lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:	Tue, 13 Nov 2007 02:12:23 +0200
From:	Tuomo Valkonen <>
To:	Matthias Schniedermeyer <>
Subject: Re: [poll] Is the megafreeze development model broken?

On 2007-11-13 00:39 +0100, Matthias Schniedermeyer wrote:
> That's the problem(tm).
> Contrary to Closed Source Software all(!) OSS-Software is 
> interdependent. There is no "Stand-Alone"-Software. There is always at 
> least "libc". (Scripts depend on a script-interpreter, which in turn 
> depends at least on libc, so there is nothing(tm) that doesn't depend on 
> libc)

Closed source software also depends on other software, but the
non-standard dependencies are usually distributed along with the
main program, which are more often big applications than small 
combinable utilities, than in FOSS.

In FOSS, OTOH, dependencies are no distributed along with the main
software, and now when programs depend on different versions of
a library, the brain-damaged all-in-one-basket *nix file system 
hierarchy results in trouble.

An intermediate is needed between those two extremes: separately
distributed dependencies that do not conflict. If packages lived 
in their own directories, and were relocatable, multiple versions
could more easily coexist, and packages specify the versions they
work with (or rather, more abstract cryptographically identified
capabilities that they require). Of course, there are other 
potential conflicts besides library versions and their locations,
such as the protocol used by some essential system daemon, but 
these are encountered far less often, and could sometimes be 
solved by e.g. a package providing a wrapper capability.

Also, what if distributions would simply go in, say, /debian-etch/,
/fedora-core4/, and so on? You could then to a great extent run 
multiple simultaneously, just having to choose a few services 
from one of them that the others would have to use, and hopefully
work with, as well as a kernel. The problems are not insurmountable:
you can already run another OS in a virtual machine and set DISPLAY 
point to your main OS, although it's a bit cumbersome.

To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to
More majordomo info at
Please read the FAQ at

Powered by blists - more mailing lists