[Vm-dev] Squeak removed from Gentoo Linux
josh at schwa.ca
Thu May 27 20:56:52 UTC 2010
I loves me my bit-identical computation, but statically linking to the same version of the library doesn't necessarily give it. For example, a video decoder may check hardware capabilities, and depending on what it finds decode the video on the GPU, using SSE, or just using the non-vector CPU instructions.
There are some examples where we would make the case that the library needs to be statically linked in order to provide bit-identical computation(eg: fdlibm for Croquet math operations), but for things like JPEG I think that the argument is pretty weak.
On May 27, 2010, at 1:42 PM, Igor Stasenko wrote:
> On 27 May 2010 23:36, Geoffroy Couprie <geo.couprie at gmail.com> wrote:
>> On Thu, May 27, 2010 at 10:29 PM, Igor Stasenko <siguctua at gmail.com> wrote:
>>> On 27 May 2010 20:37, Bert Freudenberg <bert at freudenbergs.de> wrote:
>>>> Squeak was recently removed from Gentoo Linux Ebuilds because of security issues in our bundled plugins:
>>>> While it is convenient for us to bundle external library sources, package maintainers do not like that practice. Is there anything we can realistically do about it?
>>> Here's my argument:
>>> These libraries are bundled, because Squeak VM could be built on a
>>> system which having no such libraries provided by default.
>>> To ensure bit-identical behavior on all platforms, Squeak developers
>>> cannot rely on a platform-specific versions of these libraries,
>>> because they can vary from one system to another.
>> If they're not there by default, you can still link dynamically to the
>> libraries and provide them with squeak. Also, if the libraries
>> provided by the distribution have the same major version as the one
>> you use, you can expect compatibility, and profit from the regular
> You seem misunderstood a key point there: bit-identical behavior.
> Which means that VM should provide same output on same input on all platforms.
> Chances that it will be so, when you using different versions of same
> library are pretty low.
> So, we can update the libraries, bundled with VM, but can't link with
> them dynamically,
> because this undermines the above.
> Best regards,
> Igor Stasenko AKA sig.
More information about the Vm-dev