[sheepdog-users] About bundling libraries (at least one library isa-l)

Hitoshi Mitake mitake.hitoshi at lab.ntt.co.jp
Mon Oct 20 09:39:13 CEST 2014


At Fri, 17 Oct 2014 14:00:09 +0000,
Andrew J. Hobbs wrote:
> 
> [1  <text/plain; utf-8 (base64)>]
> I'd be against bundling libraries.  The team should be able to focus on 
> sheepdog, but once you fork libraries to bundle them in, you have to 
> take responsibility for any bugs/exploits against them.

I think it depends on characteristic of libraries. isa-l is a simple
library and tracking all changes wouldn't be difficult. If the
development of isa-l will be too active and hard to chase in the
future, we should consider to purge it from our repository. But
currently simple disabling option for the build script might be
enough.

> 
> Being an old school Unix guy, I'd rather be responsible for the build 
> that goes on my servers.  While I'd prefer it if sheep was curated in 
> the main distribution, changes are happening fast enough that's not an 
> option, and a PPA wouldn't be something I'd trust unless it was 
> automatic and from the sheepdog team.
> 
> I would like to see shepherd resurrected perhaps.  Corosync falls over 
> in practice, and zookeeper has its own idiosyncracies.  It would be nice 
> if that part was native to sheepdog.  That could be a project in its own 
> right, though.  So I'll be happy enough to keep on moving with zookeeper 
> and sheepdog.

Yes, I'd like to work on shepherd in the future. But, AFAIK, corosync
2.x is solid and works well :)

Thanks,
Hitoshi

> 
> On 10/16/2014 09:35 AM, Marcin Mirosław wrote:
> > Hi!
> > I'd like to talk about bundling libraries into sheepdog. It has
> > advantages and disadvantages, at this moment comes to my mind:
> > + stable api, upstream doesn't need to do anything when new version of
> > library brings big changes
> > +- new version of library can bring performance changes (both
> > performance can be increased or decreased;))
> > - upstream should track upstream of bundled library to catch stability,
> > security fixes
> >
> > There are some stories about soft which bundles some libraries, often it
> > ends with removing such soft from repositories due to security bugs in
> > bundled libs. IMHO (as sysadmin) it's better to not build selfhosted
> > soft platform (which brings to my mind behavior of php developers), it's
> > better to add new dependency for sheepdog (I mean dependency on isa-l).
> > You don't bundle e.g. gcc, userspace-rcu, pkgconfig, fuse and many more.
> > What is your opinion?
> > Marcin
> 
> [2 ajhobbs.vcf <text/x-vcard (base64)>]
> begin:vcard
> fn:Andrew J. Hobbs
> n:Hobbs;Andrew
> org:Delaware State University;Computer and Information Sciences
> adr:;;1200 N Dupont Hwy;Dover;DE;19901;USA
> email;internet:ajhobbs at desu.edu
> title:Lab Coordinator/System Administrator
> tel;work:302-857-7814
> tel;cell:443-359-0122
> x-mozilla-html:TRUE
> url:http://cis.desu.edu
> version:2.1
> end:vcard
> 
> [3  <text/plain; us-ascii (7bit)>]
> -- 
> sheepdog-users mailing lists
> sheepdog-users at lists.wpkg.org
> http://lists.wpkg.org/mailman/listinfo/sheepdog-users



More information about the sheepdog-users mailing list