Dependency loops considered harmful?

[Toshio Kuratomi]

Callum Lerwick wrote:
> On Wed, 2008-09-03 at 16:41 -0700, Toshio Kuratomi wrote:
>> Callum Lerwick wrote:
>>> On Wed, 2008-09-03 at 14:12 -0400, Stephen Gallagher wrote:
>>>> Applications that consist of multiple packages, such as the game
>>>> example, should be designated as a group rather than a looped
>>>> dependency.
>>> Actually a proper fix is to implement the per-package "explicitly
>>> installed/pulled in as a dep" flag that has been discussed several times
>>> in the past, and is already implemented (thus proven) in the "aptitude"
>>> apt front end.
>>>
>>> We must address this user interface problem if Fedora is to be a shining
>>> beacon of open source light in the looming dark future of closed
>>> DRM-laden content delivery services such as Steam, Xbox Live and
>>> PlayStation Network.
>>>
>> That works for a Mom and Pop desktop but doesn't work as a developer's
>> workstation.  When developing software you might need a library that
>> does Foo.  Look on the system, hey, I can use libFoo!  A few weeks
>> later, when you remove Gnome-Foo from your system because your shiny new
>>  application does the job,
> 
> Why would you do such a thing?
> 
Hubris!  One of the traits of a great programmer.

>> your app suddenly can't find libFoo....
>> (Worse is if your working on an app sporadically and have to figure out
>> why it's broken not knowing when it became that way.)
> 
> The solution to this is to RPM package your app. Apps on your system
> that are not tracked by RPM are a ticking time bomb of dependency
> breakage whether or not the "leaf culling" is performed manually or is
> assisted by a "pulled in as dep" flag. A package or distribution update
> could very well break your app too.
> 
If I'm developing an app, I'm going to be working on code, not taking
time out to package the app as an rpm.  Only after I'm ready to take the
app and put it somewhere for other people to download and use am I going
to start worrying about packaging.

As a developer, a library can be just as valuable and interesting as an
application.

>> So if we track this some way, there needs to be a way to disable it.
> 
> A developer presumably doesn't use the hypothetical simplified
> application installer. They use something more advanced. Like aptitude.
> 
Err.... You've totally lost me here.  If we implement this, it needs to
be at a low enough level that anyone installing packages on the system
will be storing the information.  That could mean rpm (since rpm is
responsible for taking the package and turning it into files on the
filesystem) or that could mean yum since yum is the one that actually
knows whether a package is being installed due to depsolving or user
request.  Doing this at a higher level means that information gets lost
(for instance, if you do this in PackageKit, there won't be any
information about what anaconda chose to install due to chckboxes being
clicked and which things were installed due to dependencies).

With that said, there needs to be a way for a developer to tell yum not
to prune away leaf packages if they want.

(Also, we shouldn't assume that developers are system admins.  There are
plenty of programmers out there who can be productive coders running
eclipse all day but won't know how to package, how to maintain their
system, or why the libraries they need are getting pruned when they just
wanted to uninstall Rhythmbox.)

-Toshio

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 197 bytes
Desc: OpenPGP digital signature
URL: <http://listman.redhat.com/archives/fedora-devel-list/attachments/20080904/a5f41f45/attachment.sig>