In my post Estimating the Total Development Cost of a Linux Distribution, I noted that one of Fedora 9’s largest components was Enterprise Security Client (ESC), and wondered why ESC would be so big. After all, a security client should be small - not large.
I just got the answer from Rahul Sundaram of the Fedora project, who asked internally. It turns out that ESC currently includes its own copy of XULRunner. XULRunner essentially provides a library and infrastructure for running “XUL+XPCOM” applications such as Firefox, Thunderbird, and ESC. You can confirm this using the on-line ESC documentation. This is clearly not optimal; as I noted in a previous blog entry, developers should use system libraries, and not create their own local copies. Rahul says that the “the developers are currently working on making it use the system copy[,] which should drop down the size considerably”.
So ESC isn’t really that big - it’s just that ESC creates its own local copy of a massive infrastructure. This is obviously not great for security, since there’s a higher risk that bugs fixed in the real XULRunner would not be fixed in ESC’s local copy. But this appears to be a temporary issue; once Fedora’s version of ESC switches to the system XULRunner, the problem will disappear.
By the way, if you’re interested in the whole “measuring Linux’s size” thing, you should definitely take a look at the past measurements of Debian. My page on counting Source Lines of Code (SLOC) includes links and summaries of that work. It’s neat stuff! My thanks to Jesús M. González-Barahona, Miguel A. Ortuño Pérez, Pedro de las Heras Quirós, José Centeno González, Vicente Matellán Olivera, Juan-José Amor-Iglesias, Gregorio Robles-Martínez, and Israel Herráiz-Tabernero for doing that.
path: /oss | Current Weblog | permanent link to this entry