Re: [OBORONA-SPAM] Re: [gentoo-user] Is Gentoo dead?

[Dale]

Neil Bothwick wrote:
> On Wed, 6 May 2020 22:31:54 -0500, Dale wrote:
>
>> There used to be a package that caused some serious problems with
>> upgrades.  It was really tricky but I can't recall the name of it since
>> it was ages ago.
> expat? I recall that causing some hair loss.
>
>


It's possible but it doesn't ring a bell.  I recall that the devs did a
guide for the upgrade.  We didn't have the news thingy at the time so
people sort of ran into it like a train hitting a concrete wall.  It
could get ugly real fast. 

Dale

:-)  :-) 

Re: [OBORONA-SPAM] Re: [gentoo-user] Is Gentoo dead?

[Neil Bothwick]

On Wed, 6 May 2020 22:31:54 -0500, Dale wrote:

> There used to be a package that caused some serious problems with
> upgrades.  It was really tricky but I can't recall the name of it since
> it was ages ago.

expat? I recall that causing some hair loss.


-- 
Neil Bothwick

"Ubuntu" is an ancient African word, meaning "I can't configure
Slackware".


pgpe_Y7voVbYu.pgp
Description: OpenPGP digital signature

Re: [OBORONA-SPAM] Re: [gentoo-user] Is Gentoo dead?

[Caveman Al Toraboran]

On Thursday, May 7, 2020 6:35 AM, Rich Freeman  wrote:

> On Wed, May 6, 2020 at 10:14 PM Caveman Al Toraboran
> toraboracave...@protonmail.com wrote:
>
> > are you referring to python's dependence on expat
> > and glibc?
>
> More like bash's dependence. Well, and in the case of glibc just
> about everything. When those break you're basically stuck recovering
> from a rescue disk.

or have sash somewhere around?

> Fortunately we haven't had glibc/gcc break ABI in quite a while, and
> preserved-rebuild covers a lot of the other issues.
>
> In any case, if you have a solution other than statically building
> half the system I'm sure patches will be welcome. FWIW Gentoo is
> about as hassle-free to use as it has ever been. It isn't debian
> stable, and it is unlikely to ever be that way...

why not?  surely not as a 1st step, but it's not
like 50% of the system apps are sacred or
anything.

imo right approach is this:

1. make portage statically linked.  enjoy the
   removed python inconveniences.

2. if the bottleneck of inconvenience becomes
   bash's use glibc (a great milestone to
   celebrate btw), then we see how to fix that.

3. a component at a time, we eventually approach
   linux utopia.

``step (1) is not a utopia yet'' is no excuse to
not start the journey of removing inconveniences.

Re: [OBORONA-SPAM] Re: [gentoo-user] Is Gentoo dead?

[Caveman Al Toraboran]

On Thursday, May 7, 2020 7:31 AM, Dale  wrote:

> Rich Freeman wrote:
>
> OP, odds are the emerge failure is what triggered the problem.  If it had
> completed without failure, it would likely have been a clean update.  This is
> why I set up a chroot and do my updates there and use the -k option to
> install on my actual system.  It takes very little time and so far, no
> breakages on my real system.  If any thing fails, it's more likely to be in
> the chroot which won't hurt anything. If you able, may be a option worth
> thinking about for yourself as well. 
>
> Dale
>
> :-)  :-)

ya.  i said it already.  emerge's update failed
with some package midways (some package needed
some USE flag change), but then layman stopped
working in this incomplete state.

also the issue was simple.  but i pointed out that
the inconvenience of having a fancy dependency on
a pms is still there.

Re: [OBORONA-SPAM] Re: [gentoo-user] Is Gentoo dead?

[Caveman Al Toraboran]

On Thursday, May 7, 2020 5:43 AM, Rich Freeman  wrote:

> Are you overriding something, or were you running this right in the
> middle of an update?

emerge was updating, then some ebuild failed and i
didn't have --keep-going.  then next time i tried
to sync layman it failed.

i'm now re-running emerge and it seems to work
normally.

>
> layman-2.4.2 strictly requires python 3.6 and the system wouldn't let
> you remove that version of python unless you forced it to. The newer
> version of layman is compatible with the newer versions of python, but
> of course needs to be rebuilt for it.

i have layman-2.4.3, emerged with python3_6, and
is now about to be moved to python3_7.

no biggie.  i can fix it.  but, my point is, this
hassle is needless and keeps coming.

> If you read the news on the update you'd see this. If you just do a
> regular emerge -uD @world then while it was in the middle of updating
> some things would break. There are instructions in the news for how
> to do a more seamless upgrade by enabling both the older and newer
> versions of python in parallel, in which case there won't be any point
> where things break. That does require rebuilding everything twice
> (not necessarily at the same time).

true, but needless hassle imo.

> Really though this is pretty tame. There have been some updates to
> expat and especially glibc in the past that were pretty hairy.

are you referring to python's dependence on expat
and glibc?

yeah, so many layers of mistakes get born when one
relies on python as a dependency for a system app
that manages other apps (including itself).

Re: [OBORONA-SPAM] Re: [gentoo-user] Is Gentoo dead?

[Caveman Al Toraboran]

On Wednesday, April 22, 2020 8:28 PM, Michael Orlitzky  wrote:

> On 4/22/20 12:24 PM, Michael Jones wrote:
>
> > On a source-based distribution, the thing that manages package
> > installations can break itself if it incorrectly installs a library that
> > a subsequent run of itself would dynamically link against.
>
> I won't say this is impossible, but in general it hasn't been true for a
> long time in Gentoo. Old libraries are left behind until you rebuild the
> things that link against them (that's what emerge @preserved-rebuild
> does). When used correctly, subslot dependencies in ebuilds avoid the
> need for even that additional step.

just to say that some portagy thing (layman) can't
work now as emerge was rebuilding packages to
remove python3_6):

running "layman -S"...
Traceback (most recent call last):
  File "/usr/lib/python-exec/python3.6/layman", line 36, in 
from   layman.cliimport Main
  File "/usr/lib64/python3.6/site-packages/layman/cli.py", line 29, in 

from layman.api import LaymanAPI
  File "/usr/lib64/python3.6/site-packages/layman/api.py", line 25, in 

from layman.remotedbimport RemoteDB
  File "/usr/lib64/python3.6/site-packages/layman/remotedb.py", line 46, in 

from   sslfetch.connections import Connector
ModuleNotFoundError: No module named 'sslfetch'

obviously solvable easily in this case, but imo
needless drama keeps coming every now and then.

imo we've also became pythonupgradophobic.  every
python upgrade becomes after a warning from
eselect news.

i look forward the day when all portagy things
get treated similar to busybox (i.e. come with
"static" USE flag by default).

that said, gentoo is still the best distro imo.
so it shall remain accursed by immortality in the
realm of undeads.

