Re: [gentoo-dev] Policy regarding enabling IUSE defaults application in ebuild
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Maciej Mrozowski wrote: Hi I'd like to raise your attention on problem of in my opinion overusing IUSE defaults in various packages. Currently there seems to be no policy whatsoever at least advising when it's appropriate to add +useflag and when not, so it's just up to developer's taste. While it usually doesn't do any particular harm (but I guess security and prefix/alt team won't agree on this) - insanely enabling everything by default is not the best idea in my opinion. Of course we need an example. Let's have a look at latest stable media- video/mplayer-1.0_rc2_p20090322 ebuild: IUSE=3dnow 3dnowext +a52 +aac aalib +alsa altivec +amrnb +amrwb arts +ass bidi bindist bl +cddb +cdio cdparanoia -cpudetection -custom-cflags -custom-cpuopts debug dga +dirac directfb doc +dts +dv dvb +dvd +dvdnav dxr3 +enca +encode esd +faac +faad fbcon ftp gif ggi -gtk +iconv ipv6 jack joystick jpeg kernel_linux ladspa libcaca lirc +live lzo mad md5sum +mmx mmxext mng +mp2 +mp3 musepack nas +nemesi +network openal +opengl oss png pnm pulseaudio pvr +quicktime radio +rar +real +rtc -samba +schroedinger sdl +speex sse sse2 ssse3 svga teletext tga +theora +tremor +truetype +unicode v4l v4l2 vdpau vidix +vorbis -win32codecs +X +x264 xanim xinerama +xscreensaver +xv +xvid xvmc zoran moreover, there are certain USE flags that do not make sense in IUSE=+flag. for example alsa: if I use alsa, I want alsa globally enable in /etc/make.conf if I not use it (e.g. not in my profile) why should I explicitly put - -alsa in $USE? this may lead to an explosion of -flag flags in $USE. probably this example falls back into the flag which pulls dependencies case, but it is one more argument. configure scripts already have default values for the configure switches, and ebuilds should try to follow the defaults by putting +flag where needed, but with some exceptions (maybe on a flag-by-flag basis, or -more generally- by use-case, like you just wrote) - -- mescali...@g.o -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.11 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkoz2rMACgkQV/B5axfzrPs1dACeKIfPZ6XMRlD4Nf6L5s9WyCw5 uukAoKVmF2OMSykUhKwQ7aR5vR4j/+Nz =LuUh -END PGP SIGNATURE-
[gentoo-dev] Policy regarding enabling IUSE defaults application in ebuild
Hi I'd like to raise your attention on problem of in my opinion overusing IUSE defaults in various packages. Currently there seems to be no policy whatsoever at least advising when it's appropriate to add +useflag and when not, so it's just up to developer's taste. While it usually doesn't do any particular harm (but I guess security and prefix/alt team won't agree on this) - insanely enabling everything by default is not the best idea in my opinion. Of course we need an example. Let's have a look at latest stable media- video/mplayer-1.0_rc2_p20090322 ebuild: IUSE=3dnow 3dnowext +a52 +aac aalib +alsa altivec +amrnb +amrwb arts +ass bidi bindist bl +cddb +cdio cdparanoia -cpudetection -custom-cflags -custom-cpuopts debug dga +dirac directfb doc +dts +dv dvb +dvd +dvdnav dxr3 +enca +encode esd +faac +faad fbcon ftp gif ggi -gtk +iconv ipv6 jack joystick jpeg kernel_linux ladspa libcaca lirc +live lzo mad md5sum +mmx mmxext mng +mp2 +mp3 musepack nas +nemesi +network openal +opengl oss png pnm pulseaudio pvr +quicktime radio +rar +real +rtc -samba +schroedinger sdl +speex sse sse2 ssse3 svga teletext tga +theora +tremor +truetype +unicode v4l v4l2 vdpau vidix +vorbis -win32codecs +X +x264 xanim xinerama +xscreensaver +xv +xvid xvmc zoran Personally I'd really like to hear some explanation from maintainers about the reasons mplayer needs all those dependencies or why they are *really* recommended for every user of *any* profile (let me remind this). But thats's not the point - the point is, Gentoo probably needs some policy to advise, when some newly added USE flags are appropriate to be enabled by default. I suggest as follows: - When newly added USE flag makes already provided feature optional - needs to be enabled by default (this is required to make package feature set somewhat invariant after update) - When newly added USE flag adds new feature that is considered very common (that's tricky part and decision should be always made by herd, not individual developer) *but* *does* *not* *pull* *any* *dependencies* - enable by default - in any other case *do* *not* *enable* by default - (why? because I use it so I'll enable it by default is not enough of an explanation) What's the opinion on that? I guess we need some policy or at least some suggestion mentioned in devmanual - really.. -- regards MM signature.asc Description: This is a digitally signed message part.
