1 |
Róbert Čerňanský posted on Sun, 25 Jan 2015 14:27:50 +0100 as excerpted: |
2 |
|
3 |
> On Sun, 25 Jan 2015 04:29:43 +0000 (UTC) |
4 |
> Duncan <1i5t5.duncan@×××.net> wrote: |
5 |
>> [...] |
6 |
> |
7 |
> More frequent updates is most likely the reason that you do not have to |
8 |
> edit use flags every time. |
9 |
|
10 |
With the information below, seems like it. |
11 |
|
12 |
> I update every 2-4 months (only GLSAs in between) therefore my |
13 |
> experience is that I have to edit it every time (not for GLSAs of |
14 |
> course). |
15 |
|
16 |
I'd worry about that. |
17 |
|
18 |
Frankly, I think the GLSAs are often too slow to come out, but I'm |
19 |
honestly not sure what could practically be done to fix it. The problem |
20 |
(as I understand/see it) is that by policy the GLSAs don't get released |
21 |
until all security-handled archs have stable-keyworded the fixed package- |
22 |
version, and some of those security-supported archs are underpowered and/ |
23 |
or undermanned and simply take longer than I'd consider ideal to do that |
24 |
keywording, even at security-priority. But the only real and practical |
25 |
fix would be either GLSA's per-arch as they stabilize, and accepting that |
26 |
such a policy means the slow archs /will/ be sitting there exposed |
27 |
without a stabilized fix or GLSA, OR a GLSA-on-first-stable policy, and |
28 |
accept that archs behind the first to stable would be getting GLSAs |
29 |
suggesting fixed packages that might not actually be tested and |
30 |
stabilized for a month on some affected archs. |
31 |
|
32 |
The result of the current policy is that if you're waiting for the GLSA, |
33 |
unless it's _extreme_ priority (heartbleed level), on at least amd64, |
34 |
you're very often sitting there exposed for well over a week, and too |
35 |
often a month, after the fix is out there, actually installed on /my/ |
36 |
systems. And to me that's a game of Russian Roulette odds that I'm |
37 |
simply not willing to play. |
38 |
|
39 |
If you're going to do security-updates only, at least follow a good |
40 |
notification service (LWN's daily security updates notices are a start, |
41 |
if you compare against what you have installed on gentoo), and grab the |
42 |
corresponding gentoo updates before the GLSAs. At least then, if it's at |
43 |
least high enough priority to hit the news, you'll have it manually |
44 |
installed and won't be sitting there with your *** hanging out for weeks |
45 |
at a time! |
46 |
|
47 |
> |
48 |
>> 2) My global USE= starts with -*. I got tired of worrying about what |
49 |
> [...] |
50 |
> More or less same here, except -* as the default. I trust developers |
51 |
> that they are choosing wisely in profile and ebuilds. ;-) |
52 |
|
53 |
It's not that I don't trust 'em. I'm running their ebuilds as root, |
54 |
after all. =:^) |
55 |
|
56 |
It's more the certainty of knowing however it's set, I set it that way, |
57 |
and other than a flag name change or add/remove, it's going to stay that |
58 |
way unless I change it. Also, figuring out where a tree default comes |
59 |
from isn't as easy or intuitive as it might be. Both the profiles and |
60 |
the ebuilds (with eclasses) cascade, and while I agree with doing it that |
61 |
way (I was around before cascading profiles and when eclasses were much |
62 |
simpler than they are today, and believe me, this way's easier/better!), |
63 |
it doesn't make looking up things easier. |
64 |
|
65 |
FWIW I negate my entire @system set and thus have an empty @system, with |
66 |
some otherwise @system packages in @world, and a few simply not installed |
67 |
as such, for similar reasons. I want to control it myself. |
68 |
|
69 |
Plus, after setting -* in my use file, all the -flag entries in the file |
70 |
could go away. MUCH cleaner USE file now! =:^) And it turned out there |
71 |
actually weren't that many changes after that, because I had negated |
72 |
