1 |
On Wed, Nov 19, 2014 at 7:36 PM, hasufell <hasufell@g.o> wrote: |
2 |
> |
3 |
> But keep in mind that the core is supposed to shrink with this idea of a |
4 |
> distributed model! So it would be less work to actually roll/tag |
5 |
> releases than it would be right now (or even do that stuff in branches). |
6 |
|
7 |
This doesn't really make the issue go away. Are all dependencies |
8 |
going to have to stay in the core? That is a lot of packages, and |
9 |
we'll need lots of controls so that updates to those dependencies |
10 |
don't break all of these distributed repos whose existence we may not |
11 |
even be aware of. |
12 |
|
13 |
Or, maybe we allow the dependencies to be in the overlays. Now we |
14 |
have the issue that there might be 5 different editions of that |
15 |
floating around, and different packages depend on different ones, but |
16 |
they're not intended to co-exist. Oh, and you still have the problem |
17 |
that if the dependency changes it could break anything that uses it. |
18 |
|
19 |
|
20 |
> |
21 |
> Exherbo is already running a more modular approach, I'd be interested |
22 |
> what they have to say about this or which problems they were facing. |
23 |
> I'll probably also dig a bit deeper into NixOS and see what tools they |
24 |
> use for creating NixOS based distros. |
25 |
> |
26 |
|
27 |
I'm not sure how Exherbo is doing things, I'm certainly interested in |
28 |
their comments. From what I've read about Nix, it basically installs |
29 |
every package-version into its own directory tree, so if zlib is in 75 |
30 |
different repositories, and has 2 SONAMEs in use, then you'll have up |
31 |
to 150 copies of it installed on your system each in its own directory |
32 |
tree, assuming you have 150 packages each using a different fork of |
33 |
it. I'll optimistically assume that only half of them contain |
34 |
security issues. :) |
35 |
|
36 |
That is my issue with some of these more devops-oriented approaches |
37 |
that try to bypass the centralized distro. They make things really |
38 |
easy for developers, but they seem almost impossible to control from a |
39 |
patching/security/integration standpoint. People have brought up |
40 |
things like Android and iOS and their framework model as a solution, |
41 |
but all the examples of this I've seen are all focused on the |
42 |
presentation layer alone. It is great for a mobile app that doesn't |
43 |
do anything but open sockets back to a server and display widgets. If |
44 |
you're actually building the part of an application that does the real |
45 |
logic/work, then suddenly you find yourself caring about a lot more |
46 |
than list controls. Good luck finding a framework that includes |
47 |
everything in /usr/portage/*-libs |
48 |
|
49 |
-- |
50 |
Rich |