Le 22/05/19 à 01:45, Dmitry Bogatov a écrit :
[2019-05-18 15:00] Laurent Bigonville<bi...@debian.org>
I've seen that in your commit, I just don't understand why this is even
a goal.
Because I do not want to pay for what I do not use. It is matter of good
design and Unix way.
libselinux is really small and only pulls libpcre3 which is pulled by
grep (which is Essential). It's not possible today to install debian
without libselinux installed anyway.
Path of a thousand miles starts with a single step.
Also, what's your plan regarding packaging? Would that executable be
put in a separate package?
Yes, that the plan.
So let's be it clear for the record. I'll personally oppose all patches
that would undermine the consistency and the experience of using SELinux
in debian.
As a distribution, debian has historically always been on the side of
enabling as many build options as possible to provide by default the
"full experience" to the users. I think that good and consistent
integration of different options and technologies is more beneficial for
our users than winning 205kb on the default installation (libpcre is
already pulled by grep and the sysvinit dependency against libsepol can
be dropped).
Also, removing selinux support by default would require many packages to
create different flavors (which is usually a big no-no in debian).
If people feel the urge of removing libselinux library (or other
libraries starting with "libs") from their system that still something
that could be done on their side at their cost ; especially that the
current situation exists for more than 10 years (SELinux support is
enabled by default in sysvinit and other base packages like PAM since
2005) and is absolutely not causing any issues what's however to the
users not enabling SELinux on their system (the library is a noop in
that case).
