Gentoo Archives: gentoo-web-user

From: Stuart Herbert <Stuart.Herbert@×××××.com>
To: gentoo-web-user@l.g.o
Subject: RE: [gentoo-web-user] Java Script Libraries
Date: Thu, 23 Feb 2006 13:22:37
Message-Id: ADCB49082E30F44986E6FAC26F581BDF221A56@baley.hq.boxuk.net
> Guess I'm missing the point here. What I meant was to change stuff
like
> this: > > require_once(HOME . "/thirdparty/Smarty/Smarty.class.php"); > > to something like this: > > $include_path = ini_get('include_path'); > ini_set('include_path', HOME . '/thirdparty' . SEPARATOR .
$include_path);
> require_once('Smarty/Smarty.class.php'); > > What is the negative side of such a change?
None, provided the app is 100% compatible with the version of the Smarty that's normally bundled with the app. As we discovered with the PEAR::XMLRPC issues last year, many apps were not compatible with the latest unbundled version of the library.
> Where is the difference to C or Java?
C uses ELF shared libraries, which are versioned at the library loader level. PHP, and Java for that matter, has no native support for versioning libraries. You haven't answered the question about how you will address the issue of versioning unbundled libraries.
> The recent xpdf discussion basically touched the same issue, right?
I don't recall following that discussion.
> Packaging precompiled binaries into java source packages is a common > practice but has been effictively banned by the java herd. Sometimes > necessitates larger changes in the build scripts for the app but I
guess
> it increases maintainability in the long run. > > Where is the difference for the php libraries?
The difference is one of culture. The PHP community does not have a culture of re-usable third party libraries yet. Hopefully that will improve as developers start to adopt PHP 5, but it's not there yet. How much work will it be to test PHP apps against unbundled libraries? How much additional QA work will be generated by faults, because our testing will not be thorough enough? If UPSTREAM does not adopt your patches, and does not support the same versions of the libraries that you provide unbundled, how will they react when Gentoo users report bugs to them that do not appear in the UPSTREAM release? How many reported security faults over the last 24 months have been down to faults in bundled libraries? And how does that compare to the list of security faults as a whole? For the problems we've dealt with over the last 24 months, how many security fixes would have been released sooner to our end-users? I'm not (yet) convinced that what you want to do has any real benefit to our users, or to our understaffed team. Best regards, Stu -- gentoo-web-user@g.o mailing list

Replies

Subject Author
Re: [gentoo-web-user] Java Script Libraries Gunnar Wrobel <wrobel@g.o>