-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 On 09/06/16 12:20, Rich Freeman wrote: > Perhaps you could explain how they actually prevent the issues I > brought up? You should probably ask the Exherbo developers, not me. > > Suppose you have 10 packages, and they each depend on zlib from a > different repository? If they collide, that is one problem to > solve. If they don't collide then you have 10 copies of zlib now, > and good luck making sure they're all secure, and of course now > you're multiplying the number of "shared" objects you keep in RAM. I don't understand why this would happen. Perhaps I was not clear enough.
If we support a central repository with core/base features, and curate some useful repositories (with code review), the users would likely mostly have programs from the curated repositories, and zlib from the core/base repository. If they are using unreviewed things not officially reviewed and supported by us, they would be on their own, just like expert powerusers are today. - -- Alexander berna...@gentoo.org https://secure.plaimi.net/~alexander -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQIcBAEBCgAGBQJXWmz7AAoJENQqWdRUGk8BWJUQANvSzJ70cog6ybFBIhVf/+bn FX9BYpH6rPkkr1Ve9+XGJviq3d1hOh8TAwBt+Qx3YkmRu6h4fVyXO1sPaqf+gs03 bvyvKHez2JT+KyJ1a2Mj61ojy7RYOaVOn2cSGQasD39yPfl+57qJbIDLzGTK8a1D Upo+MrKuxSFm31JM4XsQJ0BtYl7SysVJW+5ztdOcRgDvg+pGae1U9Hwep3yEaRiV zuxuALrPtvUdAB8j71dSawf80j0DSh1VP3mfZeqmj7ghvTfUbi/RzOpmf6qZpFLo 3vc4pMiSh0PB7bjgffPRDnTdgu/ecm2Coms8n3OlMDCQ0rihkLmd+P0OibyfQKmu fH1+2PYcXRE6cs5ogiuWs845KZ6FNUxbNwCHBfRm4N3x/59NPXmXSWBUcYSdFFss WDoBf2A08J2As0OEJv1DV2+Qn0hM6GjtOv/fhMoO+58rP8cKvFhfPMezSNPf8SFO NQGbAW4TzotwHbBREoQcJtl+lOa4+U/Tv80H0RlSyOwaINI6hf/YjLd3Xukwftk6 Sti+vPiZIj7esvJmE0XvfPI8XHUWkFmojTyZuTIPyjYQbNU1psEt7KnQ+2+oahbc qcPq4FfNQ7QO65q5nyzQjTgPj0Hqy2X/xCoZLtcxMKEfqObWGR38Z2+Coqsil7tD Q9NWG94PTpAq3G+oG6tn =246a -----END PGP SIGNATURE-----
