Re: spatial stuff detail

[Guido Schimmels <guido schimmels freenet de>]

Am 24.09.2003 10:51:57 schrieb(en) Ross Burton:
> On Wed, 2003-09-24 at 00:12, Guido Schimmels wrote:
> > Because those 50M is not the download size of the fixed apps, but
> > results from the chain reaction triggered by the uncounted cross-
> > dependencies of Debian's messed up dependency graph. That is one of
> the
> > reasons for the increasing popularity of source based distros. Of
> > course source based distros are like waving the white flag and  
> admit
>
> > that Linux is doomed a geek toy.
>
> Erm, what are you smoking?
>
> If the ABI of a library changes, everything which links to it needs  
> to
> be recompiled.

...which in turn means you have to recompile a lot of other things  
which depend on it. There are library to library dependencies, not only  
library to application dependencies. And with a source based distro you  
can limit such library to library to dependencies to your personal  
needs.

> Having a source-based distribution may cure cancer
> and
> end world poverty, but it will not remove the fact that if a library
> changes ABI, all applications which link to it need to be recompiled.

> Of course, ABI changes don't happen often.  For example, a new zlib
> was
> released not too long ago (last year?) which fixed a major security
> hole. This did not change ABI. This did not force a recompile of all
> software which would have lead to a huge download. It resulted in a
> small download for a single library, which fixed all software.  Try
> doing that with a library which is contained inside each and every
> AppFolder you have installed.

I'm getting sick of this strawman argument. Yeah, statically linking  
zlib, libpng etc. would be silly. Where did I advocate something like  
that? A 300M base system, a 300M base system, a 300M base system...

Please read the Cinelerra installation instructions and then tell me if  
they are out of their mind. Or maybe, just maybe, have valid reasons.
What counts is that I can rely on my applications __now__ . When the  
apps you are using are so hopelessly broken, that you expect having to  
upgrade them weekly, that really should make you think.
Considering the codesize of OpenOffice, you should have to download a  
security patch almost daily. Why is this not the case? But suddenly, if  
I link fribidi statically into Abiword, you folks want to make me  
believe there is some dramatic probability my users will have to  
upgrade the whole of Abiword because of a security hole found in  
fribidi. The 4M application executable obviously is next to immune to  
vulnerabilities. But the moment you split a few functions out into a  
library, somehow magically the code of this new library experiences a  
1000 fold increased likelyhood of buffer overflows.

No distributor is able to QA thousands of libraries. I would like to  
know what __you__ are smoking if you believe that. I know I will trust  
the application developer more to offer me a working package than some  
underpaid packaging monkeys.