Date: Tue, 5 Aug 2014 12:40:50 +0200 From: =?UTF-8?Q?Ren=C3=A9_Ladan?= <r.c.ladan@gmail.com> To: "ports@freebsd.org Ports" <ports@freebsd.org> Subject: bundled libraries in ports, any policy? Message-ID: <CADL2u4iMi736QuO-t-1ssrh0Y6MqOg2Ky_OO8vJueHbB=C8hBQ@mail.gmail.com>
next in thread | raw e-mail | index | archive | help
Hi, while trying to port Chromium 36 the build tripped over a 'forbidden shim include', which was an attempt to resolve link-time symbol collisions. This 'forbidden shim include' turns out to happen (only now!) because the port sets the "official build" flag which is incompatible with these 'shim includes'. Official builds (from upstream point of view) do not allow using system libraries, meaning everything has to be bundled under third_party/ inside the source tree. For Chromium 36 this means ~ 1 GB of source code for 153 projects. The (short-term) solution for the port would be to not set the "official build" flag, which it really isn't anyway. Upstream supports using system libraries for unofficial builds on a best effort basis only, which if I understand correctly means among others: - support can be dropped anytime - because the upstream build bots use the official builds, there are no guarantees about functionality, speed, and security An advantage for upstream is that they can "tweak" these bundled libraries for their convenience (their libusb is an example). One downside of this policy is security, but they do quite a good job of tracking security bugs and finding these themselves. Although the above example is specific to Chromium, do we want a policy for bundled libraries in general? For example, Fedora an Gentoo have a policy that favors the use system libraries (what we call LIB_DEPENDS), see [1] and [2]. [1] https://fedoraproject.org/wiki/Packaging:No_Bundled_Libraries [2] http://wiki.gentoo.org/wiki/Why_not_bundle_dependencies Regards, Rene -- http://www.rene-ladan.nl/
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CADL2u4iMi736QuO-t-1ssrh0Y6MqOg2Ky_OO8vJueHbB=C8hBQ>