[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: SASL/LDAP/DB dependency hell. (was: Accepted cyrus-sasl 1.5.27-3.4 (i386 source))

* Andreas Metzler (ametzler@logic.univie.ac.at) wrote:
> On Tue, Apr 08, 2003 at 07:07:33PM -0400, Richard A Nelson wrote:
> > Why was this rebuilt with libdb2-dev ?  Shouldn't we be trying to
> > get things to db4.1 at this point ?  I'd think db3 at a minimum.
> > This isn't just idle curiosity either, SASL impacts MANY packages -
> > most MTAs and anything using OpenLDAP.
> > If we don't agree on a minimum, or at least a preferred lib... we're
> > going to have packages linked against 3 different levels - not fun

(Sorry I missed the initial thread..)

Having processes linking in multiple versions of a library isn't a
problem when that library uses versioned symbols (of some form or
another).  db has that which is why existing systems don't barf.  Other
things don't (SASL, LDAP, SSL) which causes problems.

> Actually it is much simpler, many packages are simply not compileable
> anymore:
> libldap2-dev depends on libsasl-dev [1]
> libsasl-dev depends on libdb2-dev (>= [2]
> libdb3-dev conflicts with libdb2-dev

Being not compileable is certainly not a very good thing.  One would
intuitively think that the better thing to do if you're compiling new
things is to have a 'libdb-dev', which is what we do elsewhere.  Of
course, that means that things which are recompiled are done so with the
latest version.  That is a problem for some people with regard to libdb
because they have heard of problems with the latest version of libdb.
I'm not sure I agree with that reasoning personally.

Perhaps it would be better to have a libdb-dev and have unstable using
the latest version of it and if people run into problems with it then
bugs should be filed to keep things using the problematic version of
libdb from entering testing...

Of course, just because these things can no longer be compiled doesn't
mean that they don't exist in the repository from when they were
compiled before which goes back to the versioned symbols issue in order
to be able to handle multiple versions of a library being linked into
the same process.

I look forward to comments from others about this.  Perhaps developing a
way to have 'versioned includes' if you will would be a solution but I
would expect it to require a fair bit of effort to deal with.


Attachment: pgp_m_dCIEIIn.pgp
Description: PGP signature

Reply to: