On Thu, Feb 07, 2008 at 09:58:25AM -0800, John Plocher wrote: > Bart Smaalders wrote: > > Please describe how a FOSSS project would deliver a new, incompatible > > version of a library used by multiple FOSS "things". Take as an example > > rev'ing OpenSSL. > > Designing on-the-fly: > > The OpenSSL team would deliver a new versioned binary package > into the "bleeding edge" repository. > > The ON consolidation's security team would react to the availability > of a new OpenSSL by installing it, testing it, fixing the interactions > that broke with it, etc, iterating as needed with bug reports to the > [...]
It'd be better if the OpenSSL community had interface and release taxonomies roughly compatible with ours, very rare major releases (in the sense of breaking compatibility), and, where the had to do major releases, if they took some pains to avoid DLL hell. But they don't. What's my point? I'm not sure. I'd like us to work on ways to diminish DLL hell without that meaning either that many communities must synchronize release trains nor that distros must do all the work that you describe, nor that we can't ship multiple versions of things like OpenSSL, nor that we must lag years behind comunities that do major releases often. I'm sure we can't do anything comprehensive here though, so maybe I'm just carping. But if anyone wants to discuss doing something, anything, about this, then feel free to contact me about it off-list. Nico --
