LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

PostgreSQL 9.3 beta: Federated databases and more

LWN.net Weekly Edition for May 9, 2013

(Nearly) full tickless operation in 3.10

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Wheeler: Insecure open source software libraries?

Wheeler: Insecure open source software libraries?

Posted Apr 8, 2012 18:31 UTC (Sun) by rqosa (subscriber, #24136)
In reply to: Wheeler: Insecure open source software libraries? by khim
Parent article: Wheeler: Insecure open source software libraries?

> But yes, if developer releases program for some platform (especially if said program is sold for $$) then s/he must do Q&A - or else why release anything at all?

The developer shouldn't try to do QA on every Linux distribution out there — doing it on just one major distro should be sufficient, and the user community will figure out how to get it to work on any other distro where there's enough demand for the app in question.

> Android releases include a lot of customizations - yet most of them don't affect app developers at all.

You could say the same thing about Windows — when it's preinstalled on PCs, it usually has customizations specific to that PC model and its manufacturer. As far as the platform APIs are concerned, though, it's still a monoculture.

> If you'll visit any FOSS conference you'll see how many former Linux users finally understood it… and decided that life is too short to play these games.

Yaaawwwnnnnn… We've heard a billion variations on the theme of "Linux is dying" (much of which was thinly-disguised propaganda FUD) for more than a decade now, and it's not even once been true. As far as I'm concerned, the Linux user experience just keeps getting better and better as time goes on, and that could hardly happen if users were abandoning the platform in droves.

> Most of them are now MacOS users, but some returned back to Windows.

Funny you should say that. 11 years ago, I thought that Mac OS X was great — it should run all the Unixy stuff I'm used to, plus most of the proprietary stuff that's not available on Linux, so what's not to like? Then I tried to actually use it, and quickly got frustrated by how many hoops I had to jump through to do things that on Linux would have needed little more than "apt-get install foo" or "./configure && make install". Since then I've been unwillingly dragged back to it at least once, and it was just as bad as ever.

I dare you to try this: build the latest Git snapshot of FFmpeg on Mac OS X. I tried that once (well, except FFmpeg was still using SVN back then), and it went something like this: first I had to untar the Fink tarball into a directory, then figure out how to change sone config file to enable building source packages from the unstable branch of Fink, then run the command to build it — which made it download lots of stuff, compile said stuff, download lots more stuff, compile it, and on and on and on until I ran out of patience.

(Log in to post comments)

Wheeler: Insecure open source software libraries?

Posted Apr 9, 2012 1:49 UTC (Mon) by Cyberax (✭ supporter ✭, #52523) [Link]

>Then I tried to actually use it, and quickly got frustrated by how many hoops I had to jump through to do things that on Linux would have needed little more than "apt-get install foo" or "./configure && make install"

So that's why you use fink ( http://www.finkproject.org/ ) or simply do "./configure && make install" on Mac OS X.

Oh, and there's that newfangled marketplace for consumer software.

Wheeler: Insecure open source software libraries?

Posted Apr 9, 2012 21:48 UTC (Mon) by rqosa (subscriber, #24136) [Link]

> So that's why you use fink ( http://www.finkproject.org/ ) or simply do "./configure && make install" on Mac OS X.

Did you read the paragraph below that? Like I said there, I did use Fink — and even so, I found it very frustrating to do things that were easy to do with Linux distributions / package managers.

For one thing, there seemed to be lots of packages which were available only as source packages in the "unstable branch" (I forget the exact terminology it used), which required me to edit a config file to switch to that branch (or else the package manager would say that the package in question doesn't exist), and I had a hard time finding the documentation that explained how to make that change. And then once I got that far, trying to build the package made it take a huge amount of time downloading and compiling dependencies and build-dependencies, to the point that I never even found out whether it actually finished or not. (This all happened during a group meeting for a class project, where I was trying to install FFmpeg on someone else's computer so he could use it to transcode video files, and it was still downloading/compiling things when I left for the day.)

By comparison, building source packages on Linux distributions (such as AUR packages on Arch Linux) has always seemed a lot easier to me. I suppose it's partly because Mac OS X by default has next to none of the dependencies and build-dependencies installed (e.g. build tools aren't installed, and neither are lots of the libraries which generic-Unix programs like ffmpeg depend on and which are likely already installed on a machine running a Linux distro), and partly because the developer community for Fink is smaller than that of the major Linux distributions and/or unofficial package repositories like the AUR (and other Fink-like projects, such as MacPorts, seem to be even smaller) thus it has fewer packages.

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds