1 |
"Stuart Herbert" <Stuart.Herbert@×××××.com> writes: |
2 |
|
3 |
>> While I agree that it is certainly easier to keep the packages as |
4 |
>> UPSTREAM bundles them, I'm not convinced that this is always a good |
5 |
>> idea. If the effort is small, I'd rather patch the package to use the |
6 |
>> standard libraries and send the patch upstream. Not only because it's |
7 |
>> simply bad programming style but also because it's easier to handle |
8 |
>> security this way. |
9 |
> |
10 |
> Best of luck with that ... but don't be surprised if UPSTREAM do not |
11 |
> adopt these patches. It's not always bad programming style - it's often |
12 |
> the only pragmatic thing to do. |
13 |
> |
14 |
> UPSTREAM bundle libraries because bitter experience (with poor ISP and |
15 |
> shared hosting solutions) has taught the PHP community that if you need |
16 |
> a third-party library and you don't bundle it, chances are that the |
17 |
> third-party library won't be available. |
18 |
> |
19 |
> (The PHP and PEAR community also have to accept a lot of the blame for |
20 |
> this state of affairs, by failing to provide an equivalent to CPAN from |
21 |
> day one). |
22 |
|
23 |
Sure, it's absolutely reasonable to bundle the needed libraries so |
24 |
that they are always available even if the system does not provide |
25 |
them. But it is not very hard to avoid to hardwire these libs in your |
26 |
webapp :) This is the only thing I dislike. |
27 |
|
28 |
|
29 |
-- |
30 |
Gunnar Wrobel Gentoo Developer |
31 |
__________________C_o_n_t_a_c_t__________________ |
32 |
|
33 |
Mail: wrobel@g.o |
34 |
WWW: http://www.gunnarwrobel.de |
35 |
IRC: #gentoo-web at freenode.org |
36 |
_________________________________________________ |
37 |
|
38 |
-- |
39 |
gentoo-web-user@g.o mailing list |