Re: Acrobat 7.0 for linux is out

To: debian-user@lists.debian.org
Subject: Re: Acrobat 7.0 for linux is out
From: "Roberto C. Sanchez" <roberto@familiasanchez.net>
Date: Tue, 15 Mar 2005 14:42:46 -0500
Message-id: <[🔎] 42373AB6.3040504@familiasanchez.net>
In-reply-to: <[🔎] 200503152111.49343.d_baron@012.net.il>
References: <20050315171218.288D02E220@murphy.debian.org> <[🔎] 200503152111.49343.d_baron@012.net.il>

David Baron wrote:

On Tuesday 15 March 2005 19:12, debian-user-digest-request@lists.debian.org
wrote:

Considering it is a commercial app, that is probably smart of them.
For example, I have Neverwinter Nights and it includes SDL (though
it checks an environment variable to see if you want to use your
system's version).

Besides, if you don't like it, edit the acroread shell script and
tell it to look elsewhere for the libs.  Then you can manage the
libraries however you like.

Like it or not, this is a trend we will see increasingly as
commercial vendors ship Linux versions of their software.  Basically,
they ship everything except for libc.



Having all the needed libraries is a plus. Having to install them as
duplicates is not. It seems that the install script should be able to handle
this. To hand edit that shell script and./or replace all that stuff with
symlinks is a bit much.

Besides, do not we all know that disk space, memory and other resources are
unlimited :-)


Except that if the install script detects some library installed on the
system and then considers it in satisfying some dependency, there is the
potential for brokenness later on.  Imagine, for example, that you have
libssl installed on your machine.  Say you install acroread, it finds
your libssl and uses it.  Say, for some reason, you uninstall libssl.
acroread has now to know that you uninstalled, that is, until you start
it next time and get a missing library error.  Then it is a bit late to
do anything about it, since the user has seen the error.  I'm not sure
if the RPM version they distribute checks for such dependencies, but as
long as you are using an install method that does not integrate with
your systems package manager, you have to be very conservative.  I am
willing to bet that even the RPM has lots of its own libraries to
prevent users from having to hunt down all the necessary pacakges.

That said, I think that it is a mistake from flexibility and security
stand point.  For example, acroread 7 includes libssl0.9.6.  There have
been numerous vulnerabilities announced for that version of libssl.  How
do i know they are distributing a patched version.  What if a
vulnerability is announced tomorrow.  Will Adobe put out a new package?
In a perfect world, there would be some universal package format and
this would all be moot.

-Roberto

--
Roberto C. Sanchez
http://familiasanchez.net/~sanchezr

Attachment: signature.asc
Description: OpenPGP digital signature

Reply to:

Follow-Ups:
- Re: Acrobat 7.0 for linux is out
  - From: Dalibor Straka <dast@panelnet.cz>

References:
- Re: Acrobat 7.0 for linux is out
  - From: David Baron <d_baron@012.net.il>

Prev by Date: Re: Using Fuji E550 camera and Linux
Next by Date: Looking for php-pspell for Sarge/Sid
Previous by thread: Re: Acrobat 7.0 for linux is out
Next by thread: Re: Acrobat 7.0 for linux is out
Index(es):
- Date
- Thread