You are right, patching all potential applications might be hell. By the way, what is the mechanism used within the GAC to deprecate a version due to security fixes?
Philippe Lavoie Cactus Commerce eBusiness. All Business. Tel 819.778.0313 x302 * 888.CACTUS.0 * Fax 819.771.0921 www.cactuscommerce.com [EMAIL PROTECTED] -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Shahms E. King Sent: Saturday, April 03, 2004 1:58 PM To: [EMAIL PROTECTED] Subject: RE: [Mono-list] About RPMS of .NET packages (using MonoDevelop asa case study) This solves exactly one problem while creating many, many more. "disk space" is not the only concern. Bugfixes, patches, etc. are also important. Imagine, if you will, a world in which every managed, non-core, assembly is installed privately by the application. All of these applications are effectively statically linked to that version of the respective libraries. Now, say a security problem is discovered in one of the dependent libraries so the administrator dutifully updates the system library to fix the problem. Of course, you may not have been aware that the library was in use by that application, let alone using a private copy of it. So the security problem persists until the developer of that application decides to update it. There are many, many other ways of solving the dependency problems you mentioned, even in the UNIX world. Packaging things like that makes perfect sense for "technology demonstrations" or "/opt" but is, quite frankly, idiotic to do on a system level. Especially considering .NET assemblies support interface versioning at a more fine grained level than simple ELF versioning. Parallel installable libraries is just one way of alleviating the "dependency hell" on UNIX and, unlike Windows, it works quite well. -- --Shahms _______________________________________________ Mono-list maillist - [EMAIL PROTECTED] http://lists.ximian.com/mailman/listinfo/mono-list
