This is a new proposal for determining whether a version of a library is safe to use in the EFL.
Keep in mind that this document is currently a draft and does not represent the current practice; it exists for the purpose of bringing up a discussion on this topic so that it's possible to come to a resolution and create some solid policy on this.
This proposal assumes the existence of five (possibly six) "baseline" distros. Those would be Linux distributions we compare against. The idea is to select those distros which are
- Major, popular distributions
- Have a release system (i.e. no rolling)
- We count their last stable release always (if long term support is provided, we assume latest LTS)
- We don't count derivative distributions without their own repositories
The current proposed list is:
Distributions such as Gentoo, Arch Linux and others (Funtoo etc.) are not included because they're rolling and thus always including reasonably recent versions - as such, rolling distributions are always supported. Other Unix-like operating systems such as FreeBSD typically store our dependencies in some kind of "ports" system which is essentially also rolling (even though the OS itself has actual releases), thus including reasonably recent versions (and if it does not, it's typically rather simple to update).
First, a list of all mandatory (important dependencies that aren't technically mandatory but make you lose some big feature are considered mandatory) EFL dependencies will be collected. Then, a list of dependency versions will be collected from each baseline distribution.
If the distribution release has an officially maintained backports system and a newer version of the dependency is present, backports version is assumed.
For example, for gettext:
- Debian (7 wheezy): 0.18.1 (backports 0.18.3)
- Ubuntu (14.04 trusty LTS): 0.18.3
- Fedora (20 Heisenbug): 0.18.3
- openSUSE (13.2): 0.19.2
- Mageia (4): 0.18.3
From this list, we select the earliest version of the package. Normally this would be 0.18.1 because of Debian Wheezy, however, because of presence of an official backports channel we assume 0.18.3.
We will maintain a wiki page on phab which contains a table with already checked dependencies and their corresponding version. These will get update once a new distro release happens. If you want to add a new dependency please fill the wiki page with your findings.
Example dependency table:
|Dependency||Debian (7 wheezy)||Ubuntu (14.04 trusty LTS)||Fedora (20 Heisenbug)||openSUSE (13.2)||Mageia (4)||Current EFL version|
|gettext||0.18.1 (backports 0.18.3)||0.18.3||0.18.3||0.19.2||0.18.3||0.18.0|
After this list is built, it is checked whether we require a feature present in this version and not present in older versions. If this is the case, we can say it's safe to use this version; but if this is not the case, we can still depend on (at minimum) an older version that is the oldest from these baseline distros. In some cases, it's not required to check the version at all. In these cases, we don't check and skip the whole policy.
The goal is to set solid rules on how dependencies can be used in the EFL without harming our users but at the same time without having to support very old, obsolete versions of libraries and tools. It is important to set a balance between keeping things reasonably up to date without actually alienating a large part of our user base.
It can also serve as a hint for package maintainers on the requirements of the EFL to be included.