[gentoo-dev] [RFC] Defaulting desktop profiles to net-nds/openldap[minimal]

[gentoo-dev] [RFC] Defaulting desktop profiles to net-nds/openldap[minimal]

[Diego Elio Pettenò]

So Thomáš posted today [1] that the new LibreOffice 4 is going to _need_
an LDAP provider in the future because they are not going to keep it
optional as it is now. Right now, the only provider we have in portage
(as far as me and him can tell) is openldap (although mozldap also exists).

This made me cringe for a moment because I really don't want to have the
OpenLDAP server installed on my laptops, but then I realize that there
_is_ a minimal USE flag that only installs the library. But of course,
that's not the default.

Now one could probably argue that we should replace minimal with a
server USE flag enabled by default, that's a different story I guess. In
the mean time, I would suggest that, since the desktop profiles already
have USE=ldap enabled, we should default on the same profiles to

net-nds/openldap minimal

to make sure that the default desktop users don't get a copy of openldap
(server) installed.

To make this cleaner as well, I fixed the ebuild so that with
USE=minimal it doesn't install some of the paths that are used by the
server, or depend on packages that the client libs don't need.

So, should we change the profiles' defaults?

[1] http://goo.gl/DQ9kD

-- 
Diego Elio Pettenò — Flameeyes
flameeyes@flameeyes.eu — http://blog.flameeyes.eu/

Re: [gentoo-dev] [RFC] Defaulting desktop profiles to net-nds/openldap[minimal]

[Chí-Thanh Christopher Nguyễn]

Diego Elio Pettenò schrieb:
> In
> the mean time, I would suggest that, since the desktop profiles already
> have USE=ldap enabled, we should default on the same profiles to
> 
> net-nds/openldap minimal
> 
> to make sure that the default desktop users don't get a copy of openldap
> (server) installed.

I like to think of the desktop profile as a (functionality wise) superset of
the default profile. The proposed change will be contrary to this idea.

> So, should we change the profiles' defaults?

I would vote for no.

If this change is applied anyway, I suggest to at least produce a news item
in order to not surprise users about the sudden loss of their openldap server.


Best regards,
Chí-Thanh Christopher Nguyễn

[gentoo-dev] Re: [RFC] Defaulting desktop profiles to net-nds/openldap[minimal]

[Duncan]

Chí-Thanh Christopher Nguyễn posted on Sun, 02 Dec 2012 01:28:26 +0100 as
excerpted:

> If this change is applied anyway, I suggest to at least produce a news
> item in order to not surprise users about the sudden loss of their
> openldap server.

I wouldn't object to a news item.  More information is good.

<mode=rant>

However, hasn't it always been gentoo policy to *STRONGLY* encourage 
users to run emerge --pretend/--ask and EXAMINE THE RESULTS for anything 
unexpected, and resolve it in one way or another to "expected", before 
going ahead?

Thus, anyone suddenly losing their openldap server as a result of a 
simple uncaught USE flag change, "gets to keep the pieces", as the saying 
commonly goes.  Gentoo has /always/ been about reasonable documentation 
but has /never/ been about handholding.  We've never been afraid to point 
users who expect to be handheld or babysat to other distributions that 
are a more appropriate match to their expectations.

So yes, a news item is reasonable as it's arguably part of that "good 
documentation".  But in general, there's something wrong if we're unduly 
worrying about loss of functionality involving a USE flag change, or even 
a simple USE flag default change, because equally as arguably, anyone not 
catching such things with the --pretend/--ask they do BEFORE letting 
things just run, and/or not following up accordingly, really should be 
thinking about a distribution other than gentoo in the first place.  
That's a fact that's not really practical to change at this point, both 
because we haven't the manpower to do all the required handholding, and 
because it would make gentoo into something it's not, and something it 
was never intended to be.  Paraphrasing Star Trek's Bones, that would be 
"Gentoo, Jim, but not as we know it."

</mode>

-- 
Duncan - List replies preferred.   No HTML msgs.
"Every nonfree program has a lord, a master --
and if you use the program, he is your master."  Richard Stallman

Re: [gentoo-dev] Re: [RFC] Defaulting desktop profiles to net-nds/openldap[minimal]

[Michael Orlitzky]

On 12/01/2012 09:48 PM, Duncan wrote:
> Chí-Thanh Christopher Nguyễn posted on Sun, 02 Dec 2012 01:28:26 +0100 as
> excerpted:
> 
>> If this change is applied anyway, I suggest to at least produce a news
>> item in order to not surprise users about the sudden loss of their
>> openldap server.
> 
> I wouldn't object to a news item.  More information is good.
> 
> <mode=rant>
> 
> However, hasn't it always been gentoo policy to *STRONGLY* encourage 
> users to run emerge --pretend/--ask and EXAMINE THE RESULTS for anything 
> unexpected, and resolve it in one way or another to "expected", before 
> going ahead?
> 
> Thus, anyone suddenly losing their openldap server as a result of a 
> simple uncaught USE flag change, "gets to keep the pieces", as the saying 
> commonly goes.  Gentoo has /always/ been about reasonable documentation 
> but has /never/ been about handholding.  We've never been afraid to point 
> users who expect to be handheld or babysat to other distributions that 
> are a more appropriate match to their expectations.