Re: [OBORONA-SPAM] Re: [gentoo-user] Is Gentoo dead?

[Dale]

Rich Freeman wrote:
> On Wed, May 6, 2020 at 10:14 PM Caveman Al Toraboran
>  wrote:
>> are you referring to python's dependence on expat
>> and glibc?
>>
> More like bash's dependence.  Well, and in the case of glibc just
> about everything.  When those break you're basically stuck recovering
> from a rescue disk.
>
> Fortunately we haven't had glibc/gcc break ABI in quite a while, and
> preserved-rebuild covers a lot of the other issues.
>
> In any case, if you have a solution other than statically building
> half the system I'm sure patches will be welcome.  FWIW Gentoo is
> about as hassle-free to use as it has ever been.  It isn't debian
> stable, and it is unlikely to ever be that way...
>


I agree that the Gentoo update process is a LOT better than it used to
be.  Even I run into fewer problems and that's saying something.  lol

There used to be a package that caused some serious problems with
upgrades.  It was really tricky but I can't recall the name of it since
it was ages ago.  It was back around the old hal days or so.  I don't
know if it is even used anymore.  Either the update process has improved
or it isn't used anymore.  I just recall it was a critical package, sort
of like gcc or glibc but it was some other package. 

OP, odds are the emerge failure is what triggered the problem.  If it
had completed without failure, it would likely have been a clean
update.  This is why I set up a chroot and do my updates there and use
the -k option to install on my actual system.  It takes very little time
and so far, no breakages on my real system.  If any thing fails, it's
more likely to be in the chroot which won't hurt anything. If you able,
may be a option worth thinking about for yourself as well. 

Dale

:-)  :-) 

Re: [OBORONA-SPAM] Re: [gentoo-user] Is Gentoo dead?

[Rich Freeman]

On Wed, May 6, 2020 at 10:14 PM Caveman Al Toraboran
 wrote:
>
> are you referring to python's dependence on expat
> and glibc?
>

More like bash's dependence.  Well, and in the case of glibc just
about everything.  When those break you're basically stuck recovering
from a rescue disk.

Fortunately we haven't had glibc/gcc break ABI in quite a while, and
preserved-rebuild covers a lot of the other issues.

In any case, if you have a solution other than statically building
half the system I'm sure patches will be welcome.  FWIW Gentoo is
about as hassle-free to use as it has ever been.  It isn't debian
stable, and it is unlikely to ever be that way...

-- 
Rich

Re: [OBORONA-SPAM] Re: [gentoo-user] Is Gentoo dead?

[Rich Freeman]

On Wed, May 6, 2020 at 9:13 PM Caveman Al Toraboran
 wrote:
>
> just to say that some portagy thing (layman) can't
> work now as emerge was rebuilding packages to
> remove python3_6):
>
> running "layman -S"...
> Traceback (most recent call last):
>   File "/usr/lib/python-exec/python3.6/layman", line 36, in 
> from   layman.cliimport Main
>   File "/usr/lib64/python3.6/site-packages/layman/cli.py", line 29, in 
> 
> from layman.api import LaymanAPI
>   File "/usr/lib64/python3.6/site-packages/layman/api.py", line 25, in 
> 
> from layman.remotedbimport RemoteDB
>   File "/usr/lib64/python3.6/site-packages/layman/remotedb.py", line 46, 
> in 
> from   sslfetch.connections import Connector
> ModuleNotFoundError: No module named 'sslfetch'
>
> obviously solvable easily in this case, but imo
> needless drama keeps coming every now and then.
>

Are you overriding something, or were you running this right in the
middle of an update?

layman-2.4.2 strictly requires python 3.6 and the system wouldn't let
you remove that version of python unless you forced it to.  The newer
version of layman is compatible with the newer versions of python, but
of course needs to be rebuilt for it.

If you read the news on the update you'd see this.  If you just do a
regular emerge -uD @world then while it was in the middle of updating
some things would break.  There are instructions in the news for how
to do a more seamless upgrade by enabling both the older and newer
versions of python in parallel, in which case there won't be any point
where things break.  That does require rebuilding everything twice
(not necessarily at the same time).

Really though this is pretty tame.  There have been some updates to
expat and especially glibc in the past that were pretty hairy.

-- 
Rich

Re: [OBORONA-SPAM] Re: [gentoo-user] Is Gentoo dead?

[Kent Fredric]

On Wed, 22 Apr 2020 19:14:55 +0300
lego12...@yandex.ru wrote:

>  portage must be in C and statically linked.

Do you want Segfaults?

Because that's how you get segfaults :p.

Maybe Rust or something like it, but I don't really trust our capacity
to implement something this complicated in C.


pgp1h9Lb5GQe5.pgp
Description: OpenPGP digital signature

Re: [OBORONA-SPAM] Re: [gentoo-user] Is Gentoo dead?

[Ashley Dixon]

On Sat, Apr 25, 2020 at 04:37:43PM +, Caveman Al Toraboran wrote:
> so i really can't believe that we have devolved in
> such a way where malloc/free suddenly has became a
> hard concept for homo sapiens.

You'd  be  surprised  how  much  shocking  code  is  out  there,  especially  in
proprietary  products  (the  Valve   Steam   Client   is   a   prime   example).

In general, reasons for memory-management-incompetence fall into  the  following
categories:

(a) Programmers forget.  For experienced and skilled developers, this is
likely the most common cause of malloc-free mismatches.   I  was
programming in C a few years before I ever touched a computer (I
bought/stole Kernighan and Ritchie from the  local  library  and
wrote out code-listings with pencil and paper), and to this  day
still  occasionally  forget  to  free   everything   I   malloc.
Thankfully, in the days of dynamic code-analysis tools  such  as
Valgrind,   theseproblems---amongstotherhard-to-spot
issues---become easy fixes.

