Date: Sat, 2 Sep 2017 11:03:59 +0200 From: Romain =?iso-8859-1?Q?Tarti=E8re?= <romain@FreeBSD.org> To: freebsd-mono@freebsd.org Subject: Re: Update on porting mono 5 Message-ID: <20170902090359.GA47675@blogreen.org> In-Reply-To: <3186981.TyGdqNibkJ@dragon.local> References: <17078253.u2dgjZK1Z6@dragon.local> <20170815102120.GA29251@blogreen.org> <3186981.TyGdqNibkJ@dragon.local>
next in thread | previous in thread | raw e-mail | index | archive | help
--FCuugMFkClbJLl1L Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Fri, Aug 25, 2017 at 09:41:43PM +0200, David Naylor wrote: > [2] A general discussion needs to be had around nuget packages. How do w= e=20 > consume them? > i) as downloads with each port containing a copy > ii) local ports with consistency across the Ports Collections > iii) A mixture of the above (i.e. (ii) is there is a native component,=20 > otherwise (i)) > I prefer (ii) as I think it gives the end user the best leverage to patch= =20 > issues with nuget packages locally (and to get updates without waiting on= a)=20 > upstream, and b) us/ports maintainer). However, at this point that optio= n is=20 > at 0% progress. =20 Yeah, it's a problem that is broader and broader=E2=80=A6 and for which I = don't think a universal solution works :-/ With local copies (i) you end-up with a lot of duplication (Go applications are a good example of how this can become quite stupid, I recently created a port for a go application, the source tarball includes the source of all dependencies, and everything is bundled in a 13MB executable (that only depends on libc.so and libthr.so). With a port per dependency (ii), you sooner or later have to handle conflicts between dependencies (port A needs foo-1.0.0 but port B needs foo-2.0.0) and it can get tricky. I only have experience with programming with Ruby as a language that has similar problem. I ended at only installing system tools using the FreeBSD ports (e.g. puppet, vagrant, passenger), and for applications I actually use, I just grab the source, and use bundler to gather all dependencies as the user running the software, therefore I end up having something similar to (i) without using the port system. My weak Windows development experience learned me to put all dll of an application in the application directory. If it's still a good advice, I guess that each application should have it's copy of all it's dependencies, and therefore each port should install a bundle of all what is required by it. Another problem with nugets packages is that you only get binaries, right? That means that is something goes really wrong, there is no way to audit the source code of what led to disaster. The problem is similar with the few Java projects I gave a look at. My feeling is that this is even worst :-( Ruby being interpreted, there is no such problems. I am not enough involved in Java nor .Net to think about mitigations of this issue. --=20 Romain Tarti=C3=A8re <romain@FreeBSD.org> http://people.FreeBSD.org/~romai= n/ pgp: 8234 9A78 E7C0 B807 0B59 80FF BA4D 1D95 5112 336F (ID: 0x5112336F) (plain text =3Dnon-HTML=3D PGP/GPG encrypted/signed e-mail much appreciated) --FCuugMFkClbJLl1L Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQGzBAEBCAAdFiEEgjSaeOfAuAcLWYD/uk0dlVESM28FAlmqc/8ACgkQuk0dlVES M28G1gwAmFabyXhW34ckhuJ8lAzdP9OKOF3pefLVk7+1uBthQc+CDvmoV6bsqD3G oPrxiKLHfrhB5fe8F7n5aHDWgL+kaNl5d+eWtzYkoF74NNcw64YV3wU2AfpPOIdn oer7eezjXwJE24nvJugRedNDfx8vyK+R680jlyXyQGJ8UdZfFQIrFsCvh8qUEKVL /NyVeM/+QkIPyefZSxBLzg7ZgeeGn7h5nQcPYVCQUohw1334Fanm9SaHtnzRiasR WE3pSQ7Vak82uuURDlzeZt39Vnqaqyw9wKH2dbmQv3el/E0bA9DBu8+okk++fnzF Tx3Bs0nA7XpgcxiKNDGGcgQFZ0ZXUH5ss8t9AvD28UfOf/D4QOMMWJFdwEL+se9G KXegTsoXsuOO9hWH18q3HXza2A3FDV/Bbfxwgoy5NfT0lAM2sARuLmN/ZUBJuemm rgN0WnnrjxOEvRf2gpm6g+6+KuQfaoPr9UXfDfDSv7RZ2Q2wi2341RXyw1sYJQH+ e1lyn47O =Z/Fe -----END PGP SIGNATURE----- --FCuugMFkClbJLl1L--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20170902090359.GA47675>