We should! This is just an excuse for shitty QA. These things have real
consequences for real people.


> So yes, a news item is reasonable as it's arguably part of that "good 
> documentation".  But in general, there's something wrong if we're unduly 
> worrying about loss of functionality involving a USE flag change, or even 
> a simple USE flag default change, because equally as arguably, anyone not 
> catching such things with the --pretend/--ask they do BEFORE letting 
> things just run, and/or not following up accordingly, really should be 
> thinking about a distribution other than gentoo in the first place.  
> That's a fact that's not really practical to change at this point, both 
> because we haven't the manpower to do all the required handholding, and 
> because it would make gentoo into something it's not, and something it 
> was never intended to be.  Paraphrasing Star Trek's Bones, that would be 
> "Gentoo, Jim, but not as we know it."
> 
> </mode>
> 

I beat my wife, is it her fault she gets beaten for choosing to be with
me? Don't blame the victim.

Handholding != making an effort not to screw up people's systems. Even
with emerge --pretend, all I'm going to see is that the minimal flag
switched from off to on by default. Which I'll interpret as meaning,
"the minimal flag was changed so that openldap[minimal] today means what
openldap[-minimal] did yesterday."

Someone's going to reboot three months after this change and their whole
office is going to be down while they try to figure out why they don't
have an LDAP server. For even a small business, that could mean
thousands of dollars.

"Ha ha, you shouldn't have trusted me!" is not the appropriate response.

Re: [gentoo-dev] Re: [RFC] Defaulting desktop profiles to net-nds/openldap[minimal]

[Diego Elio Pettenò]

On 01/12/2012 19:44, Michael Orlitzky wrote:
> Someone's going to reboot three months after this change and their whole
> office is going to be down while they try to figure out why they don't
> have an LDAP server. For even a small business, that could mean
> thousands of dollars.
> 
> "Ha ha, you shouldn't have trusted me!" is not the appropriate response.

Erm, it might not be an appropriate response but ... to not check what
is going on is not an appropriate way to conduct a business anyway.

Especially not if you use a desktop profile on an LDAP server in
production ...

Seriously, if that's a scenario that you find yourself into often .. you
should consider changing habits.. drastically.

-- 
Diego Elio Pettenò — Flameeyes
flameeyes@flameeyes.eu — http://blog.flameeyes.eu/

Re: [gentoo-dev] Re: [RFC] Defaulting desktop profiles to net-nds/openldap[minimal]

[Michael Orlitzky]

On 12/01/2012 10:50 PM, Diego Elio Pettenò wrote:
> On 01/12/2012 19:44, Michael Orlitzky wrote:
>> Someone's going to reboot three months after this change and their whole
>> office is going to be down while they try to figure out why they don't
>> have an LDAP server. For even a small business, that could mean
>> thousands of dollars.
>>
>> "Ha ha, you shouldn't have trusted me!" is not the appropriate response.
> 
> Erm, it might not be an appropriate response but ... to not check what
> is going on is not an appropriate way to conduct a business anyway.
> 

The only way to know what's going on is to read the ebuild. And nobody
has the time to do that for every default USE flag change, especially
when you're managing multiple machines.

In this case, USE="-minimal" is really USE="make_it_work_at_all", for
anyone who installs openldap on purpose.


> Especially not if you use a desktop profile on an LDAP server in
> production ...
> 

Maybe his boss isn't good with the terminal, and makes him install GNOME
on the servers? Who knows. The profile name is just an arbitrary string
associated with a set of defaults. People do weird things. This is not
in itself proof that the admin is an idiot deserving of punishment.


> Seriously, if that's a scenario that you find yourself into often .. you
> should consider changing habits.. drastically.

It's fun to condescend from time to time, but you shouldn't use yourself
as the bar against which you measure everyone else. Up to a rounding
error, everyone using Gentoo knows less about it than you do. They
should be able to keep a system running, too.

Anyway, I'm fine with the change as long as there's a news item. I just
get annoyed with the "don't use Gentoo unless you like your stuff
broken" attitude.