(b) Programmers don't care, because it is assumed the  operating  system
will do it for them.  I have heard this one  quite  a  bit  from
people trying to justify their horribly  written  code.   Often,
with people who make this argument, the malloc-free mismatch  is
the least of their problems, however in the days of  intelligent
operating system-level memory-management seen  in  modern  Linux
kernels, some programmers seem to take the hard work  of  kernel
developers  as   a   free   pass   to   be   messy   themselves.

(c) Programmers don't care, because the code means nothing to  them.   I
have never worked as a professional programmer, so  I  can  only
speculate, but from conversations  with  veteran  developers  at
large companies such as Intel and Microsoft, it seems as  though
the general morale amongst older developers can drop hugely. Why
bother optimising or  thoroughly  testing  code  when  it's  not
yours, and you don't really care  about  the  company  for  whom
you're developing ?

(d) Programmers are genuinely unaware of the importance of freeing their
malloc'd  objects.   With  the  abundance  of  terrible  on-line
tutorials, written by teachers that seem to devote themselves to
teaching the worst practices possible, I've seen  an  influx  of
programmers who are simply unaware of the  need  to  free  their
memory pools.  It takes less than a minute of on-line  searching
to find a popular tutorial on some pretty  website  which  shows
code leaking memory.

So yes, it is easy to understand, but whether people _care_ or even know in  the
first place is entirely up to them.

-- 

Ashley Dixon
suugaku.co.uk

2A9A 4117
DA96 D18A
8A7B B0D2
A30E BF25
F290 A8AA



signature.asc
Description: PGP signature

Re: [OBORONA-SPAM] Re: [gentoo-user] Is Gentoo dead?

[Caveman Al Toraboran]

On Friday, April 24, 2020 12:27 AM, Steven Lembark  wrote:

> Main issue I can see with C is that most people today don't know how
> to manage memory; not enough of us left who really understand how
> malloc works :-)

i find it very hard to believe this.  because,
fundamentally, the concept of malloc/free is the
same concept that we expect a 5 years old kid to
know.

e.g. we tell kids ``return all balls back into the
bucket before you leave the room'', which is
exactly the concept of malloc/free.

probably we can even train monkeys to do the same
(return all taken balls back before leaving).

so i really can't believe that we have devolved in
such a way where malloc/free suddenly has became a
hard concept for homo sapiens.

Re: [OBORONA-SPAM] Re: [OBORONA-SPAM] Re: [OBORONA-SPAM] Re: [OBORONA-SPAM] Re: [gentoo-user] Is Gentoo dead?

[Michael Orlitzky]

On 4/23/20 4:45 AM, lego12...@yandex.ru wrote:
> On Wed, Apr 22, 2020 at 03:24:07PM -0400, Michael Orlitzky wrote:
>> FWIW, I do know there are situations where static linking is the right
>> thing to do.
> 
> If you project require strong security, than it would be simpler to use 
> static linking.
> If you have many instances of the same program or have many shortlived 
> processes of the
> same program, than static linking is better(for ram and speed).
> 
> Michael, just read about history of shared object. That was not technical 
> decision,
> that was marketing decision.
> 

I might believe you about speed, but not about RAM. Memory usage goes up
with static linking because you've got multiple copies of the same thing
loaded into memory. And that makes the performance argument tricky as
well: you're saving a bit of CPU time on function calls, but maybe your
cache is also filled up with those same copies of the same stuff, and as
a result things actually get slower as you hit the disk to load the 22nd
copy of a library.

Ignoring that, the faster load time and speed improvements were minor to
begin with. It's not worth making your system annoying to manage. If you
think I'm wrong, feel free to shoot yourself in the foot, but you
shouldn't be calling Alessandro or the QA team incompetent (that's my
bit...) unless you have some strong new evidence that static linking
improves things in a general-purpose linux distro.

Re: [OBORONA-SPAM] Re: [OBORONA-SPAM] Re: [gentoo-user] Is Gentoo dead?

[Caveman Al Toraboran]

On Friday, April 24, 2020 9:56 PM, Michele Alzetta  
wrote:

> I mean, basically portage is just a set of functions, so a functional 
> programming language might just be the best way to go

yes, haskell passes step (1); so does php,
java, etc.  now kindly apply the rest of the steps
((2) and (3)), and see how far haskell would reach?

i don't think haskell would pass step (2), and
even if does, i doubt it would survive step (3).

unless you're seriously asking this question,
you're committing a strawman.

Re: [OBORONA-SPAM] Re: [OBORONA-SPAM] Re: [OBORONA-SPAM] Re: [gentoo-user] Is Gentoo dead?

[lego12239]

On Fri, Apr 24, 2020 at 06:30:25PM +0200, inasprecali wrote:
> There is no rational reason for the core of Portage to be written in
> C.

There are more than one rational reasons to do so.

-- 
Олег Неманов (Oleg Nemanov)

Re: [OBORONA-SPAM] Re: [OBORONA-SPAM] Re: [gentoo-user] Is Gentoo dead?

[Michele Alzetta]

I mean, basically portage is just a set of functions, so a functional
programming language might just be the best way to go

Il giorno ven 24 apr 2020 alle ore 19:54 Michele Alzetta <
michele.alze...@gmail.com> ha scritto:

> ... seems like you're describing haskell ...
> ... now, portage written in haskell would be really something
>
> Il giorno ven 24 apr 2020 alle ore 14:36 Caveman Al Toraboran <
> toraboracave...@protonmail.com> ha scritto:
>
>> On Wednesday, April 22, 2020 8:32 PM, Michael Jones 
>> wrote:
>>
>> > >   No-no. C++ is a nightmare. A few people want to use it.
>> >
>> > C++ is an extremely widespread language with millions of lines of code
>> written daily world wide.
>>
>> i think that might be misleading as it seems to
>> imply that being a c++ dev is mutually exclusive
>> against being a c dev (is it? the languages agree on
>> many syntaxes/features).
>>
>> i think the right way of thinking is as follows:
>>
>> 1. identify programming features needed to code
>>a reliable pms.  i think most likely all we
>>need is [recursive] function calls and
>>if/else/loops.  the rest probably has to do
>>with algorithms (independent of the language).
>>
>> 2. pick language that has features (1) and has the
>>largest users base.  if the set of features in
>>(1) is small enough (such as ones i suggested),
>>then the c++ developers should be counted as c
>>developers (because that part is common between
>>c++ and c).
>>
>> 3. apply occam's razor.  if two languages are
>>equally satisfying points (1) and (2), then
>>choose the simplest one.  but if my thought is
>>correct (that we only need the subset of
>>features in c++ that's already in c), then c is
>>guaranteed to have a greater effective number
>>of developers in step (2).  hence, we will not
>>even need to apply occam's razor to remove c++
>>(unless points (1) and (2) result in a tie,
>>which i don't think it does in this case).
>>
>> > Lots of people want to use it. Just not people who want to write a PMS
>> compliant package manager.
>>
>> probably same kind of people that are headed to
>> blow their legs (and ours) in the process.
>>
>>
>>

Re: [OBORONA-SPAM] Re: [OBORONA-SPAM] Re: [gentoo-user] Is Gentoo dead?

