Re: Needed: tooling to detect references to buggy */stable packages

[Mark H Weaver]

Hi Ludovic,

Ludovic Courtès <ludo@gnu.org> writes:

> Mark H Weaver <mhw@netris.org> skribis:
>
>> It occurs to me that we will need some tooling to ensure that no
>> references to these buggy "*/stable" packages end up in package outputs
>> that users actually use.  Otherwise, it is likely that sooner or later,
>> a runtime reference to one of these buggy packages will sneak in to our
>> systems.
>
> Couldn’t we use #:disallowed-references for this?

Yes, but it would be suboptimal because we would have to remember to
explicitly add #:disallowed-references to every package that uses these
*/stable packages but is not itself a */stable package.

The number of packages that would need to be annotated with
#:disallowed-references is a couple of orders of magnitude larger than
the number of */stable packages that would need to be annotated with a
'build-time-only' flag.

Part of the motivation behind this proposed tooling is to avoid simple
mistakes leading to buggy code on our systems.  For example, given the
large number of packages that could use 'gtk-doc/stable', I think it's
quite likely that people will start adding 'gtk-doc/stable' to other
packages (mimicking what they see from existing packages), and might
forget to add the associated #:disallowed-references annotations.

Ideally, the 'build-time-only' flags would be used to automatically
generate a set of _implicit_ #:disallowed-references for each package,
to be added to the explicitly given ones.

More concretely: the implicit #:disallowed-references for packages
marked 'build-time-only' would be empty.  For other packages, it would
include all outputs of all 'native-inputs' and 'inputs' (and ideally
including implicit inputs) that are marked as 'build-time-only'.

What do you think?

      Thanks,
        Mark