List Archive: gentoo-web-user
Note: Due to technical difficulties, the Archives are currently not up to date.
provides an alternative service for most mailing lists.c.f. bug 424647
> Guess I'm missing the point here. What I meant was to change stuff
> require_once(HOME . "/thirdparty/Smarty/Smarty.class.php");
> to something like this:
> $include_path = ini_get('include_path');
> ini_set('include_path', HOME . '/thirdparty' . SEPARATOR .
> What is the negative side of such a change?
None, provided the app is 100% compatible with the version of the Smarty
that's normally bundled with the app. As we discovered with the
PEAR::XMLRPC issues last year, many apps were not compatible with the
latest unbundled version of the library.
> Where is the difference to C or Java?
C uses ELF shared libraries, which are versioned at the library loader
level. PHP, and Java for that matter, has no native support for
You haven't answered the question about how you will address the issue
of versioning unbundled libraries.
> The recent xpdf discussion basically touched the same issue, right?
I don't recall following that discussion.
> Packaging precompiled binaries into java source packages is a common
> practice but has been effictively banned by the java herd. Sometimes
> necessitates larger changes in the build scripts for the app but I
> it increases maintainability in the long run.
> Where is the difference for the php libraries?
The difference is one of culture. The PHP community does not have a
culture of re-usable third party libraries yet. Hopefully that will
improve as developers start to adopt PHP 5, but it's not there yet.
How much work will it be to test PHP apps against unbundled libraries?
How much additional QA work will be generated by faults, because our
testing will not be thorough enough? If UPSTREAM does not adopt your
patches, and does not support the same versions of the libraries that
you provide unbundled, how will they react when Gentoo users report bugs
to them that do not appear in the UPSTREAM release?
How many reported security faults over the last 24 months have been down
to faults in bundled libraries? And how does that compare to the list
of security faults as a whole? For the problems we've dealt with over
the last 24 months, how many security fixes would have been released
sooner to our end-users?
I'm not (yet) convinced that what you want to do has any real benefit to
our users, or to our understaffed team.
firstname.lastname@example.org mailing list