[Michele Alzetta]

... seems like you're describing haskell ...
... now, portage written in haskell would be really something

Il giorno ven 24 apr 2020 alle ore 14:36 Caveman Al Toraboran <
toraboracave...@protonmail.com> ha scritto:

> On Wednesday, April 22, 2020 8:32 PM, Michael Jones 
> wrote:
>
> > >   No-no. C++ is a nightmare. A few people want to use it.
> >
> > C++ is an extremely widespread language with millions of lines of code
> written daily world wide.
>
> i think that might be misleading as it seems to
> imply that being a c++ dev is mutually exclusive
> against being a c dev (is it? the languages agree on
> many syntaxes/features).
>
> i think the right way of thinking is as follows:
>
> 1. identify programming features needed to code
>a reliable pms.  i think most likely all we
>need is [recursive] function calls and
>if/else/loops.  the rest probably has to do
>with algorithms (independent of the language).
>
> 2. pick language that has features (1) and has the
>largest users base.  if the set of features in
>(1) is small enough (such as ones i suggested),
>then the c++ developers should be counted as c
>developers (because that part is common between
>c++ and c).
>
> 3. apply occam's razor.  if two languages are
>equally satisfying points (1) and (2), then
>choose the simplest one.  but if my thought is
>correct (that we only need the subset of
>features in c++ that's already in c), then c is
>guaranteed to have a greater effective number
>of developers in step (2).  hence, we will not
>even need to apply occam's razor to remove c++
>(unless points (1) and (2) result in a tie,
>which i don't think it does in this case).
>
> > Lots of people want to use it. Just not people who want to write a PMS
> compliant package manager.
>
> probably same kind of people that are headed to
> blow their legs (and ours) in the process.
>
>
>

Re: [OBORONA-SPAM] Re: [OBORONA-SPAM] Re: [gentoo-user] Is Gentoo dead?

[Caveman Al Toraboran]

On Friday, April 24, 2020 8:30 PM, inasprecali  wrote:

> There is no rational reason for the core of Portage to be written in
> C.

curious.. are you also cool if busybox was written
in python?

Re: [OBORONA-SPAM] Re: [OBORONA-SPAM] Re: [gentoo-user] Is Gentoo dead?

[Robert Bridge]

On 24 Apr 2020, at 18:37, Caveman Al Toraboran  
wrote:
> 
> On Friday, April 24, 2020 8:30 PM, inasprecali  
> wrote:
> 
>> There is no rational reason for the core of Portage to be written in
>> C.
> 
> curious.. are you also cool if busybox was written
> in python?

The argument for a statically linked C portage is really two arguments: one 
about linking and a separate though slightly related argument about language 
choice.

Regarding the statically linked argument: while there is some justification for 
eliminating dependencies, unless and until your statically linked portage is 
going to include a minimal C computer capable of bootstrapping gcc and a 
toolchain, you are still going to have to deal with the risk of external 
components breaking.

Regarding the argument about language: portage should be written in whatever 
language the portage writers are most comfortable with. The benefits of any 
individual language are really going to be less than the benefits of a tool 
that mostly works with developers who are willing to support it. 

Re: [OBORONA-SPAM] Re: [OBORONA-SPAM] Re: [gentoo-user] Is Gentoo dead?

[inasprecali]

On Fri, 24 Apr 2020 12:22:39 +0300
lego12...@yandex.ru wrote:
> The core of portage should be in C, imho. But it can be extendable
> with hooks written in something simple like a bash.
> It mustn't be a solid binary. It can be splitted into separate parts
> with strict definitions of interaction and interface.
There is no rational reason for the core of Portage to be written in
C.

> :-D This shouldn't be a problem, because developers of extension
> modules/hooks(if they choose C for this) will use a something
> like libportage with util and wrapper functions which will hide
> all mallocs.
And you yourself gave a very good reason why.

Re: [OBORONA-SPAM] Re: [OBORONA-SPAM] Re: [gentoo-user] Is Gentoo dead?

[Caveman Al Toraboran]

On Friday, April 24, 2020 4:45 PM, Rich Freeman  wrote:

> How did we get from "Is Gentoo dead?" to "Is C++ dead?"

c++ is very alive.  it just usually exists in the
form of a disease and spreads like cancer.

rgrds,
cm.

Re: [OBORONA-SPAM] Re: [OBORONA-SPAM] Re: [gentoo-user] Is Gentoo dead?

[Caveman Al Toraboran]

On Wednesday, April 22, 2020 8:32 PM, Michael Jones  wrote:

> >   No-no. C++ is a nightmare. A few people want to use it.
>
> C++ is an extremely widespread language with millions of lines of code 
> written daily world wide. 

i think that might be misleading as it seems to
imply that being a c++ dev is mutually exclusive
against being a c dev (is it? the languages agree on
many syntaxes/features).

i think the right way of thinking is as follows:

1. identify programming features needed to code
   a reliable pms.  i think most likely all we
   need is [recursive] function calls and
   if/else/loops.  the rest probably has to do
   with algorithms (independent of the language).

2. pick language that has features (1) and has the
   largest users base.  if the set of features in
   (1) is small enough (such as ones i suggested),
   then the c++ developers should be counted as c
   developers (because that part is common between
   c++ and c).

3. apply occam's razor.  if two languages are
   equally satisfying points (1) and (2), then
   choose the simplest one.  but if my thought is
   correct (that we only need the subset of
   features in c++ that's already in c), then c is
   guaranteed to have a greater effective number
   of developers in step (2).  hence, we will not
   even need to apply occam's razor to remove c++
   (unless points (1) and (2) result in a tie,
   which i don't think it does in this case).

