| 1 |
Ed W posted on Fri, 06 Nov 2009 23:40:30 +0000 as excerpted: |
| 2 |
|
| 3 |
> I often hear this general kind of commentary. Just out of interest, |
| 4 |
> how/why do you care about the byte count that much? Apart from embedded |
| 5 |
> work, or perhaps virtualised servers, I find it surprising to imagine |
| 6 |
> that "most people" find the "cost" of minimising installed size (well |
| 7 |
> more than the obvious stuff) to be worth the effort (in general)? |
| 8 |
|
| 9 |
> If you are worried about security issues in dependencies then do also |
| 10 |
> look at hardened (esp. with the gcc-4.4 hardened overlay) and perhaps |
| 11 |
> grsecurity - this can very effectively mitigate the effects of many |
| 12 |
> security holes. |
| 13 |
|
| 14 |
What a lot of (at least non-dev) folks don't realize is that particularly |
| 15 |
on a distribution such as Gentoo, in addition to the size bloat, and |
| 16 |
security considerations, both of which you brought up, there's the simple |
| 17 |
or general ongoing maintenance consideration. Of course that's not quite |
| 18 |
so big of an issue on embedded, where presumably you install it and let |
| 19 |
it be for long periods of time (perhaps for the life of the unit), but |
| 20 |
for general "computer" use, at /least/ desktop, the ongoing updates and |
| 21 |
maintenance costs **FAR** outweigh any size consideration in the usual |
| 22 |
case, and really, except to the extent that updates and security are tied |
| 23 |
together, they outweigh the security aspect of the additional features as |
| 24 |
well. |
| 25 |
|
| 26 |
It was actually a couple years into my Gentoo experience that the effect |
| 27 |
of "bloat" in the form of optional dependencies (USE flags on Gentoo) |
| 28 |
began to dawn on me, and I've only appreciated it more, since, |
| 29 |
with the effect /particularly/ emphasized to me while I had both kde3 and |
| 30 |
kde4 installed (luckily without Gnome to worry about as well). That's a |
| 31 |
/huge/ number of additional packages to worry about keeping updated, for |
| 32 |
the revdep-rebuild I run after every update to check and maybe flag for |
| 33 |
rebuild, etc. |
| 34 |
|
| 35 |
To a rather lessor but more frequent extent, updating codecs and/or |
| 36 |
imagemagick invariably triggers a revdep-rebuild on transcode, mplayer, |
| 37 |
xine-libs, and k3b -- and that's with --as-needed in my LDFLAGS, without |
| 38 |
it things would be MUCH MUCH worse. |
| 39 |
|
| 40 |
So if I'm not using a codec, or if I /might/ use it say once every year |
| 41 |
or two, it's DEFINITELY better to have that USE flag off and not have to |
| 42 |
deal with that codec triggering revdep-rebuilds every time it updates, |
| 43 |
and in the event that I DO run across somethign that needs it, just turn |
| 44 |
it on --single-shot, compile what I need with it, do what I want, then |
| 45 |
turn it off and emerge -N and revdep-rebuild to put everything back to |
| 46 |
not using it again. |
| 47 |
|
| 48 |
Of course with the big DEs the effect is far bigger. It's to the point |
| 49 |
where when looking for an app for some new purpose, if it's dependent on |
| 50 |
the desktop I don't run (GNOME, for me, but KDE for others), that's an |
| 51 |
almost insurmountable barrier to overcome to have me even try it, because |
| 52 |
the cost of continual maintenance of even the basics of an entire DE are |
| 53 |
simply way too high to be worth it for a single app or even two or three, |
| 54 |
unless they happen to be primary functionality for what I'm doing, of |
| 55 |
course, in which case may I'll switch DEs. I long since settled on KDE |
| 56 |
apps for most of my primary functionality, and the cost of doing |
| 57 |
otherwise is high enough that's unlikely to change unless KDE or my own |
| 58 |
needs change enough that I dump KDE entirely. (Actually, with kde4, a |
| 59 |
lot of folks have found just that, that KDE changed out from under them |
| 60 |
and no longer meets their needs, so they're switching away from it. I |
| 61 |
came close, but had enough other reasons to stick with it that I found or |
| 62 |
in some cases scripted my own solutions to the missing or b0rk3n kde4 |
| 63 |
functionality, so ended up sticking with it... but at enormous personal |
| 64 |
time and resources investment to do so... enough that comparably, paying |
| 65 |
a grand for MS software would be a reasonable tradeoff... if there |
| 66 |
weren't bigger issues I was worried about.) |
| 67 |
|
| 68 |
But you didn't even mention the cost of continuing maintenance factor for |
| 69 |
all that "bloat", and on a Gentoo system, at least desktop, that's really |
| 70 |
the big one. |
| 71 |
|
| 72 |
BTW, if you could, please turn off the HTML. Some people find it |
| 73 |
troublesome to deal with. You (or your client) do include plain text, |
| 74 |
which helps, but do you /really/ need the HTML, at the cost of making |
| 75 |
life harder for some readers? |
| 76 |
|
| 77 |
-- |
| 78 |
Duncan - List replies preferred. No HTML msgs. |
| 79 |
"Every nonfree program has a lord, a master -- |
| 80 |
and if you use the program, he is your master." Richard Stallman |
Archives