Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 598523

Summary: [Future EAPI] Version operators that force a specific version and compare revisions (alike GLSA)
Product: Gentoo Hosted Projects Reporter: Michał Górny <mgorny>
Component: PMS/EAPIAssignee: PMS/EAPI <pms>
Status: CONFIRMED ---    
Severity: normal CC: esigra, sam, security
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard:
Package list:
Runtime testing required: ---
Bug Depends on:    
Bug Blocks: 174380, 598525    

Description Michał Górny archtester Gentoo Infrastructure gentoo-dev Security 2016-10-30 13:25:34 UTC 
Not sure if we have a 'package' use case for it but opening for completeness. GLSAs have four revision range operators: rlt, rle, rge, rgt (but no req). Those operators force a specific version like =, but allow for specific revision ranges.

For example, rge 1.2-r3 is equivalent to ( ~1.2 >=1.2-r3 ). Having additional operators in GLSAs make me feel a little uneasy, though I guess that's because GLSAs can't use complex dependency specifications like we can (however, in our case the complex thing is not fool-proof either, thanks to slots).

Few minor notes:

- rlt 1.2 (-r0) never matches,

- rge 1.2 (-r0) is equivalent to our ~1.2 (GLSAs don't have explicit ~).