> Lots of people want to use it. Just not people who want to write a PMS 
> compliant package manager.

probably same kind of people that are headed to
blow their legs (and ours) in the process.

Re: [OBORONA-SPAM] Re: [OBORONA-SPAM] Re: [gentoo-user] Is Gentoo dead?

[Rich Freeman]

On Fri, Apr 24, 2020 at 8:35 AM Caveman Al Toraboran
 wrote:
>
> On Wednesday, April 22, 2020 8:32 PM, Michael Jones  
> wrote:
>
> > >   No-no. C++ is a nightmare. A few people want to use it.
> >
> > C++ is an extremely widespread language with millions of lines of code 
> > written daily world wide.
>
> i think that might be misleading as it seems to
> imply that being a c++ dev is mutually exclusive
> against being a c dev

How did we get from "Is Gentoo dead?" to "Is C++ dead?"

-- 
Rich

Re: [OBORONA-SPAM] Re: [OBORONA-SPAM] Re: [gentoo-user] Is Gentoo dead?

[lego12239]

On Thu, Apr 23, 2020 at 03:27:16PM -0500, Steven Lembark wrote:
> 
> >   portage must be in C and statically linked.
> 
> Seems to argue in favor of a statically-linked dynamic language: The 
> runtime compiler can be static with install scripts being a bit more 
> malleable.

The core of portage should be in C, imho. But it can be extendable
with hooks written in something simple like a bash.
It mustn't be a solid binary. It can be splitted into separate parts
with strict definitions of interaction and interface.

> Main issue I can see with C is that most people today don't know how 
> to manage memory; not enough of us left who really understand how 
> malloc works :-)

:-D This shouldn't be a problem, because developers of extension
modules/hooks(if they choose C for this) will use a something
like libportage with util and wrapper functions which will hide
all mallocs.

-- 
Олег Неманов (Oleg Nemanov)

Re: [OBORONA-SPAM] Re: [gentoo-user] Is Gentoo dead?

[Steven Lembark]

>   portage must be in C and statically linked.

Seems to argue in favor of a statically-linked dynamic language: The 
runtime compiler can be static with install scripts being a bit more 
malleable.

Main issue I can see with C is that most people today don't know how 
to manage memory; not enough of us left who really understand how 
malloc works :-) 

-- 
Steven Lembark  5725 Aylesboro Ave
Workhorse ComputingPittsburgh PA 15217
lemb...@wrkhors.com+1 888 359 3508

Re: [OBORONA-SPAM] Re: [OBORONA-SPAM] Re: [OBORONA-SPAM] Re: [OBORONA-SPAM] Re: [gentoo-user] Is Gentoo dead?

[Dale]

lego12...@yandex.ru wrote:
> On Wed, Apr 22, 2020 at 03:19:26PM -0400, Michael Orlitzky wrote:
>
>> If you only sync once a day, then yes, you'll only have to rebuild once
>> a day. I sync considerably more than that though, and besides, it takes
>> me about a week to emerge -e @world.
> Just interesting, why you need to sync every day?
> And why you need emerge -e, if you can use emerge -auND?
>

Might be because Michael is a Gentoo developer.  They have to sync a lot
as they make changes to the tree. 

The two commands do different things.  Using emerge -e calculates
rebuilding every package while emerge -auDN only looks for certain
updates.  Each can be useful even if not allowed to complete.

Dale

:-)  :-) 

Re: [OBORONA-SPAM] Re: [OBORONA-SPAM] Re: [OBORONA-SPAM] Re: [OBORONA-SPAM] Re: [gentoo-user] Is Gentoo dead?

[Consus]

On Thu, Apr 23, 2020 at 11:52:52AM +0300, lego12...@yandex.ru wrote:
> Nobody talk about "everything is statically linked".
> However, this is a good idea ;-), but this is a topic for another
> conversation :-).

No wonder Yandex considers you SPAM.

Re: [OBORONA-SPAM] Re: [OBORONA-SPAM] Re: [OBORONA-SPAM] Re: [OBORONA-SPAM] Re: [gentoo-user] Is Gentoo dead?

[lego12239]

On Wed, Apr 22, 2020 at 03:19:26PM -0400, Michael Orlitzky wrote:
> It's not that everything depends on OpenSSL, but that everything depends
> on /something/. If everything is statically linked, then any update of
> any package sets off a chain reaction of other packages that trigger
> rebuilds of other packages that trigger rebuilds of...

Nobody talk about "everything is statically linked".
However, this is a good idea ;-), but this is a topic for another
conversation :-).

> If you only sync once a day, then yes, you'll only have to rebuild once
> a day. I sync considerably more than that though, and besides, it takes
> me about a week to emerge -e @world.

Just interesting, why you need to sync every day?
And why you need emerge -e, if you can use emerge -auND?

-- 
Олег Неманов (Oleg Nemanov)

Re: [OBORONA-SPAM] Re: [OBORONA-SPAM] Re: [OBORONA-SPAM] Re: [OBORONA-SPAM] Re: [gentoo-user] Is Gentoo dead?

[lego12239]

On Wed, Apr 22, 2020 at 03:24:07PM -0400, Michael Orlitzky wrote:
> FWIW, I do know there are situations where static linking is the right
> thing to do.

If you project require strong security, than it would be simpler to use static 
linking.
If you have many instances of the same program or have many shortlived 
processes of the
same program, than static linking is better(for ram and speed).

Michael, just read about history of shared object. That was not technical 
decision,
that was marketing decision.

-- 
Олег Неманов (Oleg Nemanov)

Re: [OBORONA-SPAM] Re: [OBORONA-SPAM] Re: [OBORONA-SPAM] Re: [OBORONA-SPAM] Re: [gentoo-user] Is Gentoo dead?

[lego12239]

On Wed, Apr 22, 2020 at 02:22:02PM -0500, Michael Jones wrote:
> But I don't generally want my entire system statically linked, only a few
> things.

But who said that *entire* system should be statically linked?
The conversation is so far only about such a critical thing as portage.