profile or IUSE defaults enough already, with package.use where it |
73 |
deviated, that -* ended up being a rather large simplification of the use |
74 |
file itself, with few actual flag changes. =:^) |
75 |
|
76 |
The one thing I /do/ need to be aware of, now, is that I /don't/ |
77 |
automatically see IUSE defaults in the various packages. Thus, on new |
78 |
packages or major upgrades that significantly change USE flags, when I'm |
79 |
in doubt on a flag, I do occasionally actually check the ebuild, to see |
80 |
whether the maintainer considered it important enough to use-default it |
81 |
on. |
82 |
|
83 |
>> When I set such an entry, I prefix a comment line with the date and an |
84 |
>> explanation of WHY the entry needs to be there, different from my |
85 |
>> normal default settings. Sometimes, it's due to a bug, and a couple |
86 |
>> versions later I can go thru and test with that entry commented, to see |
87 |
>> if the bug is fixed, yet. Other times it's due to a use-dep from some |
88 |
>> other package I have installed. Both qt and kde tend to have |
89 |
> |
90 |
> This where we get to the point. If you set USE flag because of a bug or |
91 |
> because of dependency it is not because you *want to* but because you |
92 |
> *have to* (or portage *needs to*). Therefore you need to add a comment |
93 |
> WHY you did it. |
94 |
> |
95 |
> For example I have -doc in make.conf because I do *not want* docs |
96 |
> globally. But I have 'dev-lang/python doc' in package.use because I |
97 |
> develop in Python and *want* the documentation for it. Such entry does |
98 |
> not need a comment, because I simply know what I want. |
99 |
|
100 |
My comment for the latter is generally along the lines of "I want docs |
101 |
for this", or "docs here are useful". |
102 |
|
103 |
Here, it's justifying the non-default with documentation. It doesn't |
104 |
matter so much whether it's a non-default I want specifically, or one |
105 |
that was forced on me, there's a reason I set my USE flags as I do, and |
106 |
deviating from that needs justification, so I provide it... in a way that |
107 |
makes sense to me, at least. I'd not expect those "docs are useful here" |
108 |
comments to make much sense to others, as it's begging the question (in |
109 |
the legal and original Latin circular reasoning sense). But it's |
110 |
justification for the non-default, to me. |
111 |
|
112 |
> Another example. I have -python globally and have been using |
113 |
> app-mobilephone/gammu. Now I want to emerge app-mobilephone/wammu. But |
114 |
> it needs +python for gammu, so I *have to* set 'app-mobilephone/gammu |
115 |
> python' in package.use. In this case I also add a comment which |
116 |
> explains the reason because it is not what *I want* it is what *portage |
117 |
> needs*. |
118 |
> |
119 |
>> Regardless of why it's there, however, because only non-default entries |
120 |
>> are in package.use, they're the obvious exception. |
121 |
> |
122 |
> You somehow do not distinguish between those two types of exceptions |
123 |
> explained in examples above. |
124 |
|
125 |
Because to me, it's the exception that matters. I document it, and when |
126 |
the reason goes away, so can the exception, but whether it's an exception |
127 |
forced on me by upstream or one I want, like docs for some particular |
128 |
package, it's an exception to a rule that's there for a reason, and that |
129 |
exception needs documentation. |
130 |
|
131 |
|
132 |
But bottom line back on the original debate on every-update USE flag |
133 |
changes, yeah, if you're updating only every 2-4 months, then yes, I |
134 |
could see that being flag changes every update. Update frequency is the |
135 |
(formerly) mystery reason for the difference, at least the main one! |
136 |
|
137 |
-- |
138 |
Duncan - List replies preferred. No HTML msgs. |
139 |
"Every nonfree program has a lord, a master -- |
140 |
and if you use the program, he is your master." Richard Stallman |