apr-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Davi Arnaut <d...@haxent.com.br>
Subject Re: Get rid of builtin expat
Date Sun, 29 Jul 2007 16:25:18 GMT
Davi Arnaut wrote:
> Justin Erenkrantz wrote:
>> On 7/29/07, Davi Arnaut <davi@haxent.com.br> wrote:
>>> We don't need to bundle it because it's a mandatory API, we just have to
>>> explain to (win32) users how to extract a recent expat at xml/. It's not
>>> a matter of API and we don't *need* to bundle expat, it's becoming a burden.
>> No - the last time I checked, simply extracting a recent expat into
>> xml/ isn't sufficient for Win32.  Expat has changed its build systems
>> for Win32 many times over the years, so how we interface with a
>> bundled expat of varying versions requires manual customization of our
>> project files.  IOW, expat 2 isn't a drop-in replacement for 1.95.8 on
>> Win32.  (The library name has changed, etc, etc.)
> 
> I said "explain to the user", that implies explaining which versions,
> etc. But, how about leaving it for win32 and removing for other platforms?
> 
>> I am very much against projects that do not bundle required
>> dependencies - not everyone is on a platform that has a good package
>> management system.  I want a good out-of-the-box experience for folks
>> on bare-bones platforms.  For those who are fortunate to be on 'rich'
>> platforms can simply choose to use the --with flags.
> 
> IMHO, we are not in the business of solving packaging problems. If the
> user has to build apr-util (on a bare-bones plataform) he/she surely can
> build expat too, that's how things are supposed to work. "Hiding" only
> make things worse later, ie: bringing another library which links with
> another expat.. boom.
> 
>> And, I'm not so sure it's that much of a burden.
> 
> Sure it's a burden, the time we are spending here discussing whether or
> not to bundle, tracking bugs or updating our bundled version -- could
> all be better spent on other things :-)
> 

As an example:

http://www.securityfocus.com/bid/6398/info

Have we updated our bundled expat to fix this vulnerability?

--
Davi Arnaut


Mime
View raw message