| 1 |
On Wed, Nov 19, 2014 at 7:36 PM, hasufell <hasufell@g.o> wrote: |
| 2 |
> |
| 3 |
> But keep in mind that the core is supposed to shrink with this idea of a |
| 4 |
> distributed model! So it would be less work to actually roll/tag |
| 5 |
> releases than it would be right now (or even do that stuff in branches). |
| 6 |
|
| 7 |
This doesn't really make the issue go away. Are all dependencies |
| 8 |
going to have to stay in the core? That is a lot of packages, and |
| 9 |
we'll need lots of controls so that updates to those dependencies |
| 10 |
don't break all of these distributed repos whose existence we may not |
| 11 |
even be aware of. |
| 12 |
|
| 13 |
Or, maybe we allow the dependencies to be in the overlays. Now we |
| 14 |
have the issue that there might be 5 different editions of that |
| 15 |
floating around, and different packages depend on different ones, but |
| 16 |
they're not intended to co-exist. Oh, and you still have the problem |
| 17 |
that if the dependency changes it could break anything that uses it. |
| 18 |
|
| 19 |
|
| 20 |
> |
| 21 |
> Exherbo is already running a more modular approach, I'd be interested |
| 22 |
> what they have to say about this or which problems they were facing. |
| 23 |
> I'll probably also dig a bit deeper into NixOS and see what tools they |
| 24 |
> use for creating NixOS based distros. |
| 25 |
> |
| 26 |
|
| 27 |
I'm not sure how Exherbo is doing things, I'm certainly interested in |
| 28 |
their comments. From what I've read about Nix, it basically installs |
| 29 |
every package-version into its own directory tree, so if zlib is in 75 |
| 30 |
different repositories, and has 2 SONAMEs in use, then you'll have up |
| 31 |
to 150 copies of it installed on your system each in its own directory |
| 32 |
tree, assuming you have 150 packages each using a different fork of |
| 33 |
it. I'll optimistically assume that only half of them contain |
| 34 |
security issues. :) |
| 35 |
|
| 36 |
That is my issue with some of these more devops-oriented approaches |
| 37 |
that try to bypass the centralized distro. They make things really |
| 38 |
easy for developers, but they seem almost impossible to control from a |
| 39 |
patching/security/integration standpoint. People have brought up |
| 40 |
things like Android and iOS and their framework model as a solution, |
| 41 |
but all the examples of this I've seen are all focused on the |
| 42 |
presentation layer alone. It is great for a mobile app that doesn't |
| 43 |
do anything but open sockets back to a server and display widgets. If |
| 44 |
you're actually building the part of an application that does the real |
| 45 |
logic/work, then suddenly you find yourself caring about a lot more |
| 46 |
than list controls. Good luck finding a framework that includes |
| 47 |
everything in /usr/portage/*-libs |
| 48 |
|
| 49 |
-- |
| 50 |
Rich |
Archives