On 1/16/24 17:20, Simon Josefsson wrote:
it seems that many people think that "Built-Using" can be used to express static linking (including yours truly, even though i *know* that it is meant for license compliance only). which makes me wonder: probably we should have an additional field that expresses such static linking (and therefore would trigger a rebuild when the dependency changes). or we could finally accept that many¹ people would just use "Built-Using" for this anyhow, and explicitly allow such use.Would that be better or worse than making *.buildinfo files more generally available and required? Buildinfo files appears to have some traction already, and it seems like they could help address the same problem.
my understanding¹ of buildinfo files is, that they collect the exact information against which packages a given binary package was built. but that doesn't really help us with static linking (or license compliance as in Built-Using), as the binary might just use whatever parts of it's build-dependencies, and do e.g. dynamic linking or just run a given tool (e.g. 'ninja').
we can already track the required dependencies with Build-Depends, so we could also just rebuild all reverse dependencies.
but afaiu, we want a more specific approach to be able to rebuild only those packages that would actually benefit from that (as opposed to a full archive rebuild because 'make' was uploaded for a policy version bump).
gfmdasr IOhannes ¹ which is pretty dim on this topic; so do not hesitate to enlighten me
Attachment:
OpenPGP_0xB65019C47F7A36F8.asc
Description: OpenPGP public key
Attachment:
OpenPGP_signature.asc
Description: OpenPGP digital signature