A fun article from Microsoft [LWN.net]

A fun article from Microsoft

Posted Nov 26, 2025 5:22 UTC (Wed) by Cyberax (✭ supporter ✭, #52523)
Parent article: APT Rust requirement raises questions

As if on cue, an interesting article from Microsoft about switching from a "sea of packages" model to a unified monolithic build: https://devblogs.microsoft.com/dotnet/reinventing-how-dot...

They had similar issues to Linux distribution with managing tons of fine-grained dependencies, and making sure the set of versions stays "coherent". And they switched to doing essentially "static builds".

to post comments

A fun article from Microsoft

Posted Nov 26, 2025 9:27 UTC (Wed) by cyperpunks (subscriber, #39406) [Link] (1 responses)

The shared libs approach was pioneered by SunOS / Solaris, which forbids static linking to this day. Linux copied many ideas from Solaris and this is one of them.

The best side effect of the shared libs mantra is that responibility is clear, it's up to the owner/maintainer of the problematic package to get the fix available in repos.

In a static approach a completely new dependency graph and process would be needed, the rust packaging in Fedora seems
to be step in this direction, where a more holistic approach is used.

For core services like sshd and httpd the dependency graph is not huge, however extending to popluar stacks like PHP and Python it gets very complex where fast, due to shared libs but also due to the use of "modules" the framework in question uses.

(Which was the reason for the Xubuntu breach lwn.net wrote about recently.)

Other related problem is the maintainship upstream, if upstream don't create proper releases and follows reasonable versioning scheme (like semver), how is downstream consumers supposed to able to use the software in a safe manner?

There are lots of hard problem to solve here, its far more complex than a simple fight between shared and static linking.

A fun article from Microsoft

Posted Nov 26, 2025 11:59 UTC (Wed) by Wol (subscriber, #4433) [Link]

> The best side effect of the shared libs mantra is that responsibility is clear, it's up to the owner/maintainer of the problematic package to get the fix available in repos.

And if the repo is an unresponsive 3rd party? The trouble is there are too many 3rd parties (upstream AND downstream) in the linux eco-system, and if you're unlucky enough to be dealing with one that doesn't have the bandwidth to deal with your particular problem (isn't that the norm?) ...

Cheers,
Wol

A fun article from Microsoft

Posted Dec 1, 2025 9:28 UTC (Mon) by nim-nim (subscriber, #34454) [Link] (3 responses)

Of course a single monopolistic team does not need packages, dynamic libraries and ABI assurances. It uses other mechanisms (called management and paycheck) to force every developer involved to converge and update to the same component versions. Giving up on packages is a net initial win in such an organization.

It remains to be seen if the other mechanisms manage to herd the cats effectively long term, past experience is not conclusive.

A fun article from Microsoft

Posted Dec 1, 2025 14:16 UTC (Mon) by Wol (subscriber, #4433) [Link] (1 responses)

If you actually read the article, one of the requirements was that distros could/would build the linux_x86 version.

Management and paycheck don't work there ...

Cheers,
Wol

A fun article from Microsoft

Posted Dec 1, 2025 14:36 UTC (Mon) by nim-nim (subscriber, #34454) [Link]

Distributions never had any problem to rebuild clean upstreams, just the ones that were stuck on odd component versions

A fun article from Microsoft

Posted Dec 1, 2025 18:23 UTC (Mon) by Cyberax (✭ supporter ✭, #52523) [Link]

If you read the article, you'll see that they actually had exactly the same problem as something like Debian. And it took them years to finish this project.