nekopsykose
commented
2 weeks ago i usually do this with go bumps, though not every time. every major for sure
Closed triallax closed 3 days ago
nekopsykose
commented
2 weeks ago i usually do this with go bumps, though not every time. every major for sure
triallax
commented
2 weeks ago yeah but the minor bumps very commonly contain security fixes and whatnot
nekopsykose
commented
1 week ago sure, i guess i'll start doing it for those too (like todays).
the only issue is it's hard to find every cport with hostmakedepends=go currently. maybe we need a tool that filters out to things with a direct host/makedepends in it to get a list to feed into bump-pkgrel (i don't mind shell loops, so any helper is nice)
triallax
commented
1 week ago thanks, i wish we could do this for rust as well but the build times would probably be more prohibitive
maybe we need a tool that filters out to things with a direct host/makedepends in it to get a list to feed into bump-pkgrel (i don't mind shell loops, so any helper is nice)
yeah that's a nice idea
i don't know how we feel about this, but go programs build pretty quickly and many go bumps come with security fixes and so on, maybe we can rebuild all go packages on go bumps so that they include those fixes? or is there something analogous to
cargo-auditablethat we could use/are already using?