How to best deal with bundled libraries

Adam Williamson awilliam at redhat.com
Mon Apr 6 21:57:28 UTC 2009


On Sun, 2009-04-05 at 22:37 -0400, David Nalley wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> A number of PHP web applications have the nasty habit of bundling
> libraries with their packages.
> 
> Upstream's logic for doing so (that shared hosting might not have
> access to all of the libraries in question and leave the user with no
> way to install the libraries) at least seems plausible at first
> glance.
> 
> However, the question I bring is how best to deal with these, at least
> two options jump out at me:
> 
> 1. Patch source to point to the library installed on the system rather
> than the bundled
> OR
> 2. symlink from the bundled location to the system library.
> 
> #1 strikes me as cleaner, but also more difficult to maintain.
> 
> #2 strikes me as dead easy, but also a bit more hackish.
> 
> I've talked to several people individually, and none knew of a
> preference, hence I beg the wisdom of the list.

Ideally, #0: explain the situation to upstream and have them ship an
alternative version. This is done, for instance, for roundcubemail,
which has a 'full-fat' download with copies of libraries included, and a
'dependent' download which doesn't include any dependencies and is set
to look for system wide copies. Naturally, distributions use the
'dependent' tarball.
-- 
Adam Williamson
Fedora QA Community Monkey
IRC: adamw | Fedora Talk: adamwill AT fedoraproject DOT org
http://www.happyassassin.net




More information about the devel mailing list