:: Re: [DNG] leveldb support proposal
Página Principal
Delete this message
Reply to this message
Autor: Daniel Reurich
Data:  
Para: dng@lists.dyne.org
Assunto: Re: [DNG] leveldb support proposal
On 26/02/16 05:01, Ivan J. wrote:
> Hello DnG.
>
> Is there interest in Devuan supporting multiple versions of leveldb?


It is possible, but is it necessary??
It would should be relatively easy to forward port the libdb4.8 package
from squeeze.

> Why I am wondering is because of Bitcoin and its code. Currently Bitcoin
> statically links db-4.8 and it is used for having wallet support in
> Bitcoin Core.

Are you talking about bitcoin in general or bitcoin in debian|devuan?

Are we talking about leveldb or berkely db (package libdb-<version>??
You ask about leveldb and then refer to berkely db versions...

> Where the problem arises is when you try to build Bitcoin Core yourself.


> You need to compile with db-4.8 libraries, and we all know distros have
> dropped it in favor of 5.x... Using system leveldb on distros requires
> higher QA for leveldb than typical.


Can it not be made to build against db-5.3? If not, why not?

> What I am proposing is Devuan to support multiple versions of leveldb
> and tie Bitcoin packages to the right one. Another option is to never
> push updates to leveldb until they are known consensus-safe. It would be
> awesome if Devuan could be the second distro to meet the higher
> standards required for the Bitcoin code; for example, a bugfix to
> leveldb could cause serious security problems with Bitcoin. (This is why
> it's statically linked for almost every distro).


Sure, but the question this raises in my mind is; Is their a proven
issue with db-5.3 that has been introduced that breaks bitcoin-core or
adds security threats?

The risk is that issues that have been fixed in later libdb versions
remain broken in the version that bitcoin statically links in. So there
is a trade off either way, and what is the better approach... fix
bitcoin or forever hold onto an obsolete library for one package where
the maintainers refuse to switch to a newer version.


--
Daniel Reurich
Centurion Computer Technology (2005) Ltd.
021 797 722