[Mono-list] About RPMS of .NET packages (using MonoDevelop asa case study)

[Philippe Lavoie]

You are right, patching all potential applications might be hell. By the
way, what is the mechanism used within the GAC to deprecate a version
due to security fixes?

Philippe Lavoie
=20
   Cactus Commerce         eBusiness. All Business.
 Tel 819.778.0313 x302 * 888.CACTUS.0 * Fax 819.771.0921
www.cactuscommerce.com philippe.lavoie@cactuscommerce.com

-----Original Message-----
From: mono-list-admin@lists.ximian.com
[mailto:mono-list-admin@lists.ximian.com] On Behalf Of Shahms E. King
Sent: Saturday, April 03, 2004 1:58 PM
To: mono-list@lists.ximian.com
Subject: RE: [Mono-list] About RPMS of .NET packages (using MonoDevelop
asa case study)

This solves exactly one problem while creating many, many more.  "disk
space" is not the only concern.  Bugfixes, patches, etc. are also
important.  Imagine, if you will, a world in which every managed,
non-core, assembly is installed privately by the application.  All of
these applications are effectively statically linked to that version of
the respective libraries.  Now, say a security problem is discovered in
one of the dependent libraries so the administrator dutifully updates
the system library to fix the problem.  Of course, you may not have been
aware that the library was in use by that application, let alone using a
private copy of it.  So the security problem persists until the
developer of that application decides to update it.

There are many, many other ways of solving the dependency problems you
mentioned, even in the UNIX world.  Packaging things like that makes
perfect sense for "technology demonstrations" or "/opt" but is, quite
frankly, idiotic to do on a system level.  Especially considering .NET
assemblies support interface versioning at a more fine grained level
than simple ELF versioning.  Parallel installable libraries is just one
way of alleviating the "dependency hell" on UNIX and, unlike Windows, it
works quite well.


--=20
--Shahms