Bart Smaalders wrote: > Please describe how a FOSSS project would deliver a new, incompatible > version of a library used by multiple FOSS "things". Take as an example > rev'ing OpenSSL.
Designing on-the-fly: The OpenSSL team would deliver a new versioned binary package into the "bleeding edge" repository. The ON consolidation's security team would react to the availability of a new OpenSSL by installing it, testing it, fixing the interactions that broke with it, etc, iterating as needed with bug reports to the OpenSSL team and a stream of updated bleeding edge versions. Once things "worked", a new version of ON would be pushed to the bleeding edge repository and the recipe for building an ON-based distro would be updated to reflect the new OpenSSL version. This is effectively what is done today at the source code level, but with OpenSSL copy/pasted into ON's source tree. It also may be that this fits better with middleware and leaf-node packages as found in SFW rather than ON. Think sizeof(debian) -vs- sizeof(SFW).... > Which of course precludes software that will only compile w/ g++. Even if we delivered a g++ version of the lib, it would only work if you also used only and exactly the same version of g++ to compile your application - if the compilers were different, it would be just as if we never shipped the library in the first place.
