C++ Logo

sg15

Advanced search

Re: [Tooling] Package Dependency Manager (PDM) and Build System Guidelines

From: Torvald Riegel <triegel_at_[hidden]>
Date: Tue, 20 Mar 2018 13:10:37 +0100
On Sun, 2018-03-18 at 00:50 -0400, Tony V E wrote:
> As an app developer, I'd like to use Boost‎.Signals (lib) in this cross platform desktop app.

A good example, because it shows that there's much more detail that's
necessary to make it clear what's actually requested, and how that would
affect the solution.

What happens to this app when there's a security issue in this library?
Does the developer expect to ship a new revision of the app? Where does
this bundling stop, and is it actually helpful? How does the developer
figure out when such updates are necessary? Does the developer
back-port the fix, or is the library upstream project providing that?
Or is the fix only in newly released versions of the library?
How is the app distributed? As a container? Are containers truly
cross-platform currently? Or does the tooling need to consider
supporting several distribution mechanisms? (Note that the distribution
mechanism can affects how the app needs to be built.)

Or does the developer expect each platform to provide a fixed,
ABI-compatbile version of this app? How can this be cross-platform? Is
the tooling also supposed to track what each platform provides and
adjust accordingly?

And this is just a random selection of the questions one would have to
ask.

Received on 2018-03-20 13:10:42