On Fri, Jun 15, 2007 at 12:29:13PM +0100, Richard W.M. Jones wrote: > Axel Thimm wrote: > >I wonder whether this is maybe overdesigned. AFAIU this signature > >hashing was made because ocaml is not considered stable enough to > >carry over signatures from release to release. > > > >Same could be told about hundreds of C libraries, wouldn't the > >neccessity in ocaml then imply a neccessity to hash C-library APIs as > >well? Maybe it's something we will consider to do someday, but the > >order would be to cater for C/C++/Fortran/etc libraries first and then > >for niche languages like ocaml. > > > >I think it's a bit too much, or did I miss something important (I'm > >not a real ocaml user, there is just this one application that even > >justifies ocaml's existance ;) > > No, it's really necessary and has nothing to do with stability or > otherwise of OCaml (which is a very mature language that has been around > in one form or another since the mid 80s). > > When OCaml compiles a library A, it takes a hash over the whole > interface -- every single function, every argument to every function, > and some of the internals, are just some of the things included in this > hash. > > When OCaml compiles library B which depends on library A, it encodes the > hash of A into B. > > Now we come to link a program against library B (and hence against > library A). The hashes are checked and the linking will fail if, for > example, the hash of A has changed since B was compiled. > > C has only weak checking in comparison. Sure, you can change a library, > but you'd better hope for example that some struct in that library > didn't change the size of one of its fields. If it did your program > will still link, but will fail in interesting ways at runtime. > > OCaml's checking has the big downside, which is that it goes above and > beyond what is necessary for just checking compatibility. For example, > you can't add more functions to library A, even though such a change is > probably safe. Nevertheless, RPM hashes are just enforcing what the > OCaml linker enforces, and without them you'd be able to install > incompatible OCaml RPMs which won't actually work together. Thanks Rich for dusting off an old mind. I agree, if this is an upstream mechanism that makes even conventional rpm packaging fail, then we need that. I thought it was something put on top of ocaml, e.g. a pure packaging level hashing. Standing corrected and in agreement now. ;) -- Axel.Thimm at ATrpms.net
Attachment:
pgpnDKWIMbkBO.pgp
Description: PGP signature
-- Fedora-packaging mailing list Fedora-packaging@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-packaging
