Wheeler: Insecure open source software libraries?
Posted Apr 7, 2012 12:55 UTC (Sat) by rqosa
In reply to: Wheeler: Insecure open source software libraries?
Parent article: Wheeler: Insecure open source software libraries?
> One distribution will have libpng 1.2, another one will have libpng 1.5, one will include some fixes backported from older version of library, another will have bugs.
If a distro-provided library has bugs, then that's not the application developer's fault, and shouldn't be treated as such.
> WTF? Why should I support all that zoo?
You shouldn't. Instead, you should just pick an API-version of the library that's still maintained, and support only that one.
The distributions will generally include any still-maintained version of a library as long as there is other software in the distribution that depends on it, and when they drop it, it's time for any remaining apps to either migrate away from the obsolete library or else get dropped by the distributions.
> OS should mostly provide facilities I can not easily bundle with the application
That sounds like Mac OS X, where you often have to update the whole OS to the next version in order to run the one program you want. No thanks!
to post comments)