Hacker News new | past | comments | ask | show | jobs | submit login

Which, considering disk space is cheap, is a better way to do it than getting stuck in apt dependency hell.



If you do it right, you don't really have problems with dependencies itself. Also look at other package managers like Portage (Gentoo).

The actual problem, from an app developer point of view is that you can't ensure that the lib behave exactly in the same way as on the developers system (and that may not just because of different versions but also because of different compiler settings etc). In many cases, the app developer also has some own patches inside some of the libraries to integrate them better into his application. It is often utopic to wait and hope to get those patches upstream.


It's also a security nightmare.


No. It is not. I'm really tired of this argument. It assumes other platforms are the same as Linux, and that's incorrect.

Here's why you're wrong:

Unlike Linux, Mac OS X ships with a standard, stable, and exceptionally complete set of libraries. Apple goes to great lengths to maintain binary and API compatibility, and this means a few things:

- Most applications will only require Apple-supplied libraries, as there's very little that isn't provided by the OS libraries.

- Apple keeps the OS libraries up-to-date.

This feature-complete ABI/API-stable environment is not free for Apple to provide -- it takes a lot of effort to provide a consistent API across libraries and maintain the API/ABI compatibility across releases, but the advantages are tremendous. Mac OS X has been able to skate by without package management for years because this approach allows for drag-install drag-uninstall application distribution.

UNIX derivatives, on the other hand, were faced with a lack of standardization of core application libraries, a huge number of incompatible libraries to fill in the gaps, and a software distribution model that involves splatting files all over the disk. The end result is that you need a packaging system to maintain security updates, manage all the files on disk, and upgrade the world in lockstep due to API/ABI compatibility issues across libraries shared by wildly disparate applications.

So -- tl;dr -- it's not a security 'nightmare' because the core libraries that everyone uses are already shared and updated by the OS vendor.

This is also what makes Mac OS X so much nicer to develop and distribute applications for as compared to platforms that require a centralized package manager authority to keep things sane.


I agree with you and I think all your points are valid but the GP specifically mentioned statically compiling dependencies, not using only what is already provided.

Something else that helps with Apple's way of doing things is their reasonably slow release cycle (when compared to most Linux distributions).


So what's the solution? In the absence of libraries that never break and are fully backwards-compatible with newer versions, we have to make some tradeoffs...


That never happens. Unless you start mucking around yourself.


I don't know why someone downmodded you, but this is almost entirely correct in my Linux experience. Most of the major distros (Debian and Fedora is where most of my experience is) get so many things right it's amazing that it's all volunteers. Only when you start compiling random things from source, adding in non standard software, closed source binaries, etc, is when dependency hell can really start.




Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: