Gentoo Archives: gentoo-web-user

From: Gunnar Wrobel <wrobel@g.o>
To: gentoo-web-user@l.g.o
Subject: Re: [gentoo-web-user] Java Script Libraries
Date: Thu, 23 Feb 2006 14:25:22
Message-Id: 87hd6qxiek.fsf@monastery.lucy.homelinux.net
In Reply to: RE: [gentoo-web-user] Java Script Libraries by Stuart Herbert
"Stuart Herbert" <Stuart.Herbert@×××××.com> writes:

>> Guess I'm missing the point here. What I meant was to change stuff > like >> this: >> >> require_once(HOME . "/thirdparty/Smarty/Smarty.class.php"); >> >> to something like this: >> >> $include_path = ini_get('include_path'); >> ini_set('include_path', HOME . '/thirdparty' . SEPARATOR . > $include_path); >> require_once('Smarty/Smarty.class.php'); >> >> What is the negative side of such a change? > > None, provided the app is 100% compatible with the version of the Smarty > that's normally bundled with the app. As we discovered with the > PEAR::XMLRPC issues last year, many apps were not compatible with the > latest unbundled version of the library.
Ok, looked up how the XMLRPC issue was handled and discovered that the library was and still is bundled in a lot of our apps. Also didn't realize that PEAR breaks compatibility between library versions.
>> Where is the difference for the php libraries? > > The difference is one of culture. The PHP community does not have a > culture of re-usable third party libraries yet. Hopefully that will > improve as developers start to adopt PHP 5, but it's not there yet. > > How much work will it be to test PHP apps against unbundled libraries? > How much additional QA work will be generated by faults, because our > testing will not be thorough enough? If UPSTREAM does not adopt your > patches, and does not support the same versions of the libraries that > you provide unbundled, how will they react when Gentoo users report bugs > to them that do not appear in the UPSTREAM release? > > How many reported security faults over the last 24 months have been down > to faults in bundled libraries? And how does that compare to the list > of security faults as a whole? For the problems we've dealt with over > the last 24 months, how many security fixes would have been released > sooner to our end-users? > > I'm not (yet) convinced that what you want to do has any real benefit to > our users, or to our understaffed team.
I'm not convinced (anymore ;) either. It just did not feel like the right way of doing it and I think the XMLRPC issue is a good example why it can result in problems. But I'm definitely in no mood to change PHP culture :) Thanks for making me aware of the issue. So let's hope for PHP5... Regards Gunnar -- Gunnar Wrobel Gentoo Developer __________________C_o_n_t_a_c_t__________________ Mail: wrobel@g.o WWW: http://www.gunnarwrobel.de IRC: #gentoo-web at freenode.org _________________________________________________