Proposal to reduce anti-bundling requirements
Stephen Gallagher
sgallagh at redhat.com
Thu Sep 10 15:25:00 UTC 2015
On Thu, 2015-09-10 at 16:04 +0100, Peter Robinson wrote:
> > > > I would like to propose that the no-bundled-libraries policy be
> > > > amended as follows: "Any package that has an existing
> > > > mechanism to
> > > > link against a shared system library and functions correctly
> > > > when
> > > > doing so must link against that library and not bundle it
> > > > internally.
> > > > Any package whose upstream releases cannot link against a
> > > > shared
> > > > system library (or are incompatible with the version in
> > > > Fedora) may
> > > > bundle that library (without requiring a special exemption) but
> > > > MUST
> > > > add Provides: bundled(<libname>) = <version> in the spec file
> > > > for
> > > > each
> > > > known bundled library.(This will allow us to track down the
> > > > bundling
> > > > when we need to). Package maintainers should continue attempt
> > > > to
> > > > engage upstream to support linking against shared system
> > > > libraries
> > > > wherever possible, due to the advantages it provides the
> > > > package
> > > > maintainer."
> > >
> > > Is <libname> the name of the SRPM which provides the system
> > > version
> > > of
> > > the library?
> >
> > Exact implementation TBD. I didn't want to get too far into the
> > technical details. Assume it to be a generally agreed-upon format.
> >
> >
> > >
> > > How do you propose to resolve symbol conflicts if both the system
> > > library and the bundled library are loaded into the same process?
> > > The
> > > current ELF linking scheme lacks good support for bundling
> > > libraries
> > > whose exported symbols have not been mangled in some way.
> > >
> >
> > I expect such cases to be rare and dealt with on an as-needed
> > basis.
> > Generally, projects either bundle or don't. The fuzzy area might be
> > with plugins, I guess.
>
> It doesn't matter how rare they are, it'll only take a single bundled
> library handled incorrectly to completely screw a running OS. I don't
> think this is something that can just be swept under the carpet, it
> needs to be addressed as a core part of the proposal and currently is
> not.
>
I think that's overstating the problem, Peter. Users are running
hundreds of applications with bundled libraries today and are not
obviously encountering this potential problem, which leads me to
believe it's very uncommon and therefore not worth blocking progress
on. Yes, it would be useful to have a plan in place for how to deal
with it when it does happen. No, I don't think the plan has to be
perfect before it can move forward.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: This is a digitally signed message part
URL: <http://lists.fedoraproject.org/pipermail/devel/attachments/20150910/cdfb5c9b/attachment.sig>
More information about the devel
mailing list