-
Notifications
You must be signed in to change notification settings - Fork 2.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
expat: Add latest release 2.4.6 with a regression fix #29100
Conversation
Hi @hartwork! I noticed that the following package(s) don't yet have maintainers:
Are you interested in adopting any of these package(s)? If so, simply add the following to the package class: maintainers = ['hartwork'] If not, could you contact the developers of this package and see if they are interested? You can quickly see who has worked on a package with $ spack blame expat Thank you for your help! Please don't add maintainers without their consent. You don't have to be a Spack expert or package developer in order to be a "maintainer," it just gives us a list of users willing to review PRs or debug issues relating to this package. A package can have multiple maintainers; just add a list of GitHub handles of anyone who wants to volunteer. |
that's the point of patch releases, please don't deprecate. |
@haampie could you elaborate? The problem is that 2.4.5 fixed a security issue but also introduced a regression, so on one hand people need the security fix but on the other it will make some things worse. That conflict is only resolved by using >=2.4.6 and hence I would argue deprecation in the sense of "no one should be using this release today" makes sense to me. |
PS: @haampie in the same sense, in my book, we should add 2.4.7 and 2.4.8 and then (only) deprecated 2.4.6 after because 2.4.7 is "okay to use" today. |
Hm, how likely is it to hit the bugs when using expat through python/cmake? It's a tradeoff between stability and many rebuilds. |
@haampie I'm not sure I understand. Why do reverse dependencies need a rebuild when Expat releases are ABI compatible with each opther? I would not expect rebuilds of anything (other than Expat) from updating Expat (say) 2.4.5 to 2.4.8 (expect in NixOS maybe). Am I missing something specific to Spack? |
Spack fixes dependencies by hash, and the version number is used to compute the hash. And the hash is computed ahead of the build, so making sure two versions providing the same library&abi have the same hash is currently not possible. |
@haampie that explains what you meant by stability versus rebuilds. I don't know much about your environment, but getting off 2.4.5 is worth rebuilds to me, and so will getting off 2.4.6 be. Why not to you? |
No description provided.