Wed Jun 28 16:43:10 CEST 2023

doc/_state_art.tex

@@ -19,7 +19,11 @@ \chapter{State of the art}
 fact that Linux libraries are very ``split'', as following
 the UNIX philosophy of ``do one thing and do it well'', the
 state of Linux distributions is that there are many
-libraries that combine. This is in contrast to
+libraries that combine. The vast majority of these library
+are written in C and C++, making Linux package managers the
+de facto package manager for these languages
+\cite{amor-iglesiasMeasuringLibreSoftware2005} . This is in
+contrast to
 other operating systems like Windows, where a package author
 can rely on a ``base'' system that doesn't change, and can
 bundle its own dependencies as part of the package, without
@@ -28,7 +32,11 @@ \chapter{State of the art}
 Because each distribution has its own organization of
 packages versions and customization, that are not
 interoperable between different distributions, the Linux
-ecosystem is very fragmented. The projects use their own
+ecosystem is very fragmented
+\cite{espePerformanceEvaluationContainer2020}, even existing
+distributions for specific applications
+\cite{nemotoLin4NeuroCustomizedLinux2011} . The projects
+use their own
 package manager to install every package, as installing a
 different package manager is not guaranteed to work. For
 this reason, each distribution is only associated with its
@@ -84,7 +92,7 @@ \chapter{State of the art}
 NixOS. While this solves the problem of reproducible
 software deployments that Docker / OCI solves, the latter
 also provides an application runtime which is used to
-isolate the application from the host operating system. In
+isolate the application from the host operating system \cite{espePerformanceEvaluationContainer2020}. In
 this regard, Nix is just a system to build packages. One of
 the problem that Nix faces is the usage of its own
 language Nix (with the same name), that is based on the
@@ -94,3 +102,29 @@ \chapter{State of the art}
 investigated in the usage of the Scheme language as an
 alternative to Nix
 \cite{courtesFunctionalPackageManagement2013} .
+
+A different approach to the problem of mutating packages in
+the operating system has been taken by OSTree. This project
+aims to develop a package-centric installation model based
+on git \cite{waltersFutureContinuousIntegration2013} . In
+the OSTree-backed distributions, like Fedora Silverblue, the
+operating system is stored in a ostree, such that changes
+updates are done by pulling a new ``commit'' from the
+internet. This change is done automatically without user
+intervention, such that the files in the operating system
+are not swapped while the system is online. As ostree
+organizes the file in a git-like structure, the \ac{FHS} is
+kept (|/usr/bin|, |/usr/lib|, etc), but the files are stored
+in a content address storage. The file system is also kept
+as read-only, as the changes are performed on boot, thus
+having an immutable system.
+
+While package managers for Linux operating systems are on
+the spotlight of this project, any software project grows
+big enough such that it needs to implement its own package
+manager. This is the case for every programming language,
+that supports any kind of concept of libraries, such as the
+languages used for this project: Rust (crates) and Lua
+(luarocks). The reproducibility of packages is of serious
+concern \cite{goswamiInvestigatingReproducibilityNPM2020}, as the world relies more heavily on online
+services.

doc/assets/miq.bib

@@ -25,6 +25,17 @@ @article{al-mutawaShapeCircularDependencies2014
   file = {C\:\\Users\\ayats\\Zotero\\storage\\N3MGJ3GZ\\al-mutawa2014.pdf.pdf}
 }
 
+@article{amor-iglesiasMeasuringLibreSoftware2005,
+  title = {Measuring Libre Software Using Debian 3.1 (Sarge) as a Case Study: {{Preliminary}} Results},
+  author = {Amor-Iglesias, Juan-José and González-Barahona, Jesús M and Robles-Martínez, Gregorio and Herráiz-Tabernero, Israel},
+  date = {2005},
+  journaltitle = {UPGRADE The European Journal for the Informatics Professional},
+  shortjournal = {UPGRADE The European Journal for the Informatics Professional},
+  volume = {6},
+  number = {3},
+  pages = {13--16}
+}
+
 @book{bang-jensenDigraphs2009,
   title = {Digraphs},
   author = {Bang-Jensen, Jørgen and Gutin, Gregory Z.},
@@ -172,6 +183,14 @@ @article{erParallelComputationApproach1983
   file = {C\:\\Users\\ayats\\Zotero\\storage\\ZBXBCSSE\\Er - 1983 - A Parallel Computation Approach to Topological Sor.pdf;C\:\\Users\\ayats\\Zotero\\storage\\ELY5IQPM\\377400.html}
 }
 
