[gentoo-dev] RFC: make system-sqlite a global USE flag

[gentoo-dev] RFC: make system-sqlite a global USE flag

["Paweł Hajdan, Jr."]

[-- Attachment #1: Type: text/plain, Size: 1831 bytes --]

$ euse --info system-sqlite
global use flags (searching: system-sqlite)
************************************************************
no matching entries found

local use flags (searching: system-sqlite)
************************************************************
[-    ] system-sqlite (mail-client/thunderbird):
Use the system-wide dev-db/sqlite installation with secure-delete enabled

[-    ] system-sqlite (net-libs/xulrunner):
Use the system-wide dev-db/sqlite installation with secure-delete enabled

[-    ] system-sqlite (www-client/chromium):
Use the system-wide dev-db/sqlite installation with secure-delete enabled

[-    ] system-sqlite (www-client/firefox):
Use the system-wide dev-db/sqlite installation with secure-delete enabled

[-    ] system-sqlite (www-client/icecat):
Use the system-wide dev-db/sqlite installation with secure-delete enabled

[-    ] system-sqlite (www-client/seamonkey):
Use the system-wide dev-db/sqlite installation with secure-delete enabled

[-    ] system-sqlite (x11-plugins/enigmail):
Use the system-wide dev-db/sqlite installation with secure-delete enabled

The meaning is identical in all those cases, and I think the number of
packages may have hit the threshold for a global flag.

However, we already have a very similar global USE flag: sqlite, which
makes this a bit more tricky. The difference is very subtle:

IUSE="sqlite" means "the sqlite support is optional; -sqlite means no
sqlite support"

IUSE="system-sqlite" means "we can use the bundled sqlite or the system
one; -system-sqlite means we use the bundled one; both settings result
in sqlite support"

If we'd make system-sqlite a global USE flag, I'd suggest a description
like "Use the system-wide dev-db/sqlite instead of bundled copy of sqlite."

What do you think?


[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 195 bytes --]

Re: [gentoo-dev] RFC: make system-sqlite a global USE flag

[Donnie Berkholz]

[-- Attachment #1: Type: text/plain, Size: 1031 bytes --]

On 15:52 Tue 05 Oct     , "Paweł Hajdan, Jr." wrote:
> The meaning is identical in all those cases, and I think the number of 
> packages may have hit the threshold for a global flag.
> 
> However, we already have a very similar global USE flag: sqlite, which 
> makes this a bit more tricky. The difference is very subtle:
> 
> IUSE="sqlite" means "the sqlite support is optional; -sqlite means no 
> sqlite support"
> 
> IUSE="system-sqlite" means "we can use the bundled sqlite or the 
> system one; -system-sqlite means we use the bundled one; both settings 
> result in sqlite support"
> 
> If we'd make system-sqlite a global USE flag, I'd suggest a 
> description like "Use the system-wide dev-db/sqlite instead of bundled 
> copy of sqlite."

I think making this a global flag implicitly endorses building bundled 
code as an OK thing to do. Why is it an option at all, local or 
otherwise?

-- 
Thanks,
Donnie

Donnie Berkholz
Sr. Developer, Gentoo Linux
Blog: http://dberkholz.wordpress.com

[-- Attachment #2: Type: application/pgp-signature, Size: 198 bytes --]

Re: [gentoo-dev] RFC: make system-sqlite a global USE flag

[Nirbheek Chauhan]

On Tue, Oct 5, 2010 at 7:41 PM, Donnie Berkholz <dberkholz@gentoo.org> wrote:
> On 15:52 Tue 05 Oct     , "Paweł Hajdan, Jr." wrote:
>> The meaning is identical in all those cases, and I think the number of
>> packages may have hit the threshold for a global flag.
>>
>> However, we already have a very similar global USE flag: sqlite, which
>> makes this a bit more tricky. The difference is very subtle:
>>
>> IUSE="sqlite" means "the sqlite support is optional; -sqlite means no
>> sqlite support"
>>
>> IUSE="system-sqlite" means "we can use the bundled sqlite or the
>> system one; -system-sqlite means we use the bundled one; both settings
>> result in sqlite support"
>>
>> If we'd make system-sqlite a global USE flag, I'd suggest a
>> description like "Use the system-wide dev-db/sqlite instead of bundled
>> copy of sqlite."
>
> I think making this a global flag implicitly endorses building bundled
> code as an OK thing to do. Why is it an option at all, local or
> otherwise?
>

The reason is that with SQLITE_SECURE_DELETE, sqlite zeroes out
portions that have been deleted causing a very noticeable drop in
performance. This may be acceptable for browsers, but is rarely
desirable system-wide. See
https://bugzilla.mozilla.org/show_bug.cgi?id=546162 for details.

To fix this problem sqlite upstream made a specific change allowing a
#pragma to be used to define where secure-delete is required, avoiding
the need to use secure-delete *everywhere*.[1] However, Mozilla
upstream considers the two-line-change[2] an unacceptable level of
maintenance burden, and refused to implement it[3].