Re: [gentoo-dev] Re: [RFC] Defaulting desktop profiles to net-nds/openldap[minimal]

[Diego Elio Pettenò]

On 01/12/2012 20:09, Michael Orlitzky wrote:
> The only way to know what's going on is to read the ebuild. And nobody
> has the time to do that for every default USE flag change, especially
> when you're managing multiple machines.
> 
> In this case, USE="-minimal" is really USE="make_it_work_at_all", for
> anyone who installs openldap on purpose.

Not really. Have you ever managed a network of multiple servers and
clients? It's extremely common to have USE=minimal on clients, and not
on servers, as that's what (most of the time) USE=minimal refers to.

> Maybe his boss isn't good with the terminal, and makes him install GNOME
> on the servers? Who knows. The profile name is just an arbitrary string
> associated with a set of defaults. People do weird things. This is not
> in itself proof that the admin is an idiot deserving of punishment.

The profile name is not "just an arbitrary string" — it's a description.
If you don't read and understand a description as easy as "desktop", I
reserve the right to think you're an idiot. You can reserve the right of
thinking whatever you want about me, but my opinion still stands.

I've had GNOME, or KDE, in many systems before that I wouldn't count as
"desktops" — you know how I handled them? Not going through the
"desktop" profile. Seriously.

> Anyway, I'm fine with the change as long as there's a news item. I just
> get annoyed with the "don't use Gentoo unless you like your stuff
> broken" attitude.

Guess what? I run Gentoo system in production and I also don't want them
to be broken. On the other hand I _do_ pay attention on what's going on,
especially because unless you install everything and the kitchen sink,
the updates on a weekly basis, for stable, are not that major.

Sure, sometimes I have to look up what an USE flag does (and no, most of
the time I don't have to read the ebuild, we have descriptions in
metadata.xml for a reason!), but most of the time everything is
extremely easy to set up, and I don't usually get overthrown by
defaults' changes.

Among others because for stuff I _really_ care about, I don't rely on
defaults but I set my flags explicitly (so yes I have a bunch of
packages that have -minimal in the package.use file).

And I'm not even arguing against adding a news item, it's fine by me
either way, but I don't like hearing lame excuses on either side. The
fact that something is not entirely clear is a good reason enough,
without having to come up with a sysadmin that is not understanding the
tools as an example.

If anything, what you just say would call for making openldap follow the
39 packages already out there using IUSE=+server, so that there is no
doubt that changing the default on desktop profile from USE=-minimal to
USE=-server means that _you're losing your server_.

Robin, how would you feel about that? It would also solve the issue of
USE=cxx depending on USE=!minimal right now (for not really any good
reason).

-- 
Diego Elio Pettenò — Flameeyes
flameeyes@flameeyes.eu — http://blog.flameeyes.eu/

Re: [gentoo-dev] Re: [RFC] Defaulting desktop profiles to net-nds/openldap[minimal]

[Dustin C. Hatch]

On 12/1/2012 22:21, Diego Elio Pettenò wrote:
> If anything, what you just say would call for making openldap follow the
> 39 packages already out there using IUSE=+server, so that there is no
> doubt that changing the default on desktop profile from USE=-minimal to
> USE=-server means that _you're losing your server_.
>
As a user and a sysadmin, I can say that I have had enough bad 
experiences with ebuilds using the "minimal" USE flag that I typically 
try to avoid it. There are so many different packages that have that 
flag, and in most of them, having it set usually ends up removing 
something I didn't expect. Personally, I would prefer to see the 
introduction of a "server" flag. That way, when I do updates, I know 
exactly what's going to change.

I also think the news item is a good idea. I know I don't always do a 
perfectly thorough job of it, but I do --pretend and go through the list 
before a world updates. Sometimes, though, I don't quite understand the 
USE changes. Especially with global flags like minimal or gtk, doing 
`equery uses package` isn't much help because the description is so 
generic. A news item would help reduce that confusion somewhat, 
especially if combined with the flag name change.

Just my $ 0.02

-- 
♫Dustin

Re: [gentoo-dev] Re: [RFC] Defaulting desktop profiles to net-nds/openldap[minimal]

[Michael Orlitzky]

On 12/01/2012 11:21 PM, Diego Elio Pettenò wrote:
> On 01/12/2012 20:09, Michael Orlitzky wrote:
>> The only way to know what's going on is to read the ebuild. And nobody
>> has the time to do that for every default USE flag change, especially
>> when you're managing multiple machines.
>>
>> In this case, USE="-minimal" is really USE="make_it_work_at_all", for
>> anyone who installs openldap on purpose.
> 
> Not really. Have you ever managed a network of multiple servers and
> clients? It's extremely common to have USE=minimal on clients, and not
> on servers, as that's what (most of the time) USE=minimal refers to.
> 

I have, and I have no idea what USE=minimal usually refers to, because
it differs wildly from package to package. I suspect most people know
even less than I do.


