Created attachment 469762 [details] Full output of cave report With sys-apps/paludis-2.6.0, when doing # cave report I get tons of warnings like this: cave@1491933920: [WARNING e.package_dep_spec.slot_not_allowed] In thread ID '20487': ... In program cave report: ... When building security or insecurity package set: ... When parsing security advisory '/usr/portage/metadata/glsa/glsa-201010-01.xml': ... When handling GLSA '201010-01' from '/usr/portage/metadata/glsa/glsa-201010-01.xml': ... When parsing elike package dep spec 'media-libs/libpng:1.2': ... When parsing generic package dep spec 'media-libs/libpng:1.2': ... Slot dependencies not safe for use here full set attached. According to Ciaran, "the real fix for this is to get portage to start doing error checking and enforcing EAPIs". However, if slot dependencies are indeed not safe for use there, people should write the GLSA's independent of how portage implements the protocol. Thank you!
I'm sorry but we really have no clue where you could get such a package name from. The only part where the slot is specified is this: <unaffected range="ge" slot="1.2">1.2.46</unaffected> So if anything is actually happening here, it is Paludis grabbing the 'slot' attribute and using it incorrectly. If the upstream refuses to support slots, I'd say it would be reasonable if Paludis either ignored the attribute or reported it as extraneous attribute. However, if it uses it and then fails on some internal inconsistency, it's purely a bug in Paludis. That said, between 13 and 15 Jan the GLSA said: <unaffected range="ge">1.2.46:1.2</unaffected> However, I consider it seriously unlikely that you are reporting an issue based on Gentoo snapshot from those two days. And even if you were, I don't see how the invalid ':1.2' part would have jumped from version to package name.
