[Vm-dev] Squeak removed from Gentoo Linux
siguctua at gmail.com
Thu May 27 20:42:12 UTC 2010
On 27 May 2010 23:36, Geoffroy Couprie <geo.couprie at gmail.com> wrote:
> On Thu, May 27, 2010 at 10:29 PM, Igor Stasenko <siguctua at gmail.com> wrote:
>> On 27 May 2010 20:37, Bert Freudenberg <bert at freudenbergs.de> wrote:
>>> Squeak was recently removed from Gentoo Linux Ebuilds because of security issues in our bundled plugins:
>>> While it is convenient for us to bundle external library sources, package maintainers do not like that practice. Is there anything we can realistically do about it?
>> Here's my argument:
>> These libraries are bundled, because Squeak VM could be built on a
>> system which having no such libraries provided by default.
>> To ensure bit-identical behavior on all platforms, Squeak developers
>> cannot rely on a platform-specific versions of these libraries,
>> because they can vary from one system to another.
> If they're not there by default, you can still link dynamically to the
> libraries and provide them with squeak. Also, if the libraries
> provided by the distribution have the same major version as the one
> you use, you can expect compatibility, and profit from the regular
You seem misunderstood a key point there: bit-identical behavior.
Which means that VM should provide same output on same input on all platforms.
Chances that it will be so, when you using different versions of same
library are pretty low.
So, we can update the libraries, bundled with VM, but can't link with
because this undermines the above.
Igor Stasenko AKA sig.
More information about the Vm-dev