Am Tue, 26 Nov 2013 10:44:07 -0800 schrieb Andrei Alexandrescu <seewebsiteforem...@erdani.org>:
> On 11/25/13 4:36 PM, Adam D. Ruppe wrote: > > On Tuesday, 26 November 2013 at 00:13:57 UTC, Andrei Alexandrescu wrote: > >> First I'd like to gather an understanding on why we seem to have this > >> problem (far as I understand, the likes of php and python are doing > >> fine with curl, but maybe I'm wrong). > > > > A major difference is there's only one php/python binary, usually build > > on the same system that uses it. Phobos, on the other hand, is generally > > built on the packager's computer, which isn't always binary compatible > > with the deployment box. > > > > On Windows, the problem is simply that curl isn't packaged with dmd, for > > some weird reason, meaning people have to get curl.lib separately. > > That's idiotic. But then again, so are a lot of the dmd Windows > > deficiencies. > > Please let me know whether my understanding of the situation is correct: > > 1. If people have a working installation of libcurl on their machine, we > work with it. > > 2. Otherwise, phobos works fine but attempting to use std.net.curl will > fail. > > Is this correct? If not, please explain exactly why. If yes, this setup > seems entirely appropriate to me. > > >> If we do decide to do away with libcurl, one possible solution would > >> be to embed its source code within our build. That way we wouldn't > >> break code that already uses it. > > > > Yes, that would be ideal, we should just statically link curl right into > > the phobos build so it just works everywhere. > > There are several questions associated with this. > > 1. Does the author of libcurl agree with such? My understanding is he would. > > 2. Would we need to actually build libcurl from source, or just > distribute it? In the former case, it would be quite odd that we'd need > to do that (and presumably we'd need to take some maintenance burden, too). > > 3. What if people already have some working libcurl version and would > want to use that? > > > Andrei Point 3 is a bigger issue than it may seem at first. A reason to use shared libraries is that the modularity makes it trivial to get security updates, whereas a monolithic Phobos is not necessarily updated when a security fix for cURL becomes available. This page shows that sometimes security holes are found on a daily basis: http://curl.haxx.se/docs/security.html -- Marco
