On Thursday 16 September 2010 22:44:43 Arjan van de Ven wrote: > this is where you get in trouble if vendor Z ships libbar but in a > different configuration/version for some widgety nifty thing that they > do... ... and that version/configuration is not ABI compatible.
So, instead, you propose that every user is exposed to major security issues when a security bug is found in a popular library which many applications statically link with? Problems that they have no way of being notified about because nobody knows which applications use the compromised library? And even if they know about it, no way of fixing it except removing the app and waiting for an update from the author, if they can be bothered (after all, they already got their money). To me, this issue is the killer, which makes encouraging single package applications a complete non-starter. Just imagine the Engadget article when a serious security issue is found in a popular Twitter or Facebook library: "All MeeGo users told to uninstall all MeeGo Compliant social networking apps while vendors rush to fix problems. MeeGo Extras apps can be left installed because the security update is being pushed automatically to affected devices". Graham _______________________________________________ MeeGo-dev mailing list [email protected] http://lists.meego.com/listinfo/meego-dev
