LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 23, 2013

An "enum" for Python 3

An unexpected perf feature

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Free is too expensive (Economist)

Free is too expensive (Economist)

Posted Apr 2, 2012 15:04 UTC (Mon) by Cyberax (✭ supporter ✭, #52523)
In reply to: Free is too expensive (Economist) by sorpigal
Parent article: Free is too expensive (Economist)

There's no guarantee that your app will continue to work year from now. For example, I can depend on 'libblah' package which packages version 2.71 of this library. Next year this package might switch to the next incompatible 3.141 version of this library.

(Log in to post comments)

Free is too expensive (Economist)

Posted Apr 2, 2012 16:55 UTC (Mon) by cortana (subscriber, #24596) [Link]

One would hope that, after the switch, the SONAME of libblah would be bumped to indicate this. The distro can then continue to provide the original libblah.so.0 indefinitely. Of course, this is the ideal, and it's not always adhered to strictly, but Debian is pretty good at spotting these kinds of problems and hitting upstream with the cluebat when they screw up.

Free is too expensive (Economist)

Posted Apr 2, 2012 17:19 UTC (Mon) by dark (subscriber, #8483) [Link]

Yeah but that's not a good situation. The compatible version of the library is now unmaintained, orphaned. Is anyone making security fixes for it? More and more maintenance work will fall on the distributions, instead of being done in the project that's focused on the library. And some projects bump their versions several times a year, so the maintenance work on the old versions can really pile up. The result is of course that nobody does it, and installing a program that needs the old versions becomes really difficult.

Free is too expensive (Economist)

Posted Apr 3, 2012 16:38 UTC (Tue) by sorpigal (subscriber, #36106) [Link]

This is why I suggested "May not depend on any package"; that is, presume that you static link everything.

If you permit depending on some packages then this is a risk which the distribution vendor would have to be committed to preventing. Or, the third party repository maintainer might be willing to guarantee/mirror a set of packages at a certain version simply so that the apps can depend on them and only them (and then it's the app store owner's problem if the base distro makes an incompatible change).

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds