On Feb 24, 2014, at 7:56 AM, Poul-Henning Kamp <p...@phk.freebsd.dk> wrote:

> Bullshit.

Sounds like your week didn't get off to a good start.

> You got FreeBSD in there in the first place, there clearly
> is some kind of aperture through which software can migrate.

Yes, we walk in a DVD-ROM with a FreeBSD installation image on it.  This works 
because there is a self-contained installer that contains a very complete 
system.  Certainly enough to build things like file servers and network 
infrastructure machines (dhcp, ntp, other general network services).

Installing ports/pkgs, on the other hand, is a real pain.  For pre-built 
packages, you can build a list of dependencies, download the packages to an 
external machine, copy them to a portable drive, and walk them over to a shared 
filesystem.  This works, provided there are pre-built images of the package and 
its recursive dependency tree (and that they are configured in a way that works 
for your environment).

If the above doesn't work, you have to fall back to ports.  And this is where 
things get really hairy.  Just generating the list of required distfiles is 
problematic.  'make fetch-recursive-list' will give you a script to run to pull 
down the direct build dependencies, but this misses run-time dependencies.  
Generating that list takes a lot of manual work, and is *very* time consuming.

The increasing focus on securing systems from network attacks in only 
increasing the number of air-gapped environments (and I know this from first 
hand experience).  The sort of massive unbundling that a few people are tossing 
around here has the potential to exponentially increase the workload of people 
operating in the environments I have witnessed (and worked in).  I want them to 
realize that there are ramifications to those sort of changes that need to be 
taken into consideration.

These days UNIX tends to be single-user environment, for the most part.  
Because of that it is very easy for people to get into the mindset that "if I 
don't use it, nobody else uses it," and thus losing sight of the whole being so 
much greater than the sum of its parts.

That said, I can understand wanting to unbundle some of the very complex but 
lesser used components (e.g. bind).  But there's always a balancing act to be 
performed here.  Making every command in /usr/bin its own package serves 
nobody.  (Yes, I exaggerate to make a point.)


Attachment: signature.asc
Description: Message signed with OpenPGP using GPGMail

Reply via email to