Summary/Minutes from today's FESCo Meeting (2015-10-07)
Kevin Kofler
kevin.kofler at chello.at
Fri Oct 9 23:51:43 UTC 2015
Adam Jackson wrote:
> I'd call that the app not working, yes. Symbol conflicts are literally
> trivial to find, I'm really not sure why you bring the point up.
Because it is the worst possible consequence of bundled libraries (or abuse
of compatibility libraries – there too, more effort needs to be spent on
making things work with the latest version of the library, a compatibility
library must be only a last resort).
And symbol conflicts are not that trivial to detect:
* The packages will typically build just "fine", the crashes happen only at
runtime.
* Scanning binary packages for conflicting symbols does not work either
because they are only a problem if the conflicting libraries get dragged
into the same executable at runtime.
* The crashes can appear only if or when certain plugins are loaded.
(Plugins are an additional obstacle for any kind of static analysis.)
* The crashes can appear only on certain desktop environments, because a
conflicting library can get dragged in by platform integration plugins.
* The crashes can even appear only on certain hardware! One example from the
past: The dreaded Krita symbol conflict between OpenGTL and Mesa OpenGL
(which both bundled their own, incompatible copies of LLVM). Krita was
working fine (or at least without crashing on this symbol conflict) on
proprietary drivers, but not on the Free ones. (This was originally fixed
in Fedora and distributions that listened to my advice in the upstream bug
by making both OpenGTL and Mesa link to the same shared LLVM library. But
some distributions kept using bundled, static or compatibility copies of
the LLVM library and thus that crash still existed on some distributions
years later! It is now historical because OpenGTL was discontinued and
Krita stopped using it.) This example, by the way, is why I am extremely
worried about the recent explosion of llvm* compatibility libraries in
Fedora.
* A symbol conflict that happens not to cause a crash can suddenly start
crashing if the implementation of one of the 2 versions of the library
changes.
So to me, this is a giant scary mine field that is just waiting for somebody
to step on it. And I get the feeling that the vast majority of our packagers
does not understand the risk.
Kevin Kofler
More information about the devel
mailing list