Re: [RFC] Go (golang) packaging

To: debian-devel@lists.debian.org
Subject: Re: [RFC] Go (golang) packaging
From: Reinhard Tartler <siretart@gmail.com>
Date: Thu, 3 Jan 2013 09:41:15 +0100
Message-id: <[🔎] CAJ0cceZZYy2QcsFKO4uu5B4zm+uz3r7Ou0PAWH==DZ5aBe4kKA@mail.gmail.com>
In-reply-to: <[🔎] 20130102212637.GA18077@grep.be>
References: <[🔎] x68v8dow53.fsf@midna.zekjur.net> <[🔎] CAKTje6H1ijosmhd1O23oU9QVhV_jjp3ocVoBXJDWXXfqsk1JaA@mail.gmail.com> <[🔎] x6fw2kop7h.fsf@midna.zekjur.net> <[🔎] CAKTje6G3V1NCPyKnZt7By=SyDcn_qh-kwnbSvEenJKKHMUCoVA@mail.gmail.com> <[🔎] CAJusiZWXPPfHZLNvecEFh0yiy8sMnSJTVQ8g1B+Dd-=0EYS4Og@mail.gmail.com> <[🔎] x64nj0ngow.fsf@midna.zekjur.net> <[🔎] 20130102120546.GA31352@gaara.hadrons.org> <[🔎] 20130102212637.GA18077@grep.be>

On Wed, Jan 2, 2013 at 10:26 PM, Wouter Verhelst <wouter@debian.org> wrote:
> On Wed, Jan 02, 2013 at 01:05:46PM +0100, Guillem Jover wrote:
>>     - Private dependencies, as they leak to rdeps. When a library uses
>>       another library privately this dependency gets linked in directly
>>       in all other rdeps, when that library stop depending on that
>>       private dependency, all rdeps need to be rebuilt.
>
> Strictly speaking, if you're only using static libraries this is not
> really true; once you've compiled something against a static library,
> the static library might change in whatever way it sees fit, the
> compiled binary will continue to work, with or without recompilation.

Consider this from the application perspective: Say an application
links against a library libfoo.a. At some point, libfoo decides to
include compression support, and requires functionality from libz. No
problem for the library package maintainer; he just adds a
build-dependency  on libz-dev, and uploads the package. At some point
the security team needs to update the application and finds the
package to FTBFS because libz is missing. The solution, of course, is
now to extend the build-dependencies of the application package.
However, this is not obvious and in any case more effort than a
binNMU.

> This isn't true if you're using a mix of shared and static libraries, of
> course.

mixing shared and static libraries makes the situation no less
complicated, that's true.

-- 
regards,
    Reinhard

Reply to:

Follow-Ups:
- Re: [RFC] Go (golang) packaging
  - From: Michael Stapelberg <stapelberg@debian.org>
- Re: [RFC] Go (golang) packaging
  - From: Alastair McKinstry <alastair.mckinstry@sceal.ie>
- Re: [RFC] Go (golang) packaging
  - From: Wouter Verhelst <wouter@debian.org>

References:
- [RFC] Go (golang) packaging
  - From: Michael Stapelberg <michael+debian@stapelberg.de>
- Re: [RFC] Go (golang) packaging
  - From: Paul Wise <pabs@debian.org>
- Re: [RFC] Go (golang) packaging
  - From: Michael Stapelberg <stapelberg@debian.org>
- Re: [RFC] Go (golang) packaging
  - From: Paul Wise <pabs@debian.org>
- Re: [RFC] Go (golang) packaging
  - From: Shawn <shawnlandden@gmail.com>
- Re: [RFC] Go (golang) packaging
  - From: Michael Stapelberg <stapelberg@debian.org>
- Re: [RFC] Go (golang) packaging
  - From: Guillem Jover <guillem@debian.org>
- Re: [RFC] Go (golang) packaging
  - From: Wouter Verhelst <wouter@debian.org>

Prev by Date: Re: Bug#697234: ITP: libjs-jquery-slides -- Simple slideshow plugin for jQuery
Next by Date: Re: Bug#696593: ITP: sun -- sun calculates the sun's rise/set times
Previous by thread: Re: [RFC] Go (golang) packaging
Next by thread: Re: [RFC] Go (golang) packaging
Index(es):
- Date
- Thread