Home | Docs | Forums | Lists | Bugs | Planet | Store | GMN | Get Gentoo!
View Bug Activity | Format For Printing | XML | Clone This Bug
the world file does only contain packages which were merged with emerge <package>, not the dependencies of the packages. I think this could be a security problem, if someone emerges mod_ssl, which depends on openssl, mod_ssl is recorded as world-favourite. If there is be a security problem with openssl, and a new ebuild for openssl is released, the user does not notice on that, because he doesn't see it during emerge -up world. So, there has to be a new ebuild for mod_ssl to emerge a new openssl. To solve this, shouldn't the world contain all merged packages?
the idea was for world to contain all the packages the user wanted ... dependencies only *happened* to be installed too, the user might not have wanted them ;) as for openssl, its part of 'system' if your USE variable has SSL in it
openssl was just an example, it could be any other package. I mean, the idea is to have a package installed which is not in world favourites and which has security problems.
i know i was just messing with you ;) as for your bug, i think i heard that drobbins was workin on a solution for this ... in the meantime, what i do is `emerge world -ep`, and then take each package displayed and do `emerge -u <pkg>` ... kind of nasty hack but whatever ;)
This can be fixed some other way. We can already cause emerge to update dependencies too, but it's turned off until we resolve slot issues during -u
