On Sun, Aug 22, 2021 at 7:18 PM antlists <antli...@youngman.org.uk> wrote: > > On 22/08/2021 22:59, Canek Peláez Valdés wrote: > > On Sun, Aug 22, 2021 at 3:32 PM <k...@aspodata.se > > <mailto:k...@aspodata.se>> wrote: > > [...] > > > > I'll be looking into that, but on some level, why should I be forced to > > go around udev. Can't programs be compiled without udev today... > > > > > > Yes, they can, if you (or someone else) write the necessary code, debug > > it, maintain it and keep it up to date and fix vulnerabilities and other > > errors that inevitably will appear, as it does with every piece of software. > > What you're missing, is that this code IS NOT USED. > > The OP wants to delete a load of code from his system precisely to > ELIMINATE vulnerabilities. If the code ain't there, it don't need fixing. > > Yes I take your point, but bloat is bloat, and bloat is a liability. >
Sure, and if it is that easy to remove then it won't be a huge time commitment for you to maintain your own private fork of the software. Still, somebody has to do the work, and since the number of people who don't have udev installed is pretty small, chances are it won't be somebody else. Of course, you can release your fork as FOSS so that others can benefit from it. Keep in mind that even just removing code does incur the risk of making mistakes, and at some point maintaining a fork that almost nobody uses also has some risk to it. Don't really want to get into a completely hypothetical argument about which is worse - obviously the devil is in the details. This is likely why upstreams are mostly not interested in supporting building without a requirement of udev. -- Rich
