On Wed, Nov 19, 2014 at 7:36 PM, hasufell <hasuf...@gentoo.org> wrote: > > But keep in mind that the core is supposed to shrink with this idea of a > distributed model! So it would be less work to actually roll/tag > releases than it would be right now (or even do that stuff in branches).
This doesn't really make the issue go away. Are all dependencies going to have to stay in the core? That is a lot of packages, and we'll need lots of controls so that updates to those dependencies don't break all of these distributed repos whose existence we may not even be aware of. Or, maybe we allow the dependencies to be in the overlays. Now we have the issue that there might be 5 different editions of that floating around, and different packages depend on different ones, but they're not intended to co-exist. Oh, and you still have the problem that if the dependency changes it could break anything that uses it. > > Exherbo is already running a more modular approach, I'd be interested > what they have to say about this or which problems they were facing. > I'll probably also dig a bit deeper into NixOS and see what tools they > use for creating NixOS based distros. > I'm not sure how Exherbo is doing things, I'm certainly interested in their comments. From what I've read about Nix, it basically installs every package-version into its own directory tree, so if zlib is in 75 different repositories, and has 2 SONAMEs in use, then you'll have up to 150 copies of it installed on your system each in its own directory tree, assuming you have 150 packages each using a different fork of it. I'll optimistically assume that only half of them contain security issues. :) That is my issue with some of these more devops-oriented approaches that try to bypass the centralized distro. They make things really easy for developers, but they seem almost impossible to control from a patching/security/integration standpoint. People have brought up things like Android and iOS and their framework model as a solution, but all the examples of this I've seen are all focused on the presentation layer alone. It is great for a mobile app that doesn't do anything but open sockets back to a server and display widgets. If you're actually building the part of an application that does the real logic/work, then suddenly you find yourself caring about a lot more than list controls. Good luck finding a framework that includes everything in /usr/portage/*-libs -- Rich
