Summary/Minutes from today's FESCo Meeting (2015-10-07)

Kevin Kofler kevin.kofler at
Fri Oct 9 23:51:43 UTC 2015

Adam Jackson wrote:
> I'd call that the app not working, yes.  Symbol conflicts are literally
> trivial to find, I'm really not sure why you bring the point up.

Because it is the worst possible consequence of bundled libraries (or abuse 
of compatibility libraries – there too, more effort needs to be spent on 
making things work with the latest version of the library, a compatibility 
library must be only a last resort).

And symbol conflicts are not that trivial to detect:
* The packages will typically build just "fine", the crashes happen only at
* Scanning binary packages for conflicting symbols does not work either
  because they are only a problem if the conflicting libraries get dragged
  into the same executable at runtime.
* The crashes can appear only if or when certain plugins are loaded.
  (Plugins are an additional obstacle for any kind of static analysis.)
* The crashes can appear only on certain desktop environments, because a
  conflicting library can get dragged in by platform integration plugins.
* The crashes can even appear only on certain hardware! One example from the
  past: The dreaded Krita symbol conflict between OpenGTL and Mesa OpenGL
  (which both bundled their own, incompatible copies of LLVM). Krita was
  working fine (or at least without crashing on this symbol conflict) on
  proprietary drivers, but not on the Free ones. (This was originally fixed
  in Fedora and distributions that listened to my advice in the upstream bug
  by making both OpenGTL and Mesa link to the same shared LLVM library. But
  some distributions kept using bundled, static or compatibility copies of
  the LLVM library and thus that crash still existed on some distributions
  years later! It is now historical because OpenGTL was discontinued and
  Krita stopped using it.) This example, by the way, is why I am extremely
  worried about the recent explosion of llvm* compatibility libraries in
* A symbol conflict that happens not to cause a crash can suddenly start
  crashing if the implementation of one of the 2 versions of the library

So to me, this is a giant scary mine field that is just waiting for somebody 
to step on it. And I get the feeling that the vast majority of our packagers 
does not understand the risk.

        Kevin Kofler

More information about the devel mailing list