-- 
Олег Неманов (Oleg Nemanov)

Re: [OBORONA-SPAM] Re: [OBORONA-SPAM] Re: [OBORONA-SPAM] Re: [OBORONA-SPAM] Re: [gentoo-user] Is Gentoo dead?

[lego12239]

On Wed, Apr 22, 2020 at 02:33:45PM -0400, Michael Orlitzky wrote:
> If you statically link more than a few things, this is emerge -e @world
>  twenty times a day.

Hm :-D. And why it should be so? I run emerge one time in a week.
If there are any changes in a dependancy of some package, why
it can't be rebuild in the same emerge call?


-- 
Олег Неманов (Oleg Nemanov)

Re: [OBORONA-SPAM] Re: [OBORONA-SPAM] Re: [OBORONA-SPAM] Re: [OBORONA-SPAM] Re: [gentoo-user] Is Gentoo dead?

[lego12239]

On Wed, Apr 22, 2020 at 02:19:19PM -0400, Michael Orlitzky wrote:
> How do you plan to update all of your programs when there's a security
> vulnerability in, say, OpenSSL?

Hm. And why we need every package to be statically linked? I told just
that static linking is a good and useful feature. Moreover, what the
problem to rebuild all dependant packages? And yet, please don't tell
about this imaginary advantage of shared objects. Because, this is
in the same time and disadvantage too - we can just in ONE action supply a new
security vulnerability to ALL software that use openssl shared object.
Because all code has bugs :-). And if we talk about security code that
moment is significant and should be considered carefully.

So, we can say that for non-security software shared object can be
used thoughtlessly and everywhere. But even here it's not so simple.
Shared object is slow and consume more ram if we have many instances
of our software running than statically linked version(thanks to sharing
of common .text segments between all instances of a single program). And
plan9 experience told us that for something that used by many programs(like
openssl) it better to use services than shared object(in plan9 this implemented
with help of "file servers").

Shared object isn't a holly cow. And please let's not be fanatics.

-- 
Олег Неманов (Oleg Nemanov)

Re: [OBORONA-SPAM] Re: [OBORONA-SPAM] Re: [OBORONA-SPAM] Re: [gentoo-user] Is Gentoo dead?

[Michael Orlitzky]

On 4/22/20 3:22 PM, Michael Jones wrote:
> 
> But I don't generally want my entire system statically linked, only a
> few things.
> 

FWIW, I do know there are situations where static linking is the right
thing to do.

Re: [OBORONA-SPAM] Re: [OBORONA-SPAM] Re: [OBORONA-SPAM] Re: [gentoo-user] Is Gentoo dead?

[Michael Jones]

On Wed, Apr 22, 2020 at 2:19 PM Michael Orlitzky  wrote:

> On 4/22/20 3:15 PM, Michael Jones wrote:
> >
> > Why would I need to emerge world? Portage knows the full list of
> > packages that depend on openssl, transitively.
> >
> > Unless you're generalizing to say that (almost) everything depends on
> > openssl, I suppose.
> >
> > Also, didn't the handbook, at one point, say not to sync portage more
> > than once a day? So why would package installations happen 20 times per
> > day?
>
> It's not that everything depends on OpenSSL, but that everything depends
> on /something/. If everything is statically linked, then any update of
> any package sets off a chain reaction of other packages that trigger
> rebuilds of other packages that trigger rebuilds of...
>
> If you only sync once a day, then yes, you'll only have to rebuild once
> a day. I sync considerably more than that though, and besides, it takes
> me about a week to emerge -e @world.
>
>

Well, I suppose that's the consequence that someone would have to accept if
they wanted to link things statically.

I use static libraries for work in some situations, and understand the cost
of using them

But I don't generally want my entire system statically linked, only a few
things.

Regardless, thank you for clarifying.

Re: [OBORONA-SPAM] Re: [OBORONA-SPAM] Re: [OBORONA-SPAM] Re: [gentoo-user] Is Gentoo dead?

[Michael Orlitzky]

On 4/22/20 3:15 PM, Michael Jones wrote:
> 
> Why would I need to emerge world? Portage knows the full list of
> packages that depend on openssl, transitively.
> 
> Unless you're generalizing to say that (almost) everything depends on
> openssl, I suppose.
> 
> Also, didn't the handbook, at one point, say not to sync portage more
> than once a day? So why would package installations happen 20 times per
> day? 

It's not that everything depends on OpenSSL, but that everything depends
on /something/. If everything is statically linked, then any update of
any package sets off a chain reaction of other packages that trigger
rebuilds of other packages that trigger rebuilds of...

If you only sync once a day, then yes, you'll only have to rebuild once
a day. I sync considerably more than that though, and besides, it takes
me about a week to emerge -e @world.

Re: [OBORONA-SPAM] Re: [OBORONA-SPAM] Re: [OBORONA-SPAM] Re: [gentoo-user] Is Gentoo dead?

[Michael Jones]

On Wed, Apr 22, 2020 at 1:33 PM Michael Orlitzky  wrote:

> On 4/22/20 2:24 PM, Michael Jones wrote:
> >
> >
> > On Wed, Apr 22, 2020 at 1:19 PM Michael Orlitzky  > > wrote:
> >
> > How do you plan to update all of your programs when there's a
> security
> > vulnerability in, say, OpenSSL?
> >
> >
> > Is there some reason why all packages that depend on OpenSSL,
> > transitively, could not be recompiled?
>
> If you statically link more than a few things, this is emerge -e @world
>  twenty times a day.
>
>
Why would I need to emerge world? Portage knows the full list of packages
that depend on openssl, transitively.

Unless you're generalizing to say that (almost) everything depends on
openssl, I suppose.

Also, didn't the handbook, at one point, say not to sync portage more than
once a day? So why would package installations happen 20 times per day?

Re: [OBORONA-SPAM] Re: [OBORONA-SPAM] Re: [OBORONA-SPAM] Re: [gentoo-user] Is Gentoo dead?

[Consus]

On Wed, Apr 22, 2020 at 02:38:40PM -0400, Michael Orlitzky wrote:
> Rust packages get no security updates. Neither do Go packages. That's
> what I'm screaming about in those threads on gentoo-dev that you singled
> out in your original post =)

Oh... I was under the impression that $EGO_SUMS exists not only for
checksumming and distfiles downloading, but also for security updates.
Guess I was wrong.

Re: [OBORONA-SPAM] Re: [OBORONA-SPAM] Re: [OBORONA-SPAM] Re: [gentoo-user] Is Gentoo dead?

