Why bundling lua?

Gary Greene greeneg at phoenuxos.com
Tue Apr 25 22:34:00 PDT 2006 

On Wednesday 26 April 2006 01:15 am, Ralf Corsepius wrote:
> On Tue, 2006-04-25 at 22:00 -0700, Panu Matilainen wrote:
> > On Wed, 26 Apr 2006, Ralf Corsepius wrote:
> > > On Tue, 2006-04-25 at 19:47 +0300, Panu Matilainen wrote:
> > >> The point in having private copy of Lua is to be able to control the
> > >> version and exactly how it gets built so apt-lua scripts can be
> > >> expected to work identically everywhere.
> > >
> > > Well, you will also want to bundle glibc, gcc, libxml2, rpm and a
> > > couple of further packages for the same reasons then :-)
> >
> > Apt doesn't lose commands or other key functionality if it's compiled
> > against one glibc version or another.
>
> It does: Many parts of glibc are optional, a lot of functionality is not
> available in older versions.
>
> It looses wrt. g++ (On RH-7.3):
> ...
> g++ -DHAVE_CONFIG_H -I. -I. -I../include -DLIBDIR=\"/opt/apt/lib\"
> -DPKGDATADIR=\"/opt/apt/share/apt\" -I/usr/include/libxml2
> -I/usr/include/rpm -g -O2 -MT contrib/hashes.lo -MD -MP -MF
> contrib/.deps/hashes.Tpo -c contrib/hashes.cc -fPIC -DPIC -o
> contrib/.libs/hashes.o
> contrib/hashes.cc: In method `bool Hashes::AddFD (int, long unsigned
> int)':
> contrib/hashes.cc:33: `::min' undeclared (first use here)
>
>
> It also looses wrt. libxml2 (On RH-7.3):
> ...
>  g++ -DHAVE_CONFIG_H -I. -I. -I../include -DLIBDIR=\"/opt/apt/lib\"
> -DPKGDATADIR=\"/opt/apt/share/apt\" -I/usr/include/libxml2
> -I/usr/include/rpm -g -O2 -MT rpm/repomd.lo -MD -MP -MF
> rpm/.deps/repomd.Tpo -c rpm/repomd.cc  -fPIC -DPIC -o rpm/.libs/repomd.o
> rpm/repomd.cc: In method `bool repomdRepository::ParseRelease
> (basic_string<char, string_char_traits<char>,
> __default_alloc_template<true, 0> >)':
> rpm/repomd.cc:41: `XML_PARSE_NONET' undeclared (first use this
> function)
>
> Besides this, libxml2 is known to be rather buggy. The version on FC4
> for example suffers from a pretty serious bug in its xmlReader
> interface.
>
> > Lua stays in the tarball, period.
>
> Bummer - Very poor decision.
>
> >  Security is of course an issue with
> > bundled software always, that we just have to live with.
>
> We don't have to, but you decided to infect apt with it and obviously
> are relying on exploiting non-public interfaces.
>
> Ralf
>
>
> _______________________________________________
> apt-rpm mailing list
> apt-rpm at lists.laiskiainen.org
> http://lists.laiskiainen.org/listinfo.cgi/apt-rpm-laiskiainen.org

Regardless of this decision will there be an option to disable the internal 
lua and allow the packager / site admin to use their own system lua if 
possible?

-- 
Gary L. Greene, Jr.
Sent from uriel.tolharadys.net
 01:33:07 up 11 days, 13:30,  2 users,  load average: 0.16, 0.11, 0.07

============================================================
Developer and Project Lead for PhoeNUX OS.
 check out http://www.phoenuxos.com/ for more info.
EMAIL : greeneg at phoenuxos.com
============================================================
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 190 bytes
Desc: not available
URL: <http://lists.laiskiainen.org/pipermail/apt-rpm-laiskiainen.org/attachments/20060426/bbe2cb3e/attachment-0003.pgp>

More information about the Apt-Rpm mailing list