1 |
"Stuart Herbert" <Stuart.Herbert@×××××.com> writes: |
2 |
|
3 |
>> Guess I'm missing the point here. What I meant was to change stuff |
4 |
> like |
5 |
>> this: |
6 |
>> |
7 |
>> require_once(HOME . "/thirdparty/Smarty/Smarty.class.php"); |
8 |
>> |
9 |
>> to something like this: |
10 |
>> |
11 |
>> $include_path = ini_get('include_path'); |
12 |
>> ini_set('include_path', HOME . '/thirdparty' . SEPARATOR . |
13 |
> $include_path); |
14 |
>> require_once('Smarty/Smarty.class.php'); |
15 |
>> |
16 |
>> What is the negative side of such a change? |
17 |
> |
18 |
> None, provided the app is 100% compatible with the version of the Smarty |
19 |
> that's normally bundled with the app. As we discovered with the |
20 |
> PEAR::XMLRPC issues last year, many apps were not compatible with the |
21 |
> latest unbundled version of the library. |
22 |
|
23 |
Ok, looked up how the XMLRPC issue was handled and discovered that the |
24 |
library was and still is bundled in a lot of our apps. Also didn't |
25 |
realize that PEAR breaks compatibility between library versions. |
26 |
|
27 |
>> Where is the difference for the php libraries? |
28 |
> |
29 |
> The difference is one of culture. The PHP community does not have a |
30 |
> culture of re-usable third party libraries yet. Hopefully that will |
31 |
> improve as developers start to adopt PHP 5, but it's not there yet. |
32 |
> |
33 |
> How much work will it be to test PHP apps against unbundled libraries? |
34 |
> How much additional QA work will be generated by faults, because our |
35 |
> testing will not be thorough enough? If UPSTREAM does not adopt your |
36 |
> patches, and does not support the same versions of the libraries that |
37 |
> you provide unbundled, how will they react when Gentoo users report bugs |
38 |
> to them that do not appear in the UPSTREAM release? |
39 |
> |
40 |
> How many reported security faults over the last 24 months have been down |
41 |
> to faults in bundled libraries? And how does that compare to the list |
42 |
> of security faults as a whole? For the problems we've dealt with over |
43 |
> the last 24 months, how many security fixes would have been released |
44 |
> sooner to our end-users? |
45 |
> |
46 |
> I'm not (yet) convinced that what you want to do has any real benefit to |
47 |
> our users, or to our understaffed team. |
48 |
|
49 |
I'm not convinced (anymore ;) either. It just did not feel like the |
50 |
right way of doing it and I think the XMLRPC issue is a good example |
51 |
why it can result in problems. But I'm definitely in no mood to change |
52 |
PHP culture :) |
53 |
|
54 |
Thanks for making me aware of the issue. So let's hope for PHP5... |
55 |
|
56 |
Regards |
57 |
|
58 |
Gunnar |
59 |
|
60 |
|
61 |
-- |
62 |
Gunnar Wrobel Gentoo Developer |
63 |
__________________C_o_n_t_a_c_t__________________ |
64 |
|
65 |
Mail: wrobel@g.o |
66 |
WWW: http://www.gunnarwrobel.de |
67 |
IRC: #gentoo-web at freenode.org |
68 |
_________________________________________________ |