findbugs [LSARC/2008/642 FastTrack timeout 10/27/2008]
James Carlson
james.d.carlson at sun.com
Fri Jan 16 05:56:56 PST 2009
Brian Utterback writes:
> From a sustaining point of view, having multiple copies of things is
> a nightmare. Suppose a security issue comes up with one of the
> components? We then have to find and fix all those copies. If we do
> what you suggest and include pre-compiled components, then we can't
> fix them and we might not even know they are there. How can you ever
> trust a component without knowing its provenance?
These issues (and more) were discussed for 1991/061. It's well worth
the read.
Brian's right: the big rule is that we deliver a system component only
once.
If there are extraordinary issues that compel a particular project to
deliver a private copy of something, then those issues should be
brought up and scrutinized carefully in the ARC, but the default is
still to deliver common components so that all can build on them.
--
James Carlson, Solaris Networking <james.d.carlson at sun.com>
Sun Microsystems / 35 Network Drive 71.232W Vox +1 781 442 2084
MS UBUR02-212 / Burlington MA 01803-2757 42.496N Fax +1 781 442 1677
More information about the opensolaris-arc
mailing list