Re: Fwd: Re: Why no Opera?

To: debian-devel@lists.debian.org
Subject: Re: Fwd: Re: Why no Opera?
From: Roberto C. Sánchez <roberto@connexer.com>
Date: Wed, 5 Sep 2007 09:38:14 -0400
Message-id: <[🔎] 20070905133814.GO14980@miami.connexer.com>
Mail-followup-to: debian-devel@lists.debian.org
In-reply-to: <[🔎] 200709051516.08923.steffen_moeller@gmx.de>
References: <200709051025.23448.johanh@opera.com> <[🔎] E1ISsz4-0007fz-5k@whorl> <[🔎] 200709051516.08923.steffen_moeller@gmx.de>

On Wed, Sep 05, 2007 at 03:16:07PM +0200, Steffen Moeller wrote:
> 
> On Wednesday 05 September 2007 13:23:46 Edward Welbourne wrote:
> 
> > I'm confused.  Pierre appears to be saying "static is bad", Bruce
> > "closed must be static".  We have both static and shared packages, so
> > you can take your pick, but which is the one the official Debian
> > repository wants ?
> There are multiple views on this. Everyone is confused, the minimal confusion 
> is probably on your side since you can see the source. The 
> Non-Opera-Debianers can only guess about it all  and remain confused. For 
> efficiency we want it all dynamic, for safety it is probably static.
> 
The problem runs a little deeper than that.

Static linking is considered bad because it is a security nightmare.
You now have extra copies of library code floating around.  The security
team is not particularly happy about this sort of thing.  Especially in
something non-free to which they do not have source-level access.

Additionally, static linking destroys any memory utilization benefit of
library code.  That is, if I have an app that dynamically links to
libfoo and another app also uses the same library, but is static linked,
then the second app will cause a copy of the code to be loaded.  On low
resource machines (which is one of Opera's targets), I would consider
that bad.

Of course, the advantage is that the release engineers would be assured
of the versions of the libraries used from the point of release.

Dynamic linking is what the security team likes since it means that you
only update the code once for the whole system.  However, in the event
that there is an update which makes the library non-binary compatible,
then there is another problem.  That is, apps linking against it must be
recompiled.  With a non-free product like opera, there would be ability
for some well-meaning Debian Developer to NMU the package (since there
is no source) or for a binNMU to take place if that could fix the
problem.

One possible solution would be for Opera to produce a "source" package
of unlinked binary object files.  This would allow relinking against new
versions of the libraries (at least in most cases) without the need for
access to the source.

However, I tend to be in agreement with others on this list that the
best solution would be a Free software release of Opera.

-- 
Roberto C. Sánchez
http://people.connexer.com/~roberto
http://www.connexer.com

Attachment: signature.asc
Description: Digital signature

Reply to:

Follow-Ups:
- Re: Fwd: Re: Why no Opera?
  - From: Hendrik Sattler <post@hendrik-sattler.de>
- Re: Fwd: Re: Why no Opera?
  - From: Lionel Elie Mamane <lionel@mamane.lu>

References:
- Re: Fwd: Re: Why no Opera?
  - From: Edward Welbourne <eddy@opera.com>
- Re: Fwd: Re: Why no Opera?
  - From: Steffen Moeller <steffen_moeller@gmx.de>

Prev by Date: Bug#440924: ITP: projectl -- sword action shooting
Next by Date: Bug#440925: ITP: es-shooter -- shooter game
Previous by thread: Re: Fwd: Re: Why no Opera?
Next by thread: Re: Fwd: Re: Why no Opera?
Index(es):
- Date
- Thread