[Michael Orlitzky]

On 4/22/20 2:24 PM, Consus wrote:
> On Wed, Apr 22, 2020 at 02:19:19PM -0400, Michael Orlitzky wrote:
>> How do you plan to update all of your programs when there's a security
>> vulnerability in, say, OpenSSL?
> 
> emerge -1 @world of course :D
> 
> By the way, Rust does support dynamic linking (to a degree), but does
> not have (yet, I pray) stable ABI. So what's current Gentoo team
> consensus on security updates? Will there be Cargo.lock metadata that
> will allows portage to automatically rebuild against newer library
> versions?
> 

Rust packages get no security updates. Neither do Go packages. That's
what I'm screaming about in those threads on gentoo-dev that you singled
out in your original post =)

Re: [OBORONA-SPAM] Re: [OBORONA-SPAM] Re: [OBORONA-SPAM] Re: [gentoo-user] Is Gentoo dead?

[Michael Orlitzky]

On 4/22/20 2:24 PM, Michael Jones wrote:
> 
> 
> On Wed, Apr 22, 2020 at 1:19 PM Michael Orlitzky  > wrote:
> 
> How do you plan to update all of your programs when there's a security
> vulnerability in, say, OpenSSL?
> 
> 
> Is there some reason why all packages that depend on OpenSSL,
> transitively, could not be recompiled? 

If you statically link more than a few things, this is emerge -e @world
 twenty times a day.

Re: [OBORONA-SPAM] Re: [OBORONA-SPAM] Re: [OBORONA-SPAM] Re: [gentoo-user] Is Gentoo dead?

[Consus]

On Wed, Apr 22, 2020 at 02:19:19PM -0400, Michael Orlitzky wrote:
> How do you plan to update all of your programs when there's a security
> vulnerability in, say, OpenSSL?

emerge -1 @world of course :D

By the way, Rust does support dynamic linking (to a degree), but does
not have (yet, I pray) stable ABI. So what's current Gentoo team
consensus on security updates? Will there be Cargo.lock metadata that
will allows portage to automatically rebuild against newer library
versions?

Re: [OBORONA-SPAM] Re: [OBORONA-SPAM] Re: [OBORONA-SPAM] Re: [gentoo-user] Is Gentoo dead?

[Michael Jones]

On Wed, Apr 22, 2020 at 1:19 PM Michael Orlitzky  wrote:

> How do you plan to update all of your programs when there's a security
> vulnerability in, say, OpenSSL?
>

Is there some reason why all packages that depend on OpenSSL, transitively,
could not be recompiled?

Re: [OBORONA-SPAM] Re: [OBORONA-SPAM] Re: [OBORONA-SPAM] Re: [gentoo-user] Is Gentoo dead?

[Michael Orlitzky]

On 4/22/20 2:08 PM, lego12...@yandex.ru wrote:
> On Wed, Apr 22, 2020 at 07:48:01PM +0200, Alessandro Barbieri wrote:
>> Whatever, but QA is by my side and I'm helping removing static libraries
>> from gentoo packages.
> 
> Man, this is not a technical argument. Sorry :-). You are wrong from a
> technical point of view. And the fact above says just:
> 
> - some packages really need not this
> - or QA not competent in this question just like you
> 

How do you plan to update all of your programs when there's a security
vulnerability in, say, OpenSSL?

Re: [OBORONA-SPAM] Re: [OBORONA-SPAM] Re: [OBORONA-SPAM] Re: [gentoo-user] Is Gentoo dead?

[lego12239]

On Wed, Apr 22, 2020 at 07:48:01PM +0200, Alessandro Barbieri wrote:
> Whatever, but QA is by my side and I'm helping removing static libraries
> from gentoo packages.

Man, this is not a technical argument. Sorry :-). You are wrong from a
technical point of view. And the fact above says just:

- some packages really need not this
- or QA not competent in this question just like you

-- 
Олег Неманов (Oleg Nemanov)

Re: [OBORONA-SPAM] Re: [OBORONA-SPAM] Re: [gentoo-user] Is Gentoo dead?

[Alessandro Barbieri]

Whatever, but QA is by my side and I'm helping removing static libraries
from gentoo packages.

https://projects.gentoo.org/qa/policy-guide/installed-files.html?highlight=static#pg0302
Also more context here:
https://flameeyes.blog/2011/08/29/useless-flag-static-libs/
https://archives.gentoo.org/gentoo-dev/message/2dada80c2b9c85b0e83e6328428bf8ab

Il Mer 22 Apr 2020, 18:25  ha scritto:

> On Wed, Apr 22, 2020 at 06:17:52PM +0200, Alessandro Barbieri wrote:
> > Nothing should be statically linked, please stop spreading the disease.
>
>   You are wrong ;-).
>
> --
> Олег Неманов (Oleg Nemanov)
>
>

Re: [OBORONA-SPAM] Re: [OBORONA-SPAM] Re: [OBORONA-SPAM] Re: [gentoo-user] Is Gentoo dead?

[Michael Jones]

On Wed, Apr 22, 2020 at 11:47 AM  wrote:

>   C is more widespread, than C++.
>

Yes, this is true.


> C++ is unneededly complex and for such core thing like a portage
> C would be better. C code is simpler and robust. More people know it.
> More people can send patches. Etc.
>

I disagree to the fullest, most intense, way possible.

Nevertheless, this subject is way off topic for this list, so I'll just say
we can agree to disagree, and not engage in the subject on-list any further.

I'd be happy to discuss the subject with anyone who wants to contact me
privately, however.

Re: [OBORONA-SPAM] Re: [OBORONA-SPAM] Re: [OBORONA-SPAM] Re: [gentoo-user] Is Gentoo dead?

[lego12239]

On Wed, Apr 22, 2020 at 11:32:49AM -0500, Michael Jones wrote:
> On Wed, Apr 22, 2020 at 11:30 AM  wrote:
> >   No-no. C++ is a nightmare. A few people want to use it.
> 
> C++ is an extremely widespread language with millions of lines of code
> written daily world wide.

  C is more widespread, than C++.
  C++ is unneededly complex and for such core thing like a portage
C would be better. C code is simpler and robust. More people know it.
More people can send patches. Etc.