+@inproceedings{espePerformanceEvaluationContainer2020,
+  title = {Performance {{Evaluation}} of {{Container Runtimes}}.},
+  author = {Espe, Lennart and Jindal, Anshul and Podolskiy, Vladimir and Gerndt, Michael},
+  date = {2020},
+  pages = {273--281},
+  eventtitle = {{{CLOSER}}}
+}
+
 @online{EverythingYouNeed,
   title = {Everything {{You Need}} to {{Know}} about {{Linux Containers}}},
   url = {https://www.linuxjournal.com/content/everything-you-need-know-about-linux-containers-part-ii-working-linux-containers-lxc},
@@ -212,6 +231,20 @@ @online{GNUCompilerCollection
   file = {C\:\\Users\\ayats\\Zotero\\storage\\TU3SYDM7\\gcc.html}
 }
 
+@inproceedings{goswamiInvestigatingReproducibilityNPM2020,
+  title = {Investigating {{The Reproducibility}} of {{NPM Packages}}},
+  booktitle = {2020 {{IEEE International Conference}} on {{Software Maintenance}} and {{Evolution}} ({{ICSME}})},
+  author = {Goswami, Pronnoy and Gupta, Saksham and Li, Zhiyuan and Meng, Na and Yao, Daphne},
+  date = {2020-09},
+  pages = {677--681},
+  issn = {2576-3148},
+  doi = {10.1109/ICSME46990.2020.00071},
+  abstract = {Node.js has been popularly used for web application development, partially because of its large software ecosystem known as NPM (Node Package Manager) packages. When using open-source NPM packages, most developers download prebuilt packages on npmjs.com instead of building those packages from available source, and implicitly trust the downloaded packages. However, it is unknown whether the blindly trusted prebuilt NPM packages are reproducible (i.e., whether there is always a verifiable path from source code to any published NPM package). Therefore, for this paper, we conducted an empirical study to examine the reproducibility of NPM packages, and to understand why some packages are not reproducible.Specifically, we downloaded versions/releases of 226 most popularly used NPM packages and then built each version with the available source on GitHub. Next, we applied a differencing tool to compare the versions we built against versions downloaded from NPM, and further inspected any reported difference. Among the 3,390 versions of the 226 packages, only 2,087 versions are reproducible. Based on our manual analysis, multiple factors contribute to the non-reproducibility issues, such as flexible versioning information in package.json file and the divergent behaviors between distinct versions of tools used in the build process. Our investigation reveals challenges of verifying NPM reproducibility with existing tools, and provides insights for future verifiable build procedures.},
+  eventtitle = {2020 {{IEEE International Conference}} on {{Software Maintenance}} and {{Evolution}} ({{ICSME}})},
+  keywords = {JavaScript,Manuals,NPM packages,Open source software,Packaging,reproducibility,Software development management,Software maintenance,Standards,Tools},
+  file = {C\:\\Users\\ayats\\Zotero\\storage\\DXVSEYRD\\Goswami et al. - 2020 - Investigating The Reproducibility of NPM Packages.pdf;C\:\\Users\\ayats\\Zotero\\storage\\V8KCXAQY\\9240695.html}
+}
+
 @online{HashStdHash,
   title = {Hash in Std::Hash - {{Rust}}},
   url = {https://doc.rust-lang.org/stable/std/hash/trait.Hash.html},
@@ -245,6 +278,20 @@ @online{LdLinuxManual
   file = {C\:\\Users\\ayats\\Zotero\\storage\\NH8WX7GA\\ld.so.8.html}
 }
 
+@inproceedings{legayPackageFreshnessLinux2020,
+  title = {On {{Package Freshness}} in {{Linux Distributions}}},
+  booktitle = {2020 {{IEEE International Conference}} on {{Software Maintenance}} and {{Evolution}} ({{ICSME}})},
+  author = {Legay, Damien and Decan, Alexandre and Mens, Tom},
+  date = {2020-09},
+  pages = {682--686},
+  issn = {2576-3148},
+  doi = {10.1109/ICSME46990.2020.00072},
+  abstract = {The open-source Linux operating system is available through a wide variety of distributions, each containing a collection of installable software packages. It can be important to keep these packages as fresh as possible to benefit from new features, bug fixes and security patches. However, not all distributions place the same emphasis on package freshness. We conducted a survey in the first half of 2020 with 170 Linux users to gauge their perception of package freshness in the distributions they employ, the value they place on package freshness and the reasons why they do so, and the methods they use to update packages. The results of this survey reveal that, for the aforementioned reasons, keeping packages up to date is an important concern to Linux users and that they install and update packages through their distribution’s official repositories whenever possible, but often resort to third-party repositories and package managers for proprietary software and programming language libraries. Some distributions are perceived to be much quicker in deploying package updates than others. These results are useful to assess the expectations and requirements of Linux users in terms of package freshness and guide them in choosing a fitting distribution.},
+  eventtitle = {2020 {{IEEE International Conference}} on {{Software Maintenance}} and {{Evolution}} ({{ICSME}})},
+  keywords = {Computer bugs,Computer languages,Libraries,Linux,Security,Stability analysis,Tools},
+  file = {C\:\\Users\\ayats\\Zotero\\storage\\XC3GI7YI\\Legay et al. - 2020 - On Package Freshness in Linux Distributions.pdf;C\:\\Users\\ayats\\Zotero\\storage\\R4D4YXP5\\9240686.html}
+}
+
 @online{LinuxFoundationReferenced,
   title = {Linux {{Foundation Referenced Specifications}}},
   url = {https://refspecs.linuxfoundation.org/},
@@ -327,6 +374,26 @@ @inproceedings{neelakantamHardwareAtomicityReliable2007
   langid = {english}
 }
 
