Posted by
Igor Stasenko on
May 27, 2010; 8:42pm
URL: https://forum.world.st/Squeak-removed-from-Gentoo-Linux-tp2233520p2233759.html
On 27 May 2010 23:36, Geoffroy Couprie <
[hidden email]> wrote:
>
> On Thu, May 27, 2010 at 10:29 PM, Igor Stasenko <
[hidden email]> wrote:
>>
>> On 27 May 2010 20:37, Bert Freudenberg <
[hidden email]> wrote:
>>>
>>> Squeak was recently removed from Gentoo Linux Ebuilds because of security issues in our bundled plugins:
>>>
>>>
http://bugs.gentoo.org/show_bug.cgi?id=247363>>>
>>> While it is convenient for us to bundle external library sources, package maintainers do not like that practice. Is there anything we can realistically do about it?
>>>
>> Here's my argument:
>>
>> These libraries are bundled, because Squeak VM could be built on a
>> system which having no such libraries provided by default.
>> To ensure bit-identical behavior on all platforms, Squeak developers
>> cannot rely on a platform-specific versions of these libraries,
>> because they can vary from one system to another.
>>
>
> If they're not there by default, you can still link dynamically to the
> libraries and provide them with squeak. Also, if the libraries
> provided by the distribution have the same major version as the one
> you use, you can expect compatibility, and profit from the regular
> updates.
>
You seem misunderstood a key point there: bit-identical behavior.
Which means that VM should provide same output on same input on all platforms.
Chances that it will be so, when you using different versions of same
library are pretty low.
So, we can update the libraries, bundled with VM, but can't link with
them dynamically,
because this undermines the above.
--
Best regards,
Igor Stasenko AKA sig.