lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20071112233955.GA25059@citd.de>
Date:	Tue, 13 Nov 2007 00:39:55 +0100
From:	Matthias Schniedermeyer <ms@...d.de>
To:	Tuomo Valkonen <tuomov@....fi>
Cc:	linux-kernel@...r.kernel.org
Subject: Re: [poll] Is the megafreeze development model broken?

On 12.11.2007 17:18, Tuomo Valkonen wrote:
> On 2007-11-12, Adrian Bunk <bunk@...nel.org> wrote:
> > Geeks like you and me want the latest software
> > (I'm using Debian unstable/testing).
> >
> > But most users want a Linux installation that simply works - and this 
> > includes all software on the system at all times.
> 
> I'm not in either category. I want a truly stable (as in "quality", not
> as in "static" as the distros use the term) base system that simply 
> works, but I want to follow certain interesting software more closely.

That's the problem(tm).

Contrary to Closed Source Software all(!) OSS-Software is 
interdependent. There is no "Stand-Alone"-Software. There is always at 
least "libc". (Scripts depend on a script-interpreter, which in turn 
depends at least on libc, so there is nothing(tm) that doesn't depend on 
libc)

Where is not uncommon for Closed Source Software to not have external 
dependencies or to bring along it's dependent librarys.

e.g. (On Debian sid, *)
"kdebase" has a nice little total dependency-list of only 254 packages.
or
"openoffice.org" just 265 dependent packages.

"gimp" comes with light backage, only 146 packages.

Not to speak about such nice little (meta-)packages like "kde" or
"gnome" that are 649 and 684 packages.

All that interdependency form a nice little (:-) web.
(Sometimes called the dependency hell)

What i want to say is this: You can't say that you only want to update a
specific region of your web, at least not without the risk of ripping
your web here and there.

I'm using Linux since 1995, i can life with it's problems and i like 
Linux more that ever. :-)

And despite me always using the latest kernel and Debian SID/unstable 
for the past few years, for home & work, i have neven been badly burned. 
Not that there weren't a few bruises here and there. There is nothing 
like a fried X for breakfast. (Which Debian managed at least 2 or 3 
times in the past years)
;-)



*:
apt-rdepends <(meta)packagename> | grep "  Depends" | cut -d '(' -f0,1 | perl -pe 's/ +$//' | sort | uniq | wc -l
e.g.
apt-rdepends kde | grep "  Depends" | cut -d '(' -f0,1 | sort | perl -pe 's/ +$//' | uniq | wc -l

Bis denn

-- 
Real Programmers consider "what you see is what you get" to be just as 
bad a concept in Text Editors as it is in women. No, the Real Programmer
wants a "you asked for it, you got it" text editor -- complicated, 
cryptic, powerful, unforgiving, dangerous.

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