+@article{nemotoLin4NeuroCustomizedLinux2011,
+  title = {{{Lin4Neuro}}: A Customized {{Linux}} Distribution Ready for Neuroimaging Analysis},
+  shorttitle = {{{Lin4Neuro}}},
+  author = {Nemoto, Kiyotaka and Dan, Ippeita and Rorden, Christopher and Ohnishi, Takashi and Tsuzuki, Daisuke and Okamoto, Masako and Yamashita, Fumio and Asada, Takashi},
+  date = {2011-01-25},
+  journaltitle = {BMC Medical Imaging},
+  shortjournal = {BMC Med Imaging},
+  volume = {11},
+  number = {1},
+  pages = {3},
+  issn = {1471-2342},
+  doi = {10.1186/1471-2342-11-3},
+  url = {https://doi.org/10.1186/1471-2342-11-3},
+  urldate = {2023-06-28},
+  abstract = {A variety of neuroimaging software packages have been released from various laboratories worldwide, and many researchers use these packages in combination. Though most of these software packages are freely available, some people find them difficult to install and configure because they are mostly based on UNIX-like operating systems. We developed a live USB-bootable Linux package named "Lin4Neuro." This system includes popular neuroimaging analysis tools. The user interface is customized so that even Windows users can use it intuitively.},
+  langid = {english},
+  keywords = {Hard Disk,Hard Disk Drive,Inhomogeneity Correction,Neuroimaging Analysis,Window User},
+  file = {C\:\\Users\\ayats\\Zotero\\storage\\6ZCIF6AS\\Nemoto et al. - 2011 - Lin4Neuro a customized Linux distribution ready f.pdf}
+}
+
 @online{NixNixOSReproducible,
   title = {Nix \& {{NixOS}} | {{Reproducible}} Builds and Deployments},
   url = {https://nixos.org/},
@@ -432,3 +499,16 @@ @online{TokioRust
   urldate = {2023-06-26},
   file = {C\:\\Users\\ayats\\Zotero\\storage\\SVU3QBGS\\tokio.html}
 }
+
+@inproceedings{waltersFutureContinuousIntegration2013,
+  title = {The Future of Continuous Integration in {{GNOME}}},
+  booktitle = {2013 1st {{International Workshop}} on {{Release Engineering}} ({{RELENG}})},
+  author = {Walters, Colin and Poo-Caamaño, Germán and German, Daniel M.},
+  date = {2013-05},
+  pages = {33--36},
+  doi = {10.1109/RELENG.2013.6607695},
+  abstract = {In Free and Open Source Software (FOSS) projects based on Linux systems, the users usually install the software from distributions. The distributions act as intermediaries between software developers and users. Distributors collect the source code of the different projects and package them, ready to be installed by the users. Packages seems to work well for managing and distributing stable major and minor releases. It presents, however, various release management challenges for developers of projects with multiples dependencies not always available in the stable version of their systems. In projects like GNOME, composed of dozens of individual components, developers must build newer versions of the libraries and applications that their applications depend upon before working in their own projects. This process can be cumbersome for developers who are not programmers, such as user interaction designers or technical writers. In this paper we describe some of the problems that the current distribution model presents to do continuous integration, testing and deployment for developers in GNOME, and present ongoing work intended to address these problems that uses a git-like approach to the building and deployment of applications.},
+  eventtitle = {2013 1st {{International Workshop}} on {{Release Engineering}} ({{RELENG}})},
+  keywords = {Buildings,Continuous Integration,Free/Open Source Software,GNOME,Libraries,Linux,Operating systems,Release Engineering,Switches,Testing},
+  file = {C\:\\Users\\ayats\\Zotero\\storage\\MZSEL553\\Walters et al. - 2013 - The future of continuous integration in GNOME.pdf;C\:\\Users\\ayats\\Zotero\\storage\\TGPDRMIK\\6607695.html}
+}