| 1 |
On Thu, 2021-07-08 at 11:15 -0700, Matt Turner wrote: |
| 2 |
> |
| 3 |
> So, the thing about running a minimal system is... you already have |
| 4 |
> these dependencies installed. This doesn't change that... |
| 5 |
> |
| 6 |
> I could of course change the default of every bzip2/lzma/zstd in IUSE |
| 7 |
> (and might as well handle zlib too so we can remove it from |
| 8 |
> make.defaults!) but what practical advantage does that bring? |
| 9 |
|
| 10 |
There's more to being a dependency than just being installed. Not all |
| 11 |
of these packages have e.g. USE=zstd so that they can run |
| 12 |
/usr/bin/zstd. Some link against libzstd, which now bloats them to use |
| 13 |
a tiny bit more space and memory, as well as exposing you to any |
| 14 |
security problems in the library. Your dependency tree gets a little |
| 15 |
bit more complicated, and your package manager has to figure out how to |
| 16 |
do subslot rebuilds for everything when libzstd gets upgraded. |
| 17 |
|
| 18 |
Per-package defaults are easier to override, since I don't have to undo |
| 19 |
everything before setting the USE-flags that I wanted to enable in the |
| 20 |
first place. |
| 21 |
|
| 22 |
Per-package defaults are easier to revert if we change our collective |
| 23 |
minds later, since we don't have to test the entire tree for breakage |
| 24 |
first. |
| 25 |
|
| 26 |
Global flags have essentially undefined behaviour, since e.g. USE=bzip2 |
| 27 |
does different things for each package. As an extreme example, global |
| 28 |
flags affect packages that aren't even in the tree yet and that may use |
| 29 |
USE=bzip2 in a way you don't expect. As a less extreme example, |
| 30 |
USE=bzip2 may open your crypto library up to compression attacks. It |
| 31 |
definitely makes your dev-lang/php more vulnerable. (The same goes for |
| 32 |
USE=zlib, which should be removed in favor of per-package defaults.) |
| 33 |
|
| 34 |
Global flag settings increase complexity because they all interact with |
| 35 |
each other, creating a combinatorial explosion of interaction points. |
| 36 |
Figuring out how to turn a global flag off for a subset of packages can |
| 37 |
be a nightmare. Do you change the file where it's enabled? Or the arch |
| 38 |
profile where the enabling is reverted? Or the arch/desktop profile |
| 39 |
where the disabling is disabled? Or the hardened profile where the |
| 40 |
disabled disabling is disabled? Any argument against global variables |
| 41 |
in a program is an argument against global profile changes. |
| 42 |
|
| 43 |
|
| 44 |
> I doubt there's a sensible reason to build without any of these USE |
| 45 |
> flags enabled. I think the claim that most people will want them |
| 46 |
> enabled is not really a question. So we should enable them by default. |
| 47 |
> I think that logic is pretty straightforward. If someone wants to |
| 48 |
> disable the flags for some reason, they of course still have that |
| 49 |
> option. |
| 50 |
> |
| 51 |
> If you can find a case where you wouldn't want to enable one of these |
| 52 |
> USE flags, please let me know and I'll reconsider my position. |
| 53 |
> |
| 54 |
|
| 55 |
I don't have them enabled for any packages where they're not IUSE- |
| 56 |
defaulted, and haven't noticed any problems. Not not having a reason to |
| 57 |
do something isn't a good justification to do it. If it ain't broke and |
| 58 |
all that. If anyone wants them set, it's as easy as USE="lzma bzip2 |
| 59 |
zstd", and we are apparently all okay without them. |
| 60 |
|
| 61 |
If you have a good reason to do it for certain packages, setting per- |
| 62 |
package defaults is the way to do it. The base profile defaults are |
| 63 |
only there because we didn't always have per-package defaults. |
| 64 |
|
| 65 |
But, if you really look, I think you'll find that most of these flags |
| 66 |
do completely useless things. Do you REALLY need libpcre to build and |
| 67 |
install you a special executable called "pcregrep-libbz2" that just |
| 68 |
pipes bunzip2 to pcregrep? No, nobody does. And most other uses are |
| 69 |
comparably stupid. |
Archives