Closed triallax closed 3 days ago
i usually do this with go bumps, though not every time. every major for sure
yeah but the minor bumps very commonly contain security fixes and whatnot
sure, i guess i'll start doing it for those too (like todays).
the only issue is it's hard to find every cport with hostmakedepends=go currently. maybe we need a tool that filters out to things with a direct host/makedepends in it to get a list to feed into bump-pkgrel (i don't mind shell loops, so any helper is nice)
thanks, i wish we could do this for rust as well but the build times would probably be more prohibitive
maybe we need a tool that filters out to things with a direct host/makedepends in it to get a list to feed into bump-pkgrel (i don't mind shell loops, so any helper is nice)
yeah that's a nice idea
i don't know how we feel about this, but go programs build pretty quickly and many go bumps come with security fixes and so on, maybe we can rebuild all go packages on go bumps so that they include those fixes? or is there something analogous to
cargo-auditable
that we could use/are already using?