1 |
On 02/28/2014 7:47 PM, William Hubbs wrote: |
2 |
> On Sat, Mar 01, 2014 at 12:24:02AM +0000, David Leverton wrote: |
3 |
>> William Hubbs wrote: |
4 |
>>> And I would argue that the maintenance cost of having separate /usr in a |
5 |
>>> general sense is much higher than the benefit it provides. |
6 |
>> |
7 |
>> That's a legitimate point (not that I necessarily agree or disagree as |
8 |
>> I'm not the one who's tried to make it work) - perhaps I should have |
9 |
>> acknowledged that it's still a trade-off. I'm just trying to get rid of |
10 |
>> the meme that whatever benefits do exist somehow don't count because |
11 |
>> they weren't planned in the original Unix design. |
12 |
> |
13 |
> Actually we are digressing heavily (I'm guilty too), the original point |
14 |
> of this thread was about the fhs and how tightly we are supposed to |
15 |
> follow it. |
16 |
> |
17 |
> Patrick thinks that all configuration files belong in /etc, and what has |
18 |
> happened is, some packages are placing default configuration |
19 |
> files in /lib or /usr/lib and allowing them to be overridden by files |
20 |
> with the exact same names and paths in /etc. His argument is that only |
21 |
> libraries belong in /lib or /usr/lib. |
22 |
> |
23 |
> I disagree with this based on understanding how the config system in |
24 |
> these packages works. Also, I don't think a distro should do this type of |
25 |
> patching if the patches are not accepted upstream. |
26 |
|
27 |
Digressing a little myself, but trying to remain on point, the _only_ reason |
28 |
I went with a split-/usr setup many years ago is because, back in the early |
29 |
2000's, BOTH Debian's Security Handbook AND Gentoo's Security Handbook |
30 |
recommended it as an option to enhance system security should all your other |
31 |
defenses get compromised and an attacker gets onto the filesystem. Does it |
32 |
completely and utterly stop all lateral movement? Nope. Probably takes a |
33 |
seasoned attacker all of 2-3mins to get around it. |
34 |
|
35 |
That setup has run great for years. I rarely re-install entire OSes, too, |
36 |
preferring to maintain and upgrade them. I.e., one of my Windows installs |
37 |
is over five years old, having started w/ Vista SP1 and now it's on Win7 |
38 |
SP1. Most people reinstall Windows twice a year because it can become |
39 |
cluttered up so quickly. |
40 |
|
41 |
So when that Freedesktop.org page came out a few years ago and suddenly |
42 |
declared that split-/usr was broken, I just felt snubbed by it. I had |
43 |
7-year old installs that booted just fine. Who were these freedesktop.org |
44 |
people that were dictating that my particular setup was suddenly broken? |
45 |
Call it a case of having my "geek pride" insulted. Like hell I was going to |
46 |
change. |
47 |
|
48 |
But, you know, in reality, they had a point. Original System V UNIX did a |
49 |
lot of weird things that probably made sense decades ago, but don't now. |
50 |
You find this virtually endemic across a lot of OSes, too: |
51 |
|
52 |
- Windows is happy to let you dribble non-OS related files all over C: |
53 |
(which makes backups and OS re-installs a lot of fun) -- this was fine in |
54 |
Win95/Win98, but became more of an issue in XP and up. Nowadays, people |
55 |
usually install the OS to C: and put games/programs on a separate drive |
56 |
entirely. |
57 |
|
58 |
- NetWare seems to roll dice when installing things into the SYS: volume. |
59 |
Some configs are in SYS:\SYSTEM\ETC, Apache lives in SYS:\APACHE2\, and a |
60 |
lot of other bits are encoded into eDirectory attributes (DNS/DHCP configs). |
61 |
|
62 |
- The *BSDs make heavy use of /usr/local for things that can confuse |
63 |
non-BSD users (at first). Even the install locations of Ports varies across |
64 |
the BSDs (FBSD has /usr/ports, DF/BSD has /usr/dports, NBSD has pkgsrc, etc). |
65 |
|
66 |
|
67 |
|
68 |
Anyways, back on point, FHS is more-or-less deprecated. It was reasonable |
69 |
when Linux had a small ecosystem. Now, Linux has a *huge* ecosystem that it |
70 |
operates in. Everything from small, embedded devices to multi-node |
71 |
supercomputing clusters, to servers and desktops. FHS does doesn't scale |
72 |
well to all of those configurations. Android pretty much ignores FHS, from |
73 |
what I can tell. |
74 |
|
75 |
Options really are boiled down to these three: |
76 |
|
77 |
1. Continue to support FHS as much as possible, including patching upstream |
78 |
packages when they violate FHS. |
79 |
|
80 |
2. Ignore FHS entirely and let upstream packages do what they want, within |
81 |
reason (i.e., some patching may be needed depending on if one was running |
82 |
Gentoo/Linux or Gentoo/FreeBSD). |
83 |
|
84 |
3. Develop our own, Gentoo-specific variant of FHS that we use and which |
85 |
suits the particulars of our distribution in a way that we feel is sensible |
86 |
(my choice). Packages are patched as appropriate, after discussion/debate. |
87 |
For all we know, the way an upstream package does something by default |
88 |
might be worth integrating into our FHS design. |
89 |
|
90 |
Further on point #3, we'd have to probably develop a high-level, |
91 |
kernel-agnostic layout that can be modified by kernel-specific differences. |
92 |
I.e., Gentoo/Linux is going to do things one way while Gentoo/FreeBSD is |
93 |
going to do it a different way. Ditto for Hardened or Embedded stuff. |
94 |
|
95 |
-- |
96 |
Joshua Kinard |
97 |
Gentoo/MIPS |
98 |
kumba@g.o |
99 |
4096R/D25D95E3 2011-03-28 |
100 |
|
101 |
"The past tempts us, the present confuses us, the future frightens us. And |
102 |
our lives slip away, moment by moment, lost in that vast, terrible in-between." |
103 |
|
104 |
--Emperor Turhan, Centauri Republic |