pkgsrc-Users archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: Anti-bundling materials





On Sun, 22 Aug 2021 at 11:33, Rhialto <rhialto%falu.nl@localhost> wrote:
On Sat 21 Aug 2021 at 17:19:12 -0500, Jason Bacon wrote:
> What I'm saying here is the bundled library *is* the problem since it has
> known vulnerabilities or bugs, and we can't just hack the build system to


I'd think of it more as a consequence.

To me, the things things are driving this are:
- rapidly evolving projects dependant on a just as rapidly evolving set of external dependencies - freezing at least contains some of the complexity
- language tools encouraging this by making freezing/bundling the accepted norm
no amount of moralizing will solve this.
 
One issue that I haven't seen mentioned is the need for some packages to
have portability fixes, which then need to be replicated into vendored
packages. That could be a good addition to the list of issues.

-Olaf.
--
___ "Buying carbon credits is a bit like a serial killer paying someone else to
\X/  have kids to make his activity cost neutral." -The BOFH    falu.nl@rhialto



Home | Main Index | Thread Index | Old Index