Ok, preliminary work on your-system-santiy went well. And got a surprising amount of interest from users considering that it was just in testing.
I'm writing to the dev list to get input and kick the ball around on your-system-sanity before continuing. Things that I'd like to have solidly defined before proceeding are: scope - What do we want your-system-sanity to cover. My goal was to have it cover Third Party Package Managers (TPPMs) that are dangerous to the health of the users system python-pip is a leading example of this. The way it currently is, it install over system files often creating a real mess (I'll address actually fixing the TPPMs behaviours later). Which TPPMs fall into this category is up for discussion (Rust/cargo, Ruby/gems, perl/cpan, etc/etc). Do we warn about all TPPMs or do we only concern ourselves with the ones that Bork the system by default. Do we worry about TPPMs that offer non-free or should those be handled by the regular blacklist.txt Several users were wanting games with the built in ability to download non-free culture assets. I feel this is beyond that scope of your-system-sanity as it's purpose is system stability. What work needs to be done outside of the package itself. As I added gems to the initial list in your-system-sanity I had to rebuild ruby so the depend on gems was optional. I haven't looked at the Rust build yet as it is an Arch package but I do not see a separate cargo package. That would need to be addressed. Probably others. As I imagines this being part of base/base-openrc there is some concern that it could break builds in abslibre as it may effect their depends or the ability to build things if they require things like cargo,gems,maven,etc. This may actually be a desirable outcome as things shouldn't be using things like maven to pull in other source files during the build stage. bill-auger correctly pointed out that the best thing to ultimately do is get the TPPMs fixed upstream so the install into /usr/local/ or the users home dir. This may be an uphill battle as there is a strong pull everything from everywhere culture out there and so there may not be much interest in making it right. I did some digging and there is a BUG for PIP re: defaulting to /usr/local/ that has been going on for years, closed, re-opened, and on and on with no real concrete outcome I could see. Though it did seem that they added some ./configure options or the like to change how it behaves (I'll have to find it again. Will post it here when I do). As for the games/non-free assets downloading situation I personally feel that that is something better addressed with the existing blacklist (recommends-nonfree) or the like. So Let the input fly.. :)
signature.asc
Description: Digital signature
_______________________________________________ Dev mailing list [email protected] https://lists.parabola.nu/mailman/listinfo/dev
