | Version used | Minimum Required | Latest available | CVEs? | Shared | [Bundled Qt Library](https://doc.qt.io/qt-5/configure-options.html) |
@laanwj

laanwj Jul 10, 2017 edited

Owner

Would be useful to have somewhat of an introduction here - what is this document, what should it be used for, when is it to be updated, etc.
Also that instructions for installing dependencies are in the appropriate build-*.md.

@laanwj
Owner

laanwj commented Jul 10, 2017

Concept ACK
Needs an entry in doc/README.md
@flack
Contributor

flack commented Jul 10, 2017

@laanwj where would you put it in README, under "Building" or under "Development"?

An introduction seems like a good idea, and I could write some small blurb, but it would probably better if this is done by someone who knows what he's talking about :-)

Also, do you think the link in the last line of this paragraph https://github.com/bitcoin/bitcoin/blob/master/doc/build-unix.md#dependencies (and corresponding lines in the oder build docs) should be changed to point to the new file?
@laanwj
Owner

laanwj commented Jul 13, 2017

where would you put it in README, under "Building" or under "Development"?

Building, I guess. People look there sooner I think, and it's relevant to both.

Also, do you think the link in the last line of this paragraph https://github.com/bitcoin/bitcoin/blob/master/doc/build-unix.md#dependencies (and corresponding lines in the oder build docs) should be changed to point to the new file?

Yes, such a overall overview can better go into dependencies.md. Do keep the instructions for installing the dependencies in the appropriate build instructions though.
@flack
Contributor

flack commented Jul 14, 2017

I've added links from README and the build-* files & a small intro sentence as requested. Let me know if there's anything else I should change
doc/dependencies.md
+
+These are the dependencies currently used by Bitcoin Core. You can find instructions for installing them in the `build-*.md` file for your platform.
+
+| Dependency | Version used | Minimum Required | Latest available | CVEs? | Shared | [Bundled Qt Library](https://doc.qt.io/qt-5/configure-options.html) |
@luke-jr

luke-jr Jul 26, 2017

Member

Let's not try to track latest available here...

For CVEs, rather than yes/no, it'd be more useful to link where to check for exploits.

doc/dependencies.md
+| Dependency | Version used | Minimum Required | Latest available | CVEs? | Shared | [Bundled Qt Library](https://doc.qt.io/qt-5/configure-options.html) |
+| --- | --- | --- | --- | --- | --- | --- |
+| openssl | 1.0.1k | | [1.0.1u](https://www.openssl.org/source) | Yes | | |
+| ccache | 3.3.4 | | [3.3.4](https://ccache.samba.org/download.html) | No | | |
@luke-jr

luke-jr Jul 26, 2017

Member

No indication on which dependencies are optional?

@flack

flack Jul 26, 2017

Contributor

wouldn't that info have to be in the platform-specific files?

doc/dependencies.md
+| openssl | 1.0.1k | | [1.0.1u](https://www.openssl.org/source) | Yes | | |
+| ccache | 3.3.4 | | [3.3.4](https://ccache.samba.org/download.html) | No | | |
+| libevent | 2.1.8-stable | 2.0.22 | [2.1.8-stable](https://github.com/libevent/libevent/releases) | No | | |
+| Qt | 5.7.1 | 4.7+ | [5.9.1](https://download.qt.io/official_releases/qt/) | No | | |
@luke-jr

luke-jr Jul 26, 2017

Member

Qt is typically considered as individual components. We don't need all of it.

doc/dependencies.md
+
+#### OpenSSL 1.0.1k
+
+[CVE-2015-0286](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0286), [CVE-2015-0287](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0287), [CVE-2015-0289](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0289), [CVE-2015-0293](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0293), [CVE-2015-0209](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0209), [CVE-2015-0288](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0288), [CVE-2015-1788](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1788), [CVE-2015-1789](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1789), [CVE-2015-1790](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1790), [CVE-2015-1792](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1792), [CVE-2015-1791](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1791), [CVE-2015-1793](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1793), [CVE-2015-3196](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3196), [CVE-2015-3194](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3194), [CVE-2015-3195](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3195), [CVE-2015-3197](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3197), [CVE-2016-0800](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0800), [CVE-2016-0705](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0705), [CVE-2016-0798](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0798), [CVE-2016-0797](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0797), [CVE-2016-0799](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0799), [CVE-2016-0702](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0702), [CVE-2016-2107](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2107), [CVE-2016-2105](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2105), [CVE-2016-2106](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2106), [CVE-2016-2108](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2108), [CVE-2016-2109](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2109), [CVE-2016-2176](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2176), [CVE-2016-2177](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2177), [CVE-2016-2178](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2178), [CVE-2016-2179](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2179), [CVE-2016-2180](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2180), [CVE-2016-2181](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2181), [CVE-2016-2182](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2182), [CVE-2016-6302](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6302), [CVE-2016-6303](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6303), [CVE-2016-6304](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6304), [CVE-2016-6306](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6306)
@luke-jr

luke-jr Jul 26, 2017

Member

This doesn't seem to belong here.

@flack

flack Jul 26, 2017

Contributor

like I've written in the original PR description, for now I just took the text verbatim from #8639, but I can ofc adapt it

@flack
Contributor

flack commented Jul 26, 2017

I've removed the "latest available" column now as requested by @luke-jr . I can also remove the listed CVEs, since they will probably get outdated pretty quickly, too. I also like the idea of putting in links to check for vulnerabilities, but I don't really know where they should link to.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment