On Tue, Aug 07, 2018 at 03:59:27AM -0000, Nicolas Noble wrote: > So one another solution I'd then see would be for you to bite the > bullet, and stop calling your runtime "nodejs", because, well, it's not > really nodejs.
Sure. This falls under correctly "declaring binary compatibility" in my analysis. When it comes to this kind of thing, we rely on a single arbitrator to define how to do this exactly so that all distributions, as well as binaries built directly from upstream sources, correctly interact and agree on what constitutes compatibility. Upstream works best to act as the arbitrator since you're unilaterally in a position to define what constitutes binary compatibility. Downstreams can't really do that. I suggest, then, that you define exactly how to do this correctly, and incorporate this mechanism into your build system (or at least officially document it) so that all distributions do it the right way. For example: it's not really "node-debian-v57" either; it's "node-openssl1.1-v57". Ubuntu, Debian and all other distributions that might release with nodejs linked to OpenSSL 1.1 would all share binary compatibility, AIUI, so it would be overkill to force them to lose binary compatibility between each other just because this compatibility is ill defined. The build system should correctly arrange for the report to be correct based on how it was built. If this were to happen, all distributions would simply use it, and you'd get your "declare your binary compatibility correctly" wish granted by default. > But your obstination on releasing a nodejs runtime that's not really > nodejs while 100% masquerading as the official nodejs will eventually > force us to discourage our users to use your runtime, because there's > nothing we could do to handle the subtle bugs you're introducing on us. I suspect what will happen here is that we'll end up rebuilding nodejs against 1.0 in 18.04. But this won't solve the problem for next time. >From your wording I don't think you've understood the distribution ecosystem and why what you are doing and your expectations are a problem for distributions to be able to meet in the general case. Distribution users *expect* package dependencies to be de-duplicated, and to receive security support for those dependencies from a single source. This is the reason that "apt-get install ..." Just Works. You rely on this too: for everything on your system that works without you caring for them specifically. Let's try not split our users into two factions, and instead figure out how to solve this problem well for everyone. But I think to begin to do that you first need to understand why distributions work the way they do. I'm happy to spend more time with you on this. Please feel free to ping me on IRC for a more interactive explanation of this, or to arrange some other medium. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1779863 Title: Ubuntu nodejs package isn't ABI compatible with mainline nodejs. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/nodejs/+bug/1779863/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs