Too many dependencies?

Robin Laing Robin.Laing at drdc-rddc.gc.ca
Wed Apr 7 20:44:12 UTC 2004


Andy Green wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> On Wednesday 07 April 2004 20:28, Robin Laing wrote:
> 
> 
>>If you have to install a whole package to meet one dependency then we
>>are starting to fall into the Microsoft trap of making applications
>>depend on unwanted/unrequited applications.  Any extra application can
>>become a security issue that could allow a presently unknown type of
>>attack.  We see it almost every day in Windows.
> 
> 
> I see this the other way around... the increased modularity tends to drive out 
> bugs in the parts that are getting reused from many directions.  Because 
> everything GPL'd is reusable at no cost, reuse is more likely than if your 
> proprietary paid-for product had to incorporate another paid-for product.  
> The modularity and reuse is a great feature, assuming it got architected into 
> the right parts.
> 
> I was looking through the source for CUPS and SWAT the other day trying to see 
> what library they used for their local HTTP serving.  To my surprise they 
> both rolled their own different solutions right there in the sources.  Would 
> have been better if they both used some kind of lightweight libhttp... (as I 
> was expecting to see) all the devs from both projects would have been all 
> over the one implementation which could only have benefitted.  Instead there 
> are two less-evolved network-listening, potentially remotely exploitable 
> implementations (seems some folks aren't running the firewall) out there.  A 
> new dependency would be no price at all to pay for the improved reusability 
> and robustness.
> 
> - -Andy

As I said, make the modules that are used exactly that.  A module or 
library that doesn't require the installation of another complete package.

A httplib serving module would meet many requirements for allot of 
installs and as you state, a single module would show a bug before a 
series of different applications that do the same thing.

Another benefit would be less resource requirements as a single 
httplib could serve many applications. (using it as an example).  It 
could also improve application design in the same way that Microsoft 
advances the inclusion of Media Player in Windows.  Designers know 
that WMP is included so they can design their application around that.

A mozilla_add_book module for any applications that want to use the 
address book.

The catch is to ensure that all the modules are used across distros. 
Again we end up back at a standards based ideal.

Wasnt' modular design and re-usability part of the idea of Object 
Oriented Programming.


-- 
Robin Laing





More information about the fedora-list mailing list