Date: Fri, 14 Dec 2007 18:28:50 -0700 From: Modulok <modulok@gmail.com> To: "Ted Mittelstaedt" <tedm@toybox.placo.com> Cc: samba@lists.samba.org, WD@us-webmasters.com, Timur@freebsd.org, remko@freebsd.org, FreeBSD-Questions@freebsd.org Subject: Re: Yikes! FreeBSD samba-3.0.26a_2, 1 is forbidden: "Remote Code Execution... Message-ID: <64c038660712141728h7fe4d10bt2fbe148533f6707e@mail.gmail.com> In-Reply-To: <BMEDLGAENEKCJFGODFOCMEDHCFAA.tedm@toybox.placo.com> References: <20071214164358.5D01A13C461@mx1.freebsd.org> <BMEDLGAENEKCJFGODFOCMEDHCFAA.tedm@toybox.placo.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On 12/14/07, Ted Mittelstaedt <tedm@toybox.placo.com> wrote: > > This happens from time to time with the FreeBSD ports system, and > there isn't any way to avoid it. Most open source software > today is written to depend on other open source software > packages. People don't like spending programming time > reinventing the wheel. As a result you have a large dependency > list which has deep roots as the dependent programs themselves > have even more dependencies. If just one single program in > that mess gets updated it will affect entire trees and many > other programs. > <rant> Which is ever so irritating... In 40 years of lessons learned from the school of hard knocks in relation to the design and evolution of both programming languages and the software designs they implement, one truth has emerged: data hiding increases the robustness of a program. Functions hide data, classes hide data, namespaces hide data, the very concept of scope, hides data. Yet, when we pull back and look at a slightly larger picture of the interactions of programs themselves, we fail short of carrying this idea through to a higher level. Package X depends on package Y, but package Y depends on package Z, but package Z cannot be installed because of a name conflict with package W. Update program X and you could break what appears to be an un-related program J. Tough luck. Code re-use is a good thing. Intricate, far-reaching dependencies are not. While package managers attempt to mitigate the underlying issue, using code re-use as an excuse for the fragility of a system design, is unfortunate. I do not pretend to have all of the answers, but I feel that current state of things could be much improved. </rant> That said, I think the volunteers, such as the package maintainers, are doing an excellent job within the confines of the system they are bound to. Sorry if this is off topic in relation to the samba issue, but one of the replies hit a sore spot of mine. I had to spill a few lines of my own. -Modulok-
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?64c038660712141728h7fe4d10bt2fbe148533f6707e>