[GTALUG] Flatpak: Anyone with Experience or Opinions on It?

D. Hugh Redelmeier hugh at mimosa.com
Fri Nov 3 15:01:04 EDT 2017


| From: Myles Braithwaite 👾 via talk <talk at gtalug.org>

| John Sellens via talk wrote:

| > To me, the obvious solutions is to install every library into a directory
| > named for the version, or name the library itself with a version number.
| > Then, if you wish, a default version can be chosen and linked/symlinked
| > into the default directory.

Sure.  But I'd rather correctness than stability.

Library users should code to a contract (in Unix, the manpage).
As time goes on, the contract gets stronger so old programs continue
to work.

If they don't work, that is a bug somewhere.  Fix it.  I know: easier
said than done.  Much easier said than done.  But problems pushed to
the future tend to snowball.

The Python case does not fit this model.  Python 3's contract is not
strictly stronger than Python 2's contract.  So code in Python 2 has
to be ported to Python 3.  In this case, having both versions around
is a good idea.  And they should not have an identical name.

This is easier with older stable facilities.  Like C and its
libraries.

It is harder for things that don't separate the contract from the
code.  Not a good model.

| Speaking largely from my experience with Node.js this doesn't work so
| while in practice. It becomes a major headache for "pr developers"[0]
| and users.
| 
| pr developers have to use libraries that they aren't 100% sure what the
| current feature set is and known bugs are. This creates a bunch of patch
| libraries, to back port existing features and bug fixes to the project
| and then you have dependencies hell.

Wow.  How horrible.  How unprofessional.  Don't do that.

| Users don't like it because it requires extra space to have multiple
| version of the same library.

A recipe for horrible security flaws.  Equifax breach?  Struts library
that was out of date and bound into something or other.  Ditto for the
CRA downtime in the run-up to tax deadlines this year.

| Especially when it comes to minor version
| releases. And it's getting quite common for people to run out of disk
| space again (the average laptop SSD is ~500GB and photos, videos, games,
| and even applications have gotten a lot large in the past five years).

Does that average laptop contain Node.js?  n copies of Node.js?

Boy required resources grow a lot.  For my Altair I wrote a monitor,
including a text editor, assembler, debugger, eprom burner, and audio
casette I/O package that fit in 7K.  Self-hosting: it could reassemble
itself and burn new eproms with the result.

My new Razer keyboard says it needs 200MB of space for MS Windows
drivers (mostly to fash lights, I think).  It seems to work fine on
Linux without a driver but I would like turn off the green lights on
each key.

| The only place this type of system works is in monolithic repos where
| the entire source is under one umbrella, ala Facebook and Google (and
| maybe Mozilla).[1][2][3]

And, perhaps, a Linux distro.


More information about the talk mailing list