Re: [Sks-devel] SKS debian package

[Jeffrey Johnson]

On Apr 29, 2012, at 7:14 PM, Christoph Anton Mitterer wrote:

> Jeffrey, it's a bit strange, to read you claiming Debian would have lack
> of skill / etc. while you try to convince us of static linking, or at
> least that's what I think you do.
> 

Its equally strange to receive hostile comments
        not just my opinion but decades of lectures learned in software design
and unsubstantiated claims
        There have been security problems with BDB, either directly in BDB or in
        the software ecosystem surrounding BDB,
whI pointed out a historical fact, and referenced the cost .

You and Robert chose to continue this discussion *NOT ME*.

> Whether BDB has a big CVE record or not doesn't  matter at all, as
> security holes (or other critical) bugs can just always be found and
> then one has a problem with static linking,... even if you don't
> technically link static, but just include a shared lib in sks
> package,... you're end up with all the same problems.
> 

Exactly.

> 
> Apart from that, I don't see any advantage of that way, you'd have told
> us so far?
> 

The advantage is reducing what needs to be supported in SKS.
Choosing a single version and using that is far easier to support
than any other distribution scheme.

> You'd still have the problem that sks, in some way, would need to be
> adapted (eventually) to current BDB releases…

No you don't: what "works" continues to "work".

> Given that projects may not be able to do this immediately, I considered
> it to be quite handy if distros like deb ship more than just one major
> BDB release (although, ideally it would be just the most recent one).
> 

There's that word again "distros". The number of people who
might use SKS is vanishingly small. I have had several discussions
with distros regrading SKS, have offered to set up, and help maintain,
the answer is invariably
        *shrug*
There isn't much of a usage case for SKS in any "distro": Why bother?
> 
> 
> Nevertheless, it's open source and you're free to do (more or less)
> whatever you want.
> 

And I do. I don't need your or any distros permission to do so.

> 
> I can just tell you that no distro will take such packages (if they
> know) when you can't tell them very strong reasons.
> 

And who made you God making such pronouncements? My
name  is already in far far far more linux distro packaging than
yours well ever be.

I do find the
        Death to static linking!
argument naively applied by people who have almost no
experience with Berkeley DB, in orede to increase their GodHood.

> And I can just suggest sks developers not to follow that way.
> 

And I suggest the opposite:

        Choose _SOME_ version of Berkeley DB and bundle in SKS in order to 
reduce
        the meaningless complexity and focus on the application, not other 
agendas.

73 de Jeff