Re: 4.99.16 and packages-2006Q4

Przemysław Pawełczyk wrote:
> On Thu, 29 Mar 2007 12:09:56 -0400
> "Steven M. Bellovin" <smbcs.columbia.edu> wrote:
> 
>>I think there's a deeper issue here.  Suppose that
he'd started with
>>3.1, installed those packages, then upgraded to
(say) 5.0.
>>Presumably, the "delete obsolete files"
part of the upgrade would
>>remove libssl.so.3, etc., at which point his
packages no longer
>>work.  That seems to be a serious break in backwards
compatibility.
>>(Or am I missing something?)
> 
> Hi,
> You shot first but I was thinking about it in simillar
way. AFAIK in my
> example, ther was no conflict of libraries but lack of
old symlinks. I
> vote for keeping them for one or two generation back.
Symlinks cost
> nothing.

No. The problem was not a lack of old symlimks. The problem
was a lack 
of old libraries. And this is why I said you were begging
for trouble.

What you did was:
a) ln /lib/libz.so.1.0 -> /usr/lib/libz.so.0

Bad, since you now claim that libz.so.0 is the same as
libz.so.1.0, 
which are two different major version numbers. I assume that
they are 
not that compatible, or the version change wouldn't have
taken place.

b) ln /lib/libstdc++.so.6.0 -> /lib/libstdc++.so.5

Same thing here. You're saying that libstdc++ v5 is the same
as v6. A 
bad idea.

c) ln /usr/lib/libssl.so.4 -> /usr/lib/libssl.so.3

libssl v3 is the same as v4, which they are not.

d) ln /lib/libcrypto.so.3.1 -> /usr/lib/libcrypto.so.2

and of course, libcrypto v2 is not the same as v3.1.

Understand that libmumble.so.1 is the generic name for
version 1 of 
libmumble. libmumble.so.1.0 is explicitly v1.0 of libmumble.

libmumble.so.1 might very well point to libmumble.so.1.0,
but 
libmumble.so.1 should never point to something not version 1
of 
libmumble, or you are asking for problems.
Also, libmumble.so might point at whatever the latest
version of 
libmumble, but most programs should not be linked to and be
referring to 
a shared library without atleast a major version number, for
obvious 
reasons.

	Johnny

	Johnny

Johnny Billquist wrote:
> Przemysław Pawełczyk wrote:
> 
>> On Thu, 29 Mar 2007 12:09:56 -0400
>> "Steven M. Bellovin" <smbcs.columbia.edu> wrote:
>>
>>> I think there's a deeper issue here.  Suppose
that he'd started with
>>> 3.1, installed those packages, then upgraded to
(say) 5.0.
>>> Presumably, the "delete obsolete
files" part of the upgrade would
>>> remove libssl.so.3, etc., at which point his
packages no longer
>>> work.  That seems to be a serious break in
backwards compatibility.
>>> (Or am I missing something?)
>>
>> Hi,
>> You shot first but I was thinking about it in
simillar way. AFAIK in my
>> example, ther was no conflict of libraries but lack
of old symlinks. I
>> vote for keeping them for one or two generation
back. Symlinks cost
>> nothing.
> 
> 
> No. The problem was not a lack of old symlimks. The
problem was a lack 
> of old libraries. And this is why I said you were
begging for trouble.

However, I do agree with the thought that old versions of
libraries 
should not be deleted lighthartedly. Lots of things that
shouldn't can 
get broken if we delete old libraries, so let's not do
that.

	Johnny