Re: new win32 port of GTK http://introspector.sourceforge.net/dia_win32.htm



Let's compare two scenarios:

1) Alice downloads the binary MUMBLE build from Bob's site, and
downloads libfoo (that MUMBLE requires) from another site, linked to
from Bob's MUMBLE site. Everything works together. Later the other
server disappears, the libfoo maintainer is run over by a train, or
whatever. Ouch. But Alice still has the libfoo she downloaded
previously, and everything continues to work for her. She can download
new versions of MUMBLE, and the work with her old copies of
libfoo. Eventually Bob, the provider of the MUMBLE build notices (is
told) that his libfoo links are dead, and either finds another place
to link to for the same stuff, or puts his own tucked-away copies up
for download instead at his site.

2) Bob's site has copies of the libfoo build and sources. These copies
are what he had fetched at some time, and he doesn't keep checking for
updates to libfoo every now and then. After some months, a security
hole in libfoo is found and fixed, and the other, more official,
libfoo distribution site is updated. Bob doesn't know about that, and
keeps offering his insecure copies.

Which one is better?

--tml





[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]