From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Original-To: caml-list@sympa.inria.fr Delivered-To: caml-list@sympa.inria.fr Received: from mail1-relais-roc.national.inria.fr (mail1-relais-roc.national.inria.fr [192.134.164.82]) by sympa.inria.fr (Postfix) with ESMTPS id 1D3917EC41 for ; Sun, 21 Oct 2012 17:24:29 +0200 (CEST) Received-SPF: None (mail1-smtp-roc.national.inria.fr: no sender authenticity information available from domain of treinen@free.fr) identity=pra; client-ip=178.32.228.17; receiver=mail1-smtp-roc.national.inria.fr; envelope-from="treinen@free.fr"; x-sender="treinen@free.fr"; x-conformance=sidf_compatible Received-SPF: None (mail1-smtp-roc.national.inria.fr: no sender authenticity information available from domain of treinen@free.fr) identity=mailfrom; client-ip=178.32.228.17; receiver=mail1-smtp-roc.national.inria.fr; envelope-from="treinen@free.fr"; x-sender="treinen@free.fr"; x-conformance=sidf_compatible Received-SPF: None (mail1-smtp-roc.national.inria.fr: no sender authenticity information available from domain of postmaster@mo17.mail-out.ovh.net) identity=helo; client-ip=178.32.228.17; receiver=mail1-smtp-roc.national.inria.fr; envelope-from="treinen@free.fr"; x-sender="postmaster@mo17.mail-out.ovh.net"; x-conformance=sidf_compatible X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: AvYHADMThFCyIOQRWGdsb2JhbABEvTeDWRgBFwwICBUngiABAQQBOkQLCxgcEhQvGhOHcQEDBgMKsAUJQQyJVYtfhm8DlXABjluETw X-IronPort-AV: E=Sophos;i="4.80,625,1344204000"; d="scan'208";a="178205572" Received: from mo17.mail-out.ovh.net ([178.32.228.17]) by mail1-smtp-roc.national.inria.fr with ESMTP; 21 Oct 2012 17:24:10 +0200 Received: from 20.mail-out.ovh.net (20.mail-out.ovh.net [91.121.29.228]) by mo17.mail-out.ovh.net (Postfix) with SMTP id E49E3FF89E2 for ; Sun, 21 Oct 2012 17:30:58 +0200 (CEST) Received: (qmail 12808 invoked by uid 503); 21 Oct 2012 15:51:42 -0000 Received: from 85-24-190-109.dsl.ovh.fr (HELO seneca.free.fr) (109.190.24.85) by 20.mail-out.ovh.net with SMTP; 21 Oct 2012 15:51:42 -0000 Received: from rt by seneca.free.fr with local (Exim 4.80) (envelope-from ) id 1TPxNp-0007Yx-NL for caml-list@inria.fr; Sun, 21 Oct 2012 17:24:09 +0200 Date: Sun, 21 Oct 2012 17:24:09 +0200 From: Ralf Treinen To: OCaml mailing list X-Ovh-Mailout: 178.32.228.17 (mo17.mail-out.ovh.net) Message-ID: <20121021152409.GG3966@free.fr> References: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.5.21 (2010-09-15) X-Ovh-Tracer-Id: 1877438095499099424 X-VR-SPAMSTATE: OK X-VR-SPAMSCORE: -100 X-VR-SPAMCAUSE: gggruggvucftvghtrhhoucdtuddrfeehvddruddvucetufdoteggodetrfcurfhrohhfihhlvgemucfqggfjnecuuegrihhlohhuthemuceftddtnecusecvtfgvtghiphhivghnthhsucdlqddutddtmdenucfhrhhomheptfgrlhhfucfvrhgvihhnvghnuceothhrvghinhgvnhesfhhrvggvrdhfrheqnecujfgurhepfffhvffukfhfgggtuggjfgesthdttfdttdervd Subject: Re: custom copies of libraries (was Re: [Caml-list] OCaml Labs) On Sun, Oct 21, 2012 at 08:45:53PM +0900, Yoriyuki Yamagata wrote: > 2012/10/21 Ralf Treinen : > > avoiding custom copies of libraries that are published independently, > > Completely off-topic, but is making custom copies so bad thing? I > incline to include third-party's libraries into my libraries unless > the library is too big, so that the my libraries are compiled with > libraries whose behaviors are tested and guaranteed. Adrien's message has explained very well the problem : it makes it impossible to upgrade all installed copies of a library when it becomes necessary. This is particularly bad when there is a security problem with a certain version of a library. In other words, using custom copies of libraries may be easier at the moment, but it is not sustainable in the long run. > If we have a good package management system, things would be a bit > different, but still a package management system guarantees only, say, > that the version numbers of libraries are higher than XXXX, which does > not preclude many problems. That depends on the kind of version constraints that your packaging system allows for, and how you use them when you build a package for your application. Debian gives you the choice of version constraints (<<, <=, >>, >=, ==, !=), and I imagine other packaging system do the same. It is up to the packager to use the constraints that fit the best for his case (or use the right tools that generate these). Cheers -Ralf.