1 |
>From Marius Mauch on Friday, 05 December, 2003: |
2 |
>Hi, |
3 |
>Seeing this "language war" on -dev I think I should say again that the |
4 |
>component model should make us free from language restrictions. There is |
5 |
>no sense in saying "we should use language XXX for portage-ng" as the |
6 |
>goal should be that each component can be implemented in the best |
7 |
>fitting language. So it should be possible to have the dependency |
8 |
>resolver in prolog, the ebuild parser in perl, the frontend in python, |
9 |
>the storage backend in C and so on. Instead of arguing about the "best" |
10 |
>language for implementation we should discuss about the language for the |
11 |
>_interface_ for the component interaction. |
12 |
>Once we have decided on that we can start creating the global |
13 |
>architecture that describes which components interact with each other, |
14 |
>which components are mandatory or optional and so on. Later in that |
15 |
>process we can specify the first function signatures and start |
16 |
>implementing the individual components. Then and not earlier we have to |
17 |
>choose the implementation language. |
18 |
>I hope we can stop the "let's use XXX" discussion now. |
19 |
|
20 |
While I agree that *language* itself is not immediately important, |
21 |
critical distro infrastructure (e.g. dpkg, apt, rpm, emerge) MUST |
22 |
be available when things break, or users will potentially break the |
23 |
packaging system trying to get their box working again. |
24 |
IMHO, such programs should have an absolute minimum dependency chain |
25 |
in order to work. Optimal would be native machine binaries, |
26 |
statically linked. That's my main concern with emerge at the present |
27 |
time--if python breaks, I can no longer emerge until I go around the |
28 |
portage system to bring it back up. |
29 |
At the very least, there ought to be a native machine binary form of |
30 |
a simple packaging system that understands how to work with portage |
31 |
and install *binary* versions of the packages, in case the whole |
32 |
build system is broken. |
33 |
Yes, you can work around things with rescue floppies and the like, but |
34 |
it's much, much more inconvenient than having a statically linked |
35 |
binary that can install a binary version of the b0rked packages and get |
36 |
you back compiling again. (has happened to me 2 times already in |
37 |
half a year of gentooing). |
38 |
A second benefit of statically linking is that trojaned libs won't get |
39 |
used in the install/verify program. It's not much, but it's another |
40 |
ring in the chainmail. |
41 |
Of course, optimally for security, the integrity verification programs |
42 |
ought to be on a read-only medium.... |
43 |
|
44 |
-Joseph |
45 |
|
46 |
|
47 |
-- |
48 |
trelane@××××××××××.net-------------------------------------------------- |
49 |
"We continue to live in a world where all our know-how is locked into |
50 |
binary files in an unknown format. If our documents are our corporate |
51 |
memory, Microsoft still has us all condemned to Alzheimer's." |
52 |
--Simon Phipps, http://theregister.com/content/4/30410.html |
53 |
|
54 |
-- |
55 |
gentoo-dev@g.o mailing list |