I presume Chromium upstream has a similar stance on the issue, hence
making the use-flag necessary for us since we (at least mozilla team)
avoid adding patches that are not upstream yet.

1. https://bugzilla.mozilla.org/show_bug.cgi?id=546162#c8
2. https://bugzilla.mozilla.org/show_bug.cgi?id=546162#c11
3. https://bugzilla.mozilla.org/show_bug.cgi?id=546162#c15
-- 
~Nirbheek Chauhan

Gentoo GNOME+Mozilla Team

Re: [gentoo-dev] RFC: make system-sqlite a global USE flag

[Mike Frysinger]

[-- Attachment #1: Type: Text/Plain, Size: 359 bytes --]

On Tuesday, October 05, 2010 10:35:57 Nirbheek Chauhan wrote:
> To fix this problem sqlite upstream made a specific change allowing a
> #pragma to be used to define where secure-delete is required, avoiding
> the need to use secure-delete *everywhere*.

so what you're saying is that this USE flag can die once people fix/update 
their packages
-mike

[-- Attachment #2: This is a digitally signed message part. --]
[-- Type: application/pgp-signature, Size: 836 bytes --]

Re: [gentoo-dev] RFC: make system-sqlite a global USE flag

[Nirbheek Chauhan]

On Wed, Oct 6, 2010 at 7:36 AM, Mike Frysinger <vapier@gentoo.org> wrote:
> On Tuesday, October 05, 2010 10:35:57 Nirbheek Chauhan wrote:
>> To fix this problem sqlite upstream made a specific change allowing a
>> #pragma to be used to define where secure-delete is required, avoiding
>> the need to use secure-delete *everywhere*.
>
> so what you're saying is that this USE flag can die once people fix/update
> their packages
> -mike
>

What I'm saying is that mozilla team will not do it unless you either:

(a) You convince/bribe/cluebat upstream (we've tried and failed), or
(b) You write a patch that you promise to maintain forever with quick
responses for security bumps

Keep in mind that firefox usually only works with a very narrow range
of sqlite versions. If it's too low, it won't compile, or have runtime
failures (when they forget to update the min system-sqlite version).
If it's too high, it'll have strange runtime bugs since firefox relies
too heavily on existing sqlite behaviour[1].

1. https://bugzilla.mozilla.org/show_bug.cgi?id=583611
-- 
~Nirbheek Chauhan

Gentoo GNOME+Mozilla Team

[gentoo-dev] Re: RFC: make system-sqlite a global USE flag

[Ryan Hill]

[-- Attachment #1: Type: text/plain, Size: 840 bytes --]

On Tue, 05 Oct 2010 15:52:42 +0200
"Paweł Hajdan, Jr." <phajdan.jr@gentoo.org> wrote:

> The meaning is identical in all those cases, and I think the number of
> packages may have hit the threshold for a global flag.
> 
> <...>
>
> If we'd make system-sqlite a global USE flag, I'd suggest a description
> like "Use the system-wide dev-db/sqlite instead of bundled copy of sqlite."
> 
> What do you think?

This isn't a flag that should ever be used outside of a specific use-case,
which is itself a workaround for retarded upstream policies. Making it global
has zero advantages.

-- 
fonts, gcc-porting,             we hold our breath, we spin around the world
toolchain, wxwidgets            you and me cling to the outside of the earth
@ gentoo.org                EFFD 380E 047A 4B51 D2BD C64F 8AA8 8346 F9A4 0662

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 198 bytes --]

Re: [gentoo-dev] RFC: make system-sqlite a global USE flag

[Mike Frysinger]

[-- Attachment #1: Type: Text/Plain, Size: 1233 bytes --]

On Tuesday, October 05, 2010 23:04:32 Nirbheek Chauhan wrote:
> On Wed, Oct 6, 2010 at 7:36 AM, Mike Frysinger wrote:
> > On Tuesday, October 05, 2010 10:35:57 Nirbheek Chauhan wrote:
> >> To fix this problem sqlite upstream made a specific change allowing a
> >> #pragma to be used to define where secure-delete is required, avoiding
> >> the need to use secure-delete *everywhere*.
> > 
> > so what you're saying is that this USE flag can die once people
> > fix/update their packages
> 
> What I'm saying is that mozilla team will not do it unless you either:
> 
> (a) You convince/bribe/cluebat upstream (we've tried and failed), or
> (b) You write a patch that you promise to maintain forever with quick
> responses for security bumps
> 
> Keep in mind that firefox usually only works with a very narrow range
> of sqlite versions. If it's too low, it won't compile, or have runtime
> failures (when they forget to update the min system-sqlite version).
> If it's too high, it'll have strange runtime bugs since firefox relies
> too heavily on existing sqlite behaviour[1].

so getting back to the original question: no, this should not be a global USE 
flag, and yes, this local flag should die.
-mike

[-- Attachment #2: This is a digitally signed message part. --]
[-- Type: application/pgp-signature, Size: 836 bytes --]