Conversation

Notices

1. Embed this notice
   ilja (ilja@ilja.space)'s status on Sunday, 06-Aug-2023 00:58:30 JST ilja
   is there any one smart enough to file an issue somewhere to get the Elixir release builds be static builds? So we don't need all these flavours any more and people can just drop the binary on w/e distro they have as long as the cpu architecture is good. (As I understand, that should be possible with static builds, right?)
   
   I guess having dynamic builds makes sense for corporations who control their infra, but for floss projects, that just seems like a bother in a lot of cases...
   
   I'm not smart enough. I don't know where to ask, how to ask, and if they want more information, I'll probably not even understand the question :/
   • on-lain ✔ᵛᵉʳᶦᶠᶦᵉᵈ likes this.
   • Embed this notice
     Haelwenn /элвэн/ :triskell: (lanodan@queer.hacktivis.me)'s status on Sunday, 06-Aug-2023 00:58:24 JST Haelwenn /элвэн/ :triskell:

     in reply to
     @ilja Even if this would exists, I wouldn't do it as one of the dependency is OpenSSL (pulled by Erlang).
   • Embed this notice
     Haelwenn /элвэн/ :triskell: (lanodan@queer.hacktivis.me)'s status on Sunday, 06-Aug-2023 01:05:29 JST Haelwenn /элвэн/ :triskell:

     in reply to
     @ilja Yeah and while distros can get embargos for OpenSSL so they can at least prepare themselves, you're likely not going to.
     And OpenSSL is used for HTTPS requests, so pretty much directly network-facing and it can have rather nasty security vulnerabilities.
   • Embed this notice
     ilja (ilja@ilja.space)'s status on Sunday, 06-Aug-2023 01:05:31 JST ilja

     in reply to

     • Haelwenn /элвэн/ :triskell:
     @lanodan what's the problem with that? Is it that OpenSSL needs to be easily/more quickly updateable?
   • Embed this notice
     Haelwenn /элвэн/ :triskell: (lanodan@queer.hacktivis.me)'s status on Sunday, 06-Aug-2023 01:23:06 JST Haelwenn /элвэн/ :triskell:

     in reply to
     @ilja Sadly OpenSSL is one of those doubly-annoying libraries that you both do not want to vendor *and* has regular ABI breaks.
     Distros should provide older/newer versions as compatibility but neither Debian nor Ubuntu are doing this (and of course they're also a pain to package for…).
     
     It's pretty much a stalemate kind of situation where the only thing you can do is make a bad choice. (And nearly be forced to it because Debian stale also means supporting nearly-EOL versions of Elixir…)
     
     My wish is for Debian to have a non-frozen or at least more up to date repository for things like applications, quite like what you get on the BSD side of things with base system being frozen for long term while ports are being regularly updated (either rolling or snapshots).
   • Embed this notice
     ilja (ilja@ilja.space)'s status on Sunday, 06-Aug-2023 01:23:09 JST ilja

     in reply to

     • Haelwenn /элвэн/ :triskell:
     @lanodan Would an option to do "static except these specific things" make sense? :blobfoxthink: Or are we just back at square one then? Because if OpenSSL can be such a problem, I assume distros make sure they have the newest version any how, so it wouldn't create the compatibility issues we see now. Or am I seeing things too simplistic?