On Sun, Sep 19, 2010 at 10:57:10AM +0200, Carsten Munk wrote:
> 2010/9/19 Adrian Bunk <[email protected]>:
> > On Sun, Sep 19, 2010 at 09:57:33AM +0200, Carsten Munk wrote:
> >> 2010/9/18 Adrian Bunk <[email protected]>:
> >> > Assume I'm providing 5 applications using SDL, each in an own
> >> > repository.
> >> >
> >> > Then I'll dump the upstream SDL souces into each of the 5 source
> >> > packages, and each of them will build a libsdl package that will
> >> > then be available in the repository of this application.
> >> >
> >> > If there's a security bug in SDL, I have to manually update the SDL
> >> > sources in each application.
> >> >
> >> > Is that a correct understanding of your proposal?
> >>
> >> No, my hope is that compliance would discourage this behaviour and
> >> make people push APIs to Staging and take responsibility for them
> >> instead (security fixes, updates, etc)
> >
> > Can applications using non-OSS libraries from 3rd parties be compliant?
>
> No - if someone uses for example Nokia Ovi Store specific APIs, how
> can this expect to run on all MeeGo devices?
Hypothetical example:
if (nvidia_graphics)
use libmeegonvidia
else
use slower code path
libmeegonvidia might be non-OSS but freely distributable.
Or think of some math library that is non-OSS but freely distributable
and works on all MeeGo devices.
> >> > Also note that it is possible that for legal and/or political reasons
> >> > the library cannot be included in MeeGo Core or MeeGo Profile
> >> > repositories (consider e.g. audio/video codecs and software patents).
> >>
> >> Agreed, but this would be typically be a problem for app stores too.
> >>
> >> We would have to rely on frameworks as GStreamer to deal with codecs,
> >> I would guess. Can an application that relies on MP3 codec be MeeGo
> >> compliant as not all MeeGo installs will have it? :)
> >
> > According to your rules, it just has to ship an MP3 GStreamer plugin.
> >
> > What should happen when two applications from different repositories
> > ship the same MP3 GStreamer plugin?
>
> Well, this is another funny issue, because packages are supposed to
> install into /opt/packagename.
So if I'd write an app that does audio+video encoding supporting many
codecs I'd make my app compliant by installing all the GStreamer stuff
and libraries I need under /opt/packagename.
With your compliance rules I wouldn't have any other choice.
That's a possible solution, it just doesn't match your stated
intentions.
> Could I ask for how you would word the rules and at the same time,
> make this type of compliance testable by a machine? - keep the eye on
> the ball, MeeGo compliant applications that is stated as compliant for
> MeeGo version X, optionally only profile Y, must install without
> errors on MeeGo version X, profile Y if specified.
>
> Let's get a hands-on approach for this.
I'd suggest to add library repositories:
- libraries in a library repository have to fulfill compliance rules
similar to applications
- a repository must specify which library repositories it uses
- a library can only be in one repository (unless it changed the soname)
Not sure if that's feasible, but that's the route I'd try.
> BR
> Carsten Munk
cu
Adrian
--
"Is there not promise of rain?" Ling Tan asked suddenly out
of the darkness. There had been need of rain for many days.
"Only a promise," Lao Er said.
Pearl S. Buck - Dragon Seed
_______________________________________________
MeeGo-dev mailing list
[email protected]
http://lists.meego.com/listinfo/meego-dev