> Lots of people want to use it. Just not people who want to write a PMS
> compliant package manager.

  No problem. They can use it outside portage :-).

-- 
Олег Неманов (Oleg Nemanov)

Re: [OBORONA-SPAM] Re: [OBORONA-SPAM] Re: [gentoo-user] Is Gentoo dead?

[Michael Jones]

On Wed, Apr 22, 2020 at 11:30 AM  wrote:

>
>   No-no. C++ is a nightmare. A few people want to use it.
>

C++ is an extremely widespread language with millions of lines of code
written daily world wide.

Lots of people want to use it. Just not people who want to write a PMS
compliant package manager.

Re: [OBORONA-SPAM] Re: [gentoo-user] Is Gentoo dead?

[Michael Jones]

On Wed, Apr 22, 2020 at 11:28 AM Michael Orlitzky  wrote:

> I won't say this is impossible, but in general it hasn't been true for a
> long time in Gentoo. Old libraries are left behind until you rebuild the
> things that link against them (that's what emerge @preserved-rebuild
> does). When used correctly, subslot dependencies in ebuilds avoid the
> need for even that additional step.
>
>
Right. Gentoo has safeguards in place already. Static-linking is only one
tool in a large toolbox, and given Portage is a python program, it's not
applicable to this situation.

I was referring to the case of some hypothetical package manager built with
C/C++. In that situation, staticly linking the package manager would
provide one aspect of defense against self-breakage.

Re: [OBORONA-SPAM] Re: [OBORONA-SPAM] Re: [gentoo-user] Is Gentoo dead?

[lego12239]

On Wed, Apr 22, 2020 at 12:16:20PM -0400, Michael Orlitzky wrote:
> On 4/22/20 12:14 PM, lego12...@yandex.ru wrote:
> >   Yes. And yes again :-). +1
> >   portage must be in C and statically linked.
> >   python is a strange dependency.
> 
> Paludis was a C++ package manager, but is dead now. No one's willing to
> work on these things when ::gentoo is portage-only.

  No-no. C++ is a nightmare. A few people want to use it.


-- 
Олег Неманов (Oleg Nemanov)

Re: [OBORONA-SPAM] Re: [gentoo-user] Is Gentoo dead?

[Michael Orlitzky]

On 4/22/20 12:24 PM, Michael Jones wrote:
> 
> On a source-based distribution, the thing that manages package
> installations can break itself if it incorrectly installs a library that
> a subsequent run of itself would dynamically link against.
> 

I won't say this is impossible, but in general it hasn't been true for a
long time in Gentoo. Old libraries are left behind until you rebuild the
things that link against them (that's what emerge @preserved-rebuild
does). When used correctly, subslot dependencies in ebuilds avoid the
need for even that additional step.

Re: [OBORONA-SPAM] Re: [gentoo-user] Is Gentoo dead?

[Jorge Almeida]

On Wed, Apr 22, 2020 at 5:18 PM Alessandro Barbieri
 wrote:
>
> Nothing should be statically linked, please stop spreading the disease.
>

Gee, maybe the musl project should commit suicide? If at least they
had read the vulgata consciously before starting the project...

> Il Mer 22 Apr 2020, 18:14  ha scritto:

>>   portage must be in C and statically linked.
>>   python is a strange dependency.
>>

Re: [OBORONA-SPAM] Re: [OBORONA-SPAM] Re: [gentoo-user] Is Gentoo dead?

[lego12239]

On Wed, Apr 22, 2020 at 06:17:52PM +0200, Alessandro Barbieri wrote:
> Nothing should be statically linked, please stop spreading the disease.

  You are wrong ;-).

-- 
Олег Неманов (Oleg Nemanov)

Re: [OBORONA-SPAM] Re: [gentoo-user] Is Gentoo dead?

[Michael Jones]

On Wed, Apr 22, 2020 at 11:18 AM Alessandro Barbieri <
lssndrbarbi...@gmail.com> wrote:

> Nothing should be statically linked, please stop spreading the disease.
>

On a source-based distribution, the thing that manages package
installations can break itself if it incorrectly installs a library that a
subsequent run of itself would dynamically link against.

There are plenty of valid use-cases for statically linked binaries. One
such use case is that the C++ standard doesn't acknowledge the existence of
dynamic linking in the first place. (It doesn't say it's invalid, just the
standard doesn't address the concept one way or another, implicitly
assuming static linking).

Re: [OBORONA-SPAM] Re: [gentoo-user] Is Gentoo dead?

[Alessandro Barbieri]

Nothing should be statically linked, please stop spreading the disease.

Il Mer 22 Apr 2020, 18:14  ha scritto:

> On Wed, Apr 22, 2020 at 04:07:52PM +, Caveman Al Toraboran wrote:
> > in fact, i think portage sucks so much it must be
> > rewritten from scratch, in such a way that it has
> > least run-time dependencies, so we stop worrying
> > about upgrading other packages, such as python.
>
>   Yes. And yes again :-). +1
>   portage must be in C and statically linked.
>   python is a strange dependency.
>
> --
> Олег Неманов (Oleg Nemanov)
>
>

Re: [OBORONA-SPAM] Re: [gentoo-user] Is Gentoo dead?

[Michael Orlitzky]

On 4/22/20 12:14 PM, lego12...@yandex.ru wrote:
> On Wed, Apr 22, 2020 at 04:07:52PM +, Caveman Al Toraboran wrote:
>> in fact, i think portage sucks so much it must be
>> rewritten from scratch, in such a way that it has
>> least run-time dependencies, so we stop worrying
>> about upgrading other packages, such as python.
> 
>   Yes. And yes again :-). +1
>   portage must be in C and statically linked.
>   python is a strange dependency.
> 


Paludis was a C++ package manager, but is dead now. No one's willing to
work on these things when ::gentoo is portage-only.

Re: [OBORONA-SPAM] Re: [gentoo-user] Is Gentoo dead?

[lego12239]

On Wed, Apr 22, 2020 at 04:07:52PM +, Caveman Al Toraboran wrote:
> in fact, i think portage sucks so much it must be
> rewritten from scratch, in such a way that it has
> least run-time dependencies, so we stop worrying
> about upgrading other packages, such as python.

  Yes. And yes again :-). +1
  portage must be in C and statically linked.
  python is a strange dependency.

-- 
Олег Неманов (Oleg Nemanov)