| > Do you mean the kernel is going to load random files from a user writable location? That sounds like a security nightmare TBH. On a server, sure, but on a PC? It's their computer, they should be able to do that. You're confused because permission systems on Desktop OSs are currently based around user accounts, which is silly. If they were based around applications instead it wouldn't be a problem. > That assumes you have the rights to distribute the library and that the library is small enough. If you don't, then why is your application using it? As for size, multi-GB applications are pretty common. It's not libraries that bring that size up, it's assets. Some applications have icons larger than most libraries. Otherwise, if your application isn't valuable enough to be worth the size of that library, then maybe you shouldn't use such a huge dependency in the first place. > Maybe not for you. For millions of other users, its a very important use case. Apparently not one you're willing to elaborate on. Besides, as mentioned, I believe there are better and simpler solutions to the problem than package management. In fact, how the hell does package management even help here? |
A user-writable location should never be used to load kernel modules. This is a privilege escalation vulnerability.
>You're confused because permission systems on Desktop OSs are currently based around user accounts, which is silly. If they were based around applications instead it wouldn't be a problem.
I prefer to deal with the real world design of operating systems rather than imagined ones.
>If you don't, then why is your application using it?
Using an API doesn't give you distribution rights. Copyright law assigns that to the creator of the application/shared library/. Depending on the license you will get different rights to either include a copy of the library, include a separate installer of the library, let the user install it separately, etc.
In other cases, patent law can disallow distribution. To give you an example off the top of my head - MP3 encoding is under US patent law and Audacity (an audio editing software that I use) does not allow you to save to the MP3 format till you install the shared library separately and point the software to its location.
>Apparently not one you're willing to elaborate on.
What is there to elaborate on? Are you not aware that millions of computers used in schools, colleges, corporate offices, server farms, homes, etc rely on multi-user features?
Solving a general problem involves solving it seamlessly for a large number of usecases. Otherwise you end up with a fragmented system that is confusing.
I would prefer they solve it in a perfect manner with perfect compatibility and perfect code with zero bugs, but they wouldn't listen to me. ;)
> I believe there are better and simpler solutions to the problem than package management.
Okay?
In any case, your folder based idea doesn't solve many of the real problems that users and creators face w.r.t. distributing, installing, and updating software. Before you reject them, its worth thinking about them. Bye!