| 1 |
On Thu, Mar 9, 2017 at 6:59 AM, Marvin Gülker <m-guelker@×××××××××××.de> wrote: |
| 2 |
> |
| 3 |
> With Arch, it's different. The no-systemd people need to run after all |
| 4 |
> cahnges made by the Arch team, and then place their own changes on top |
| 5 |
> of that. This creates certainly a lot of work, and certainly requires a |
| 6 |
> lot of manpower, which I am not sure these people have available. This, |
| 7 |
> in consequence, leads me to security considerations. How quickly do |
| 8 |
> security problem fixes propagate to arch-openrc? |
| 9 |
|
| 10 |
Honestly, as somebody who monitors all the systemd bugs on Gentoo it |
| 11 |
isn't actually that much work, and I suspect that it wouldn't be that |
| 12 |
much work maintaining openrc scripts on Arch. I doubt they rename the |
| 13 |
apache binary 3x per year, or move its location around the filesystem. |
| 14 |
If anything systemd is a bit more of a moving target since we started |
| 15 |
with distro-built scripts and have largely moved towards |
| 16 |
upstream-provided ones, while also dealing with changes in systemd |
| 17 |
itself (the latter has more to do with support for more features or |
| 18 |
changes in conventions than actual breakage). |
| 19 |
|
| 20 |
Now, systemd on Gentoo vs openrc on Arch might not be equivalent, |
| 21 |
since on Gentoo we are a bit more accustomed to heterogeneous |
| 22 |
environments and the way we maintain packages is structured around |
| 23 |
this. Systemd on Gentoo also has the advantage of more upstream |
| 24 |
support, since a LOT of packages have upstream-provided units that get |
| 25 |
installed by the build scripts. |
| 26 |
|
| 27 |
-- |
| 28 |
Rich |
Archives