1 |
On Thu, 2021-07-08 at 11:15 -0700, Matt Turner wrote: |
2 |
> |
3 |
> So, the thing about running a minimal system is... you already have |
4 |
> these dependencies installed. This doesn't change that... |
5 |
> |
6 |
> I could of course change the default of every bzip2/lzma/zstd in IUSE |
7 |
> (and might as well handle zlib too so we can remove it from |
8 |
> make.defaults!) but what practical advantage does that bring? |
9 |
|
10 |
There's more to being a dependency than just being installed. Not all |
11 |
of these packages have e.g. USE=zstd so that they can run |
12 |
/usr/bin/zstd. Some link against libzstd, which now bloats them to use |
13 |
a tiny bit more space and memory, as well as exposing you to any |
14 |
security problems in the library. Your dependency tree gets a little |
15 |
bit more complicated, and your package manager has to figure out how to |
16 |
do subslot rebuilds for everything when libzstd gets upgraded. |
17 |
|
18 |
Per-package defaults are easier to override, since I don't have to undo |
19 |
everything before setting the USE-flags that I wanted to enable in the |
20 |
first place. |
21 |
|
22 |
Per-package defaults are easier to revert if we change our collective |
23 |
minds later, since we don't have to test the entire tree for breakage |
24 |
first. |
25 |
|
26 |
Global flags have essentially undefined behaviour, since e.g. USE=bzip2 |
27 |
does different things for each package. As an extreme example, global |
28 |
flags affect packages that aren't even in the tree yet and that may use |
29 |
USE=bzip2 in a way you don't expect. As a less extreme example, |
30 |
USE=bzip2 may open your crypto library up to compression attacks. It |
31 |
definitely makes your dev-lang/php more vulnerable. (The same goes for |
32 |
USE=zlib, which should be removed in favor of per-package defaults.) |
33 |
|
34 |
Global flag settings increase complexity because they all interact with |
35 |
each other, creating a combinatorial explosion of interaction points. |
36 |
Figuring out how to turn a global flag off for a subset of packages can |
37 |
be a nightmare. Do you change the file where it's enabled? Or the arch |
38 |
profile where the enabling is reverted? Or the arch/desktop profile |
39 |
where the disabling is disabled? Or the hardened profile where the |
40 |
disabled disabling is disabled? Any argument against global variables |
41 |
in a program is an argument against global profile changes. |
42 |
|
43 |
|
44 |
> I doubt there's a sensible reason to build without any of these USE |
45 |
> flags enabled. I think the claim that most people will want them |
46 |
> enabled is not really a question. So we should enable them by default. |
47 |
> I think that logic is pretty straightforward. If someone wants to |
48 |
> disable the flags for some reason, they of course still have that |
49 |
> option. |
50 |
> |
51 |
> If you can find a case where you wouldn't want to enable one of these |
52 |
> USE flags, please let me know and I'll reconsider my position. |
53 |
> |
54 |
|
55 |
I don't have them enabled for any packages where they're not IUSE- |
56 |
defaulted, and haven't noticed any problems. Not not having a reason to |
57 |
do something isn't a good justification to do it. If it ain't broke and |
58 |
all that. If anyone wants them set, it's as easy as USE="lzma bzip2 |
59 |
zstd", and we are apparently all okay without them. |
60 |
|
61 |
If you have a good reason to do it for certain packages, setting per- |
62 |
package defaults is the way to do it. The base profile defaults are |
63 |
only there because we didn't always have per-package defaults. |
64 |
|
65 |
But, if you really look, I think you'll find that most of these flags |
66 |
do completely useless things. Do you REALLY need libpcre to build and |
67 |
install you a special executable called "pcregrep-libbz2" that just |
68 |
pipes bunzip2 to pcregrep? No, nobody does. And most other uses are |
69 |
comparably stupid. |