On Mon, 2005-01-24 at 14:57 -0500, Jeff Spaleta wrote: > Let them use windows... i have no problem with people choosing to use > insecure technology. > But i do have a problem setting up this project in a way that makes it > "very simple" to run old, unmaintained, vulnerable libraries by > inexperienced users of Fedora. You can do some pretty flexible You're not going to stop anyone from installing old libraries; you're just stopping people from running modern applications that depend on last week's libraries. A user's system basically becomes impossible to upgrade and impossible to install new software on until the entire Open Source world recompiles all their packages for the new library. If two libraries could be installed at once the user wouldn't be trapped during the transition - they could just get on with life as normal. > be a package they find on the net in an old ftp. And i definitely > want to encourage package builders to rebuild against libraries that > are being maintained. Is Fedora supposed to be an exercise in speedy RPM rebuilding, or an operating system? > > > > > The best solution is for libraries to not break backwards compatibility > > every other week, that way security fixes are magically present even for 5 > > year old apps. > > This is orthogonal to packaging issues... and frankly... not something > a distributor of libraries can dictate to each upstream project. > Please take your crusade to each and every component project so no > package distributor will ever have to deal with these questions. Oh, but they will, eventually. Looks like Fedora added a gtk2 package instead of just updating the gtk package to the 2.x series. You guys did great with gtk, so what's the problem with other packages? gtk1 is completely unmaintained and not only installed on many users machines, but even shipped with Fedora. ;-) Unfortunately, Fedora seems to be moving towards relying on huge massive centralization of software packages to resolve broken packaging and lazy development. If it isn't shipped with Fedora Core/Extras, users aren't allowed to use it?
