RFC: Soname in rpm name

Sean seanlkml at sympatico.ca
Fri Jan 28 00:08:36 UTC 2005 

On Thu, January 27, 2005 5:43 pm, Jeff Spaleta said:

> I dont think the shared-library-package provides solves the cruft
> problem from the project perspective.  From the user perpective yes
> the provides hack will be a somewhat useful mechanism for users/admins
>  to cull cruft from their boxes. But i don't think thats what Ville
> had in mind when making the argument. I think Ville was talking about
> how the project as a whole prevents itself from accumulating layers
> and layers of library cruft that become harder and harder to maintain
> as time goes by because there is less and less upstream interest in
> maintaining the aging codebase.  Its easy to package up an old library
> and offer it.. it gets harder and harder to 'maintain' such a package
> with critical and security related patches if the upstream development
> interest has dried out.  I think Ville's arguement is aimed at making
> sure that whatever policy Core is using doesn't encourage the
> accumulation of difficult to maintain legacy libraries for which users
> are expecting to be able to be maintained at a high standard.

Jeff,

What you're talking about is not available today.   Except to the extent
people only install officially sanctioned core rpms.    You're right  that
making it easier to install 3rd party rpms may lead to some poor user
having a few old libraries kicking around.   But this should not be an
overarching concern.

Unless you stop all 3rd party rpms from being installed there will be
absolutely no way to know when some arbitrary 3rd party rpm falls into the
category of unmaintained.   This issue you keep raising just seems like a
boondoggle in the face of trying to solve real issues of interoperability.

If you want to write an app that scans peoples hard drive or rpm database
and warns them of any old unmaintained or security risk software... all
the power to you.   Can we please get on with the task of making software
installation, along with the necessary dependencies easier?    If there is
really a market for some software to scan for problem software, i'm sure
it will get written.

Sean

More information about the fedora-devel-list mailing list