 |
While updating the dependencies is definitely a good idea, I wouldn't worry so about vulnerabilities. We have a game engine (originally written by ID team). And no one ever cared about it safety. It includes so many vulnerabilities on its own, that dependencies are the least culprit if you start thinking about it. |
|
|
One minor note for the dependencies update: http://forums.thedarkmod.com/topic/19473-redesign-directory-structure-of-tdm-dependencies/#entry422669 If all dependencies (after boost removal, I suppose) can be easily compiled on every platform, then perhaps include build scripts instead of libraries. Well, this is an idea to investigate, at least. |
 |
Why not just use what is available on the system? I have created a build which uses libpng, libjpeg, ffmpeg, zlib, DevIL from the system, and it builds and runs fine. The whole package (tdm and tdm_update) is just 4MByte. It includes all the security fixes and performance improvements of the last years (e.g. usage of AVX instructions in libjpeg-turbo and ffmpeg). For Windows and MacOS, shipping the dependencies might be necessary, but I doubt anyone is building tdm on Linux and is unable to install some more dependencies. For the package and patches, see https://build.opensuse.org/package/show/home:StefanBruens:branches:games/thedarkmod |
|
|
As a part of related issue 0004822, I have updated all dependencies in svn rev 8158 (branch 3rdparty_4822 merged) and svn rev 8161. Usually I chose the most recent version of library available in conan package manager. I believe we should continue linking all dependencies in statically on both Windows and Linux. We have non-tech-savvy Linux players, who have no idea how to build stuff: they just download the binary and run it. For this use case to work without issues, it is important to NOT use any system dependency, and instead link everything statically. I assume that this way also removes any issues due to differences in Linux distributions, although I am not sure here. Anyway, I'm pretty sure that it is now much easier to switch build to system dependencies if you want. Just search for "ThirdParty" keyword in scons files, there would be two places: include paths and static libs. Adjust them to system stuff, and it should work. I thought about adding an option to scons build for using system dependencies. If there is demand, please create new issue. |
- Anonymous
