On 29 July 2013 03:32, Subhendu Ghosh <sghosh151@xxxxxxxxx> wrote: > > On Fri, Jul 26, 2013 at 6:40 PM, Reindl Harald <h.reindl@xxxxxxxxxxxxx> > wrote: >> >> > >> > In the OS/App differentiation, you are expecting each is coming from a >> > different source. >> > Apps are either boxed, or coming from a project. >> > The app provider should fix their version of libxml, and the OS provider >> > should fix their version of libxml >> >> which is the definition of "fundamentally flawed" >> period > > > > > Lets disagree here. I don't believe it is fundamentally flawed. > > It seems you are expecting every software developer in the world to accept > the versions that a Fedora packager has selected for a release without > regards to functionality or changes being exposed. No wonder it it becomes > impossible to run any app "on " Fedora for any length of time. > This is the price you pay for having updated versions of libraries with security fixes and functionality, and it's why Linux distributions use open source (and one reason non OS software is tricky), provided the library API hasn't changed you just rebuild against the newer library. The original developer doesn't need to know what version you're building against. Alternatively if there's a vulnerability in an old zlib or libxml (not unheard of so far as I know) then every app that bundles it is potentially vulnerable and old software dies as its bundled libraries become unreliable through incompatibility with the system calls, display libraries and newer protocols. -- imalone http://ibmalone.blogspot.co.uk -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
