Skip site navigation (1)Skip section navigation (2)
Date:      Fri, 14 Dec 2007 18:28:50 -0700
From:      Modulok <modulok@gmail.com>
To:        "Ted Mittelstaedt" <tedm@toybox.placo.com>
Cc:        samba@lists.samba.org, WD@us-webmasters.com, Timur@freebsd.org, remko@freebsd.org, FreeBSD-Questions@freebsd.org
Subject:   Re: Yikes! FreeBSD samba-3.0.26a_2, 1 is forbidden: "Remote Code Execution...
Message-ID:  <64c038660712141728h7fe4d10bt2fbe148533f6707e@mail.gmail.com>
In-Reply-To: <BMEDLGAENEKCJFGODFOCMEDHCFAA.tedm@toybox.placo.com>
References:  <20071214164358.5D01A13C461@mx1.freebsd.org> <BMEDLGAENEKCJFGODFOCMEDHCFAA.tedm@toybox.placo.com>

next in thread | previous in thread | raw e-mail | index | archive | help
On 12/14/07, Ted Mittelstaedt <tedm@toybox.placo.com> wrote:
>
> This happens from time to time with the FreeBSD ports system, and
> there isn't any way to avoid it.  Most open source software
> today is written to depend on other open source software
> packages.  People don't like spending programming time
> reinventing the wheel.  As a result you have a large dependency
> list which has deep roots as the dependent programs themselves
> have even more dependencies.  If just one single program in
> that mess gets updated it will affect entire trees and many
> other programs.
>

<rant>
Which is ever so irritating...

In 40 years of lessons learned from the school of hard knocks in
relation to the design and evolution of both programming languages and
the software designs they implement, one truth has emerged: data
hiding increases the robustness of a program. Functions hide data,
classes hide data, namespaces hide data, the very concept of scope,
hides data. Yet, when we pull back and look at a slightly larger
picture of the interactions of programs themselves, we fail short of
carrying this idea through to a higher level. Package X depends on
package Y, but package Y depends on package Z, but package Z cannot be
installed because of a name conflict with package W. Update program X
and you could break what appears to be an un-related program J. Tough
luck.

Code re-use is a good thing. Intricate, far-reaching dependencies are
not. While package managers attempt to mitigate the underlying issue,
using code re-use as an excuse for the fragility of a system design,
is unfortunate. I do not pretend to have all of the answers, but I
feel that current state of things could be much improved.
</rant>

That said, I think the volunteers, such as the package maintainers,
are doing an excellent job within the confines of the system they are
bound to.

Sorry if this is off topic in relation to the samba issue, but one of
the replies hit a sore spot of mine. I had to spill a few lines of my
own.
-Modulok-



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?64c038660712141728h7fe4d10bt2fbe148533f6707e>