On 24/06/2015 14:23, behrouz khosravi wrote: > > Here's some good advice: > > Don't do that. See below. > > > Oops! I have done it and I am happy so far !
Wait a little longer :-) I predict within 2 weeks you'll be posting back about some completely baffling problem and we'll have a huge thread to help fix it for you. But such id how mailing lists work. Keep Q's advice in mind - when posting, *always* state up front in caps that you have over-ridden USE > > That's a bit of a nonsensical line of thought, as what you think you > want doesn't really exist. > > > I think you misunderstood me! for example adding CPU specific flags is a > good idea right? Getting your flags right for your CPU is always a very good idea, it's one of the main things Gentoo is built for. Binary distros can't easily do this for you (way too many variations) but a source-distro like Gentoo can do it with ease. It is a very good example of where a source distro truly shines and a valid case of optimizing your binaries. It's the exact opposite of ricing. > I meant something like that. For example is it wise to enable opengl > flag globally ? is it helpful to do so? If you need opengl, enable it. If you don't need opengl, disable it. If you have some softare that *requires* opengl to work, well then you better enable it. There's no correct answer to your question, you should instead be asking "Do I need and/or want opengl?" and before that ask "What is opengl anyway?" No doubt a bunch of folks will weigh in here telling you why opengl is/isn't an awesome idea. But you still have to ask and answer those questions for yourself. > > > > What do you recommend ? > > DO NOT SET "USE=-*" > > > As I said before I have done it and I totally recommend it to anyone > interested to get a better understanding of user land. For experts, yes. To be blunt, you are not an expert, not even close. But hey, it's your system and your time you'll expend. If you break it, you get to keep all the little tiny shards. > > > > Pick a profile that suits what you want to use the computer for. > > You have a desktop? Pick a suitable desktop profile. Don't pick a KDE > one unless oyu use KDE for instance (all that does is set some KDE flags > (like semantic-desktop or baloo or whatever they call it now) and force > some KDE packages to be merged. It doesn't change the underlying way > things work. > > > desktop profiles are very big for my taste. In fact I have been using > KDE for about a year on the default (basic) profile. > I have compiled the KDE with KDE profile and I have witnessed the > differences with my own eyes. And what difference is that? There is very little difference between a desktop profile with KDE installed, and a KDE profile that includes KDE. I have firefox installed. It runs. There isn't a "firefox profile" but if there was, I expect to see very little difference between that and what I currently have. Unless you are complaining about a profile that emerged every known KDE app under the sun, when what you actually wanted was just the few KDE apps you really use minus all the semantic desktop and akonadi fluff. There's a huge difference there. That's how my main machine is set up, and why I don't use the KDE profile. > > > I very much doubt you can "increase security" by picking some USE flags. > There is no > USE="open-me-up-to-the-world" > or > USE="rock-solid-nsa-proff-tight" > USE flags :-) > > So what security features do you need or want? > Figure that out and then set the system up to provide that. You will get > what you want. > > Well I know there is no USE flag like that! I am not that stupid but I > remember that I have read somewhere(unfortunately I dont remember where) > that disabling some use flags will degrade the security of system. Of course that can happen, but it's nowhere near as simple as you imply. As with everything else in life, the truth is always considerably more complex than you think. USE does not enable or disable security. USE enables or disables specific features in software, usually features that are configured at build time. These features can have side-effects that relate to security. Or to accessibility. Or to look and feel. Or to semantic desktop fluff. Or to the ability to print. Or to any other aspect of software you care to mention. Take for example PAM - that's a security-related optional feature. You can disable it entirely if you like but then you lose the security features of PAM (specifically, the ability to specify exactly how you want authentication and authorization to be done leaving you only with the basic username/password scheme). Maybe you want that, maybe you don't. But nobody can tell you that the setting of the USE flag will improve or degrade your security stance. It's just not that simple. You have to look at the flag, and understand what it means. Then look at the software that uses it and understand what difference it makes *to that software*. Then decide what the impact of those differences are going to be *in your case*. And every case is different. -- Alan McKinnon [email protected]
