Gentoo Archives: gentoo-user

From: Alan McKinnon <alan.mckinnon@×××××.com>
To: gentoo-user@l.g.o
Subject: Re: [gentoo-user] necessary use flgas
Date: Thu, 25 Jun 2015 08:29:40
Message-Id: 558BBBEB.6090008@gmail.com
In Reply to: Re: [gentoo-user] necessary use flgas by behrouz khosravi
1 On 24/06/2015 14:23, behrouz khosravi wrote:
2 >
3 > Here's some good advice:
4 >
5 > Don't do that. See below.
6 >
7 >
8 > Oops! I have done it and I am happy so far !
9
10 Wait a little longer :-)
11
12 I predict within 2 weeks you'll be posting back about some completely
13 baffling problem and we'll have a huge thread to help fix it for you.
14 But such id how mailing lists work.
15
16 Keep Q's advice in mind - when posting, *always* state up front in caps
17 that you have over-ridden USE
18
19 >
20 > That's a bit of a nonsensical line of thought, as what you think you
21 > want doesn't really exist.
22 >
23 >
24 > I think you misunderstood me! for example adding CPU specific flags is a
25 > good idea right?
26
27 Getting your flags right for your CPU is always a very good idea, it's
28 one of the main things Gentoo is built for. Binary distros can't easily
29 do this for you (way too many variations) but a source-distro like
30 Gentoo can do it with ease.
31
32 It is a very good example of where a source distro truly shines and a
33 valid case of optimizing your binaries. It's the exact opposite of ricing.
34
35 > I meant something like that. For example is it wise to enable opengl
36 > flag globally ? is it helpful to do so?
37
38 If you need opengl, enable it.
39 If you don't need opengl, disable it.
40 If you have some softare that *requires* opengl to work, well then you
41 better enable it.
42
43 There's no correct answer to your question, you should instead be asking
44 "Do I need and/or want opengl?" and before that ask "What is opengl anyway?"
45
46 No doubt a bunch of folks will weigh in here telling you why opengl
47 is/isn't an awesome idea. But you still have to ask and answer those
48 questions for yourself.
49
50 >
51 >
52 > > What do you recommend ?
53 >
54 > DO NOT SET "USE=-*"
55 >
56 >
57 > As I said before I have done it and I totally recommend it to anyone
58 > interested to get a better understanding of user land.
59
60 For experts, yes.
61
62 To be blunt, you are not an expert, not even close.
63
64 But hey, it's your system and your time you'll expend. If you break it,
65 you get to keep all the little tiny shards.
66
67 >
68 >
69 >
70 > Pick a profile that suits what you want to use the computer for.
71 >
72 > You have a desktop? Pick a suitable desktop profile. Don't pick a KDE
73 > one unless oyu use KDE for instance (all that does is set some KDE flags
74 > (like semantic-desktop or baloo or whatever they call it now) and force
75 > some KDE packages to be merged. It doesn't change the underlying way
76 > things work.
77 >
78 >
79 > desktop profiles are very big for my taste. In fact I have been using
80 > KDE for about a year on the default (basic) profile.
81 > I have compiled the KDE with KDE profile and I have witnessed the
82 > differences with my own eyes.
83
84 And what difference is that? There is very little difference between a
85 desktop profile with KDE installed, and a KDE profile that includes KDE.
86
87 I have firefox installed. It runs. There isn't a "firefox profile" but
88 if there was, I expect to see very little difference between that and
89 what I currently have.
90
91 Unless you are complaining about a profile that emerged every known KDE
92 app under the sun, when what you actually wanted was just the few KDE
93 apps you really use minus all the semantic desktop and akonadi fluff.
94 There's a huge difference there. That's how my main machine is set up,
95 and why I don't use the KDE profile.
96
97 >
98 >
99 > I very much doubt you can "increase security" by picking some USE flags.
100 > There is no
101 > USE="open-me-up-to-the-world"
102 > or
103 > USE="rock-solid-nsa-proff-tight"
104 > USE flags :-)
105 >
106 > So what security features do you need or want?
107 > Figure that out and then set the system up to provide that. You will get
108 > what you want.
109 >
110 > Well I know there is no USE flag like that! I am not that stupid but I
111 > remember that I have read somewhere(unfortunately I dont remember where)
112 > that disabling some use flags will degrade the security of system.
113
114 Of course that can happen, but it's nowhere near as simple as you imply.
115
116 As with everything else in life, the truth is always considerably more
117 complex than you think. USE does not enable or disable security. USE
118 enables or disables specific features in software, usually features that
119 are configured at build time.
120
121 These features can have side-effects that relate to security. Or to
122 accessibility. Or to look and feel. Or to semantic desktop fluff. Or to
123 the ability to print. Or to any other aspect of software you care to
124 mention.
125
126 Take for example PAM - that's a security-related optional feature. You
127 can disable it entirely if you like but then you lose the security
128 features of PAM (specifically, the ability to specify exactly how you
129 want authentication and authorization to be done leaving you only with
130 the basic username/password scheme). Maybe you want that, maybe you
131 don't. But nobody can tell you that the setting of the USE flag will
132 improve or degrade your security stance.
133
134 It's just not that simple.
135
136 You have to look at the flag, and understand what it means. Then look at
137 the software that uses it and understand what difference it makes *to
138 that software*. Then decide what the impact of those differences are
139 going to be *in your case*. And every case is different.
140
141
142 --
143 Alan McKinnon
144 alan.mckinnon@×××××.com