Wheeler: Insecure open source software libraries?
Posted Apr 9, 2012 7:18 UTC (Mon) by khim
In reply to: Wheeler: Insecure open source software libraries?
Parent article: Wheeler: Insecure open source software libraries?
TL;DR: we try to implement Linux-style policy and have a problem under MacOS/Windows, boo hoo, cry me a river.
Our experience is total opposite because we bundle everything with our packages and don't even try to install anything in system directory.
This is the only sane approach in a world without central packaging repository.
This works with Linux, too, but then we regularly hit the “missing library” or “wrong library version” issues on different distros.
In a sense you are right: Linux way works poorly in MacOS/Windows while MacOS/Windows way is unreliable under Linux. But the fact of the matter is: most users and most developers use MacOS/Windows. And, frankly, 24 packages instead of one is just too much.
Of course the solution is then to install all the bundled dll:s into our application directory but that is also ugly since the user now cannot take benefit of our updated libraries for the other software on his/her computer that uses the same library.
And this is a problem, because… why exactly is it a problem? Why do you want to impose your unrequested “help” on other programs? I can understand the situation where upstream provides official installer (for example, MSVC runtume comes with appropriate installer), but why tempt fate with source-only libraries?
to post comments)