[haiku-development] Re: What for does SAT solver needed for package management?
- From: David Given <dg@xxxxxxxxxxx>
- To: haiku-development@xxxxxxxxxxxxx
- Date: Tue, 19 Jun 2012 10:50:52 +0100
Kurtis Mullins wrote:
> I like the iea of fat binaries -- but haven't seen them in a long time.
> How well do they work these days realistically in terms of size? Also,
> what about in terms of memory? I always thought that was one of the big
> benefits of shared libraries.
Fat binaries don't work when you start dealing with software with actual
infrastructure --- they only solve shared library dependencies, which is
the easy case. Basically, they're useful for GUI apps only.
Consider a package for a web CMS system. In order to work, the CMS
requires: a web server, logging daemon, and cron (or equivalent). We
want the CMS to plug in to the existing infrastructure so that we don't
end up with a dozen different copies running simultaneously; but we
don't want to limit packages to the infrastructure shipped in the system
because that's, well, limiting. Therefore we have to allow packages to
depend on other packages, and fat binaries won't help here.
(Android doesn't allow apps to depend on other apps. It's a source of
endless frustration to developers, as it means that all this complexity
is pushed onto the user: the market is full of, e.g., launcher themes
that have big banners in the notes saying that you have to have a
specific launcher installed to use it. The package system should just
take care of this.)
Additionally, and most importantly, fat binaries don't allow security
updates. Someone finds another libpng buffer overflow? On a system like
Debian you can just replace the libpng shared library and fix it
everwhere. On a fat binary system you can't fix it *ever*, because
you've got a zillion copies of libpng embedded everywhere, in a zillion
different versions, and some of the developers aren't going to update
their apps. (Debian explicitly forbids fat binaries for precisely this
reason.)
(To be honest, I personally think that Debian have done a pretty decent
job with their packaging architecture, and that it's really not worth
trying to solve all the problems that they've already solved. Haiku
could do *much* worse than just recompiling dpkg and apt and leaving it
at that. Most of the work will be in the packaging policies, anyway.)
--
┌─── dg@cowlark.com ───── http://www.cowlark.com ─────
│ "Parents let children ride bicycles on the street. But parents do not
│ allow children to hear vulgar words. Therefore we can deduce that
│ cursing is more dangerous than being hit by a car." --- Scott Adams
Other related posts:
