-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Wednesday 07 April 2004 20:28, Robin Laing wrote: > If you have to install a whole package to meet one dependency then we > are starting to fall into the Microsoft trap of making applications > depend on unwanted/unrequited applications. Any extra application can > become a security issue that could allow a presently unknown type of > attack. We see it almost every day in Windows. I see this the other way around... the increased modularity tends to drive out bugs in the parts that are getting reused from many directions. Because everything GPL'd is reusable at no cost, reuse is more likely than if your proprietary paid-for product had to incorporate another paid-for product. The modularity and reuse is a great feature, assuming it got architected into the right parts. I was looking through the source for CUPS and SWAT the other day trying to see what library they used for their local HTTP serving. To my surprise they both rolled their own different solutions right there in the sources. Would have been better if they both used some kind of lightweight libhttp... (as I was expecting to see) all the devs from both projects would have been all over the one implementation which could only have benefitted. Instead there are two less-evolved network-listening, potentially remotely exploitable implementations (seems some folks aren't running the firewall) out there. A new dependency would be no price at all to pay for the improved reusability and robustness. - -Andy - -- Find your answer without waiting for replies.... Searchable list archives at http://marc.theaimsgroup.com/?l=fedora-list&r=1&w=2 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFAdF2mjKeDCxMJCTIRAqMRAJwMFsb/+0cnlSmecjEO35RVS4wTZwCgkdah a1ED+yO/Rz07LB2GU2uu7mo= =lCtB -----END PGP SIGNATURE-----
