Managing software uninstall with negative trust

A problematic aspect of software management systems in view of integrity preservation is the handling, approval, tracking and eventual execution of change requests. In the context of the relation between clients and repositories, trust can help identifying all packages required by the intended installation. Negative trust, in turn, can be used to approach the complementary problem induced by removing packages. In this paper we offer a logic for negative trust which allows to identify admissible and no-longer admissible software packages in the current installation profile in view of uninstall processes. We provide a simple working example and the system is formally verified using the Coq theorem prover

Small world characteristics of FLOSS distributions

Over the years, Free/Libre Open Source Software (FLOSS) distributions have become more and more complex and recent versions contain tens of thousands of packages. This has made it impossible to do quality control by hand. Instead, distribution editors must look to automated methods to ensure the quality of their distributions. In the present paper, we present some insights into the general structure of FLOSS distributions. We notably show that such distributions have the characteristics of a small world network: there are only a few important packages, and many less important packages. Identifying the important packages can help editors focus their efforts on parts of the distribution where errors will have important consequences

Formal verification of a theory of packages

Over the years, open source distributions have become increasingly largeand complex—as an example, the latest Debian distribution contains almost 30 000packages.Consequently, the tools that deal with these distribution have also become more andmore complex. Furthermore, to deal with increasing distribution sizes optimisationhas become more important as well.To make sure that correctness is not sacrificed for complexity and optimisation, it isimportant to verify the underlying assumptions formally.In this paper, we present an example of such a verification: a formalisation in Coqof a theory of packages and their interdependencies

On the correctness of a branch displacement algorithm

The branch displacement problem is a well-known problem in assembler design. It revolves around the feature, present in several processor families, of having different instructions, of different sizes, for jumps of different displacements. The problem, which is provably NP-hard, is then to select the instructions such that one ends up with the smallest possible program. During our research with the CerCo project on formally verifying a C compiler, we have implemented and proven correct an algorithm for this problem. In this paper, we discuss the problem, possible solutions, our specific solutions and the proofs

Using strong conflicts to detect quality issues in component-based complex systems

The mainstream adoption of free and open source software (FOSS) has widely popularised notions like software packages or plugins, maintained in a distributed fashion and evolving at a very quick pace. Each of these components is equipped with metadata, such as dependencies, which define the other components it needs to function properly, and the incompatible components it cannot work with. In this paper, we introduce the notion of strong conflicts, defined from the component dependencies, that can be effectively computed. It gives important insights on the quality issues faced when adding or upgrading components in a given component repository, which is one of the facets of the predictable assembly problem.Our work contains concrete examples drawn from the world of GNU/Linux distributions, that validate the proposed approach. It also shows that the measures defined can be easily applied to the Eclipse world, or to any other coarse-grained software component model

Managing software uninstall with negative trust

A problematic aspect of software management systems in view of integrity preservation is the handling, approval, tracking and eventual execution of change requests. In the context of the relation between clients and repositories, trust can help identifying all packages required by the intended installation. Negative trust, in turn, can be used to approach the complementary problem induced by removing packages. In this paper we offer a logic for negative trust which allows to identify admissible and no-longer admissible software packages in the current installation profile in view of uninstall processes. We provide a simple working example and the system is formally verified using the Coq theorem prover