Re: [gentoo-dev] Policy regarding enabling IUSE defaults application in ebuild
On Monday 08 June 2009 16:12:23 Maciej Mrozowski wrote: I'd like to raise your attention on problem of in my opinion overusing IUSE defaults in various packages. Currently there seems to be no policy whatsoever at least advising when it's appropriate to add +useflag and when not, so it's just up to developer's taste. the loose policy is to have the defaults follow what upstream intended. otherwise, it is left up to the maintainer on purpose -- they're supposed to know best. While it usually doesn't do any particular harm (but I guess security and prefix/alt team won't agree on this) - insanely enabling everything by default is not the best idea in my opinion. Of course we need an example. Let's have a look at latest stable media- video/mplayer-1.0_rc2_p20090322 ebuild: mplayer and friends is a bad example. upstream wants a lot of things enabled by default. But thats's not the point - the point is, Gentoo probably needs some policy to advise, when some newly added USE flags are appropriate to be enabled by default. we already have one -mike
Re: [gentoo-dev] Policy regarding enabling IUSE defaults application in ebuild
On Monday 08 June 2009, Maciej Mrozowski wrote: ... While it usually doesn't do any particular harm (but I guess security and prefix/alt team won't agree on this) - insanely enabling everything by default is not the best idea in my opinion. The Security Team supports all use flag combinations, even those not enabled by default. Masked use flags are not supported. As far as proactively disabling certain codecs go, that certainly exploits of certain (disabled) codecs. However, if the user was tricked into downloading a file and will see that he cannot play it due to a missing codec, he might just enable that use flag and rety. The only way to be safe is to minimize the untrusted input to your application, keep it updated, and employ other means of hardening (privilege separation). Of course we need an example. Let's have a look at latest stable media- video/mplayer-1.0_rc2_p20090322 ebuild: ... Personally I'd really like to hear some explanation from maintainers about the reasons mplayer needs all those dependencies or why they are *really* recommended for every user of *any* profile (let me remind this). You should see the list of referenced bug reports in the ChangeLog for an explanation: https://bugs.gentoo.org/show_bug.cgi?id=260588 As stated there, all internally supported codecs are enabled, and only very few default USE flags require external deps. But thats's not the point - the point is, Gentoo probably needs some policy to advise, when some newly added USE flags are appropriate to be enabled by default. I suggest as follows: - When newly added USE flag makes already provided feature optional - needs to be enabled by default (this is required to make package feature set somewhat invariant after update) - When newly added USE flag adds new feature that is considered very common (that's tricky part and decision should be always made by herd, not individual developer) *but* *does* *not* *pull* *any* *dependencies* - enable by default - in any other case *do* *not* *enable* by default - (why? because I use it so I'll enable it by default is not enough of an explanation) What's the opinion on that? I guess we need some policy or at least some suggestion mentioned in devmanual - really.. I am in favor of applying common sense (hah!). An application (and an OS, in general) in the default config should run the common use cases, and some more. It's just as easy to remove a use flag as it is to enable it. And personally, I hate having to enable USE=png on all my desktop machines so I can use a desktop background. Just as much as I hate downloading some video and realizing I forgot to add USE=schroedinger for mplayer, and then wait for a recompile before the fun. Robert signature.asc Description: This is a digitally signed message part.
Re: [gentoo-dev] Policy regarding enabling IUSE defaults application in ebuild
Maciej Mrozowski wrote: While it usually doesn't do any particular harm (but I guess security and prefix/alt team won't agree on this) - insanely enabling everything by default The Prefix team does not care either way. is not the best idea in my opinion. Of course we need an example. Let's have a look at latest stable media- video/mplayer-1.0_rc2_p20090322 ebuild: IUSE=3dnow 3dnowext +a52 +aac aalib +alsa altivec +amrnb +amrwb arts +ass bidi bindist bl +cddb +cdio cdparanoia -cpudetection -custom-cflags -custom-cpuopts debug dga +dirac directfb doc +dts +dv dvb +dvd +dvdnav dxr3 +enca +encode esd +faac +faad fbcon ftp gif ggi -gtk +iconv ipv6 jack joystick jpeg kernel_linux ladspa libcaca lirc +live lzo mad md5sum +mmx mmxext mng +mp2 +mp3 musepack nas +nemesi +network openal +opengl oss png pnm pulseaudio pvr +quicktime radio +rar +real +rtc -samba +schroedinger sdl +speex sse sse2 ssse3 svga teletext tga +theora +tremor +truetype +unicode v4l v4l2 vdpau vidix +vorbis -win32codecs +X +x264 xanim xinerama +xscreensaver +xv +xvid xvmc zoran Personally I'd really like to hear some explanation from maintainers about the reasons mplayer needs all those dependencies or why they are *really* recommended for every user of *any* profile (let me remind this). But thats's not the point - the point is, Gentoo probably needs some policy to advise, when some newly added USE flags are appropriate to be enabled by default. I suggest as follows: - When newly added USE flag makes already provided feature optional - needs to be enabled by default (this is required to make package feature set somewhat invariant after update) - When newly added USE flag adds new feature that is considered very common (that's tricky part and decision should be always made by herd, not individual developer) *but* *does* *not* *pull* *any* *dependencies* - enable by default - in any other case *do* *not* *enable* by default - (why? because I use it so I'll enable it by default is not enough of an explanation) What's the opinion on that? I guess we need some policy or at least some suggestion mentioned in devmanual - really.. IUSE defaults or USE defaults in profiles..Either way...someone will complain. This is why you can disable flags in package.use, *or* select a non-desktop profile. meh.. -Jeremy
Re: [gentoo-dev] Policy regarding enabling IUSE defaults application in ebuild
On Monday 08 June 2009 18:25:18 Robert Buchholz wrote: And personally, I hate having to enable USE=png on all my desktop machines so I can use a desktop background eh ? USE=png is in all default desktop profiles ... -mike signature.asc Description: This is a digitally signed message part.