>> Maybe his boss isn't good with the terminal, and makes him install GNOME
>> on the servers? Who knows. The profile name is just an arbitrary string
>> associated with a set of defaults. People do weird things. This is not
>> in itself proof that the admin is an idiot deserving of punishment.
> 
> The profile name is not "just an arbitrary string" — it's a description.
> If you don't read and understand a description as easy as "desktop", I
> reserve the right to think you're an idiot. You can reserve the right of
> thinking whatever you want about me, but my opinion still stands.
> 
> I've had GNOME, or KDE, in many systems before that I wouldn't count as
> "desktops" — you know how I handled them? Not going through the
> "desktop" profile. Seriously.
> 

Everyone on this list knows this, I suppose. But it's unrealistic to
suppose that everyone does.


>> Anyway, I'm fine with the change as long as there's a news item. I just
>> get annoyed with the "don't use Gentoo unless you like your stuff
>> broken" attitude.
> 
> Guess what? I run Gentoo system in production and I also don't want them
> to be broken. On the other hand I _do_ pay attention on what's going on,
> especially because unless you install everything and the kitchen sink,
> the updates on a weekly basis, for stable, are not that major.
> 
> Sure, sometimes I have to look up what an USE flag does (and no, most of
> the time I don't have to read the ebuild, we have descriptions in
> metadata.xml for a reason!), but most of the time everything is
> extremely easy to set up, and I don't usually get overthrown by
> defaults' changes.
> 
> Among others because for stuff I _really_ care about, I don't rely on
> defaults but I set my flags explicitly (so yes I have a bunch of
> packages that have -minimal in the package.use file).
> 

$ cat /usr/portage/net-nds/openldap/metadata.xml

And most people don't even know that metadata.xml exists.

In my previous message, I said, "but you shouldn't use yourself
as the bar against which you measure everyone else." You've countered
with a list of things that you personally know and do, and therefore (as
they've become commonplace to you) expect everyone else to know and do.

Re: [gentoo-dev] Re: [RFC] Defaulting desktop profiles to net-nds/openldap[minimal]

[Diego Elio Pettenò]

On 01/12/2012 20:50, Michael Orlitzky wrote:
> And most people don't even know that metadata.xml exists.

But I do expect them to know `equery uses` like Dustin said. The fact
that some flags are not clearly described in metadata.xml is another
problem.

> In my previous message, I said, "but you shouldn't use yourself
> as the bar against which you measure everyone else." You've countered
> with a list of things that you personally know and do, and therefore (as
> they've become commonplace to you) expect everyone else to know and do.

It should be one of the first things you learn about Gentoo. And it
doesn't really seem to be something that is irresponsible to ask from
people.

Again, I'm not disagreeing with having a news item, and especially not
against replacing IUSE=minimal with something more explicit, but I do
disagree with the concept that we should triple-check each bullet to
make sure it's blank, because people point them at their groin and shoot.

-- 
Diego Elio Pettenò — Flameeyes
flameeyes@flameeyes.eu — http://blog.flameeyes.eu/

Re: [gentoo-dev] Re: [RFC] Defaulting desktop profiles to net-nds/openldap[minimal]

[Ian Stakenvicius]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

On 01/12/12 11:50 PM, Michael Orlitzky wrote:

> 
> $ cat /usr/portage/net-nds/openldap/metadata.xml
> 

euse -i 'minimal' |grep openldap

:)

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.19 (GNU/Linux)

iF4EAREIAAYFAlC7pq8ACgkQ2ugaI38ACPBMywEAqLFdn5zjXxOBWe6ylTnXwLCh
rEVEZ0d9SM8MZYCM75cBAK1CQ/e8lQbnBtNEfPMxvd/FuaNeTK3QI00Db7vQm+Kw
=4dSZ
-----END PGP SIGNATURE-----

Re: [gentoo-dev] Re: [RFC] Defaulting desktop profiles to net-nds/openldap[minimal]

[Peter Stuge]

Michael Orlitzky wrote:
> I just get annoyed with the "don't use Gentoo unless you like your
> stuff broken" attitude.

Don't confuse stuff changing with stuff breaking - they are very
different things.

In Gentoo stuff changes every single day. I heard that gentoo-x86
gets some number of commits per hour, or was it per minute..

Stuff generally doesn't change for changes sake, but because the
change is an overall improvement to Gentoo. Gentoo being source
based is also a big part of why there are so many and frequent
changes.

This means that anyone who wants to use Gentoo and have a system
which reliably does what they want it to do *need to pay attention*.

They need to pay attention to what happens upstream, and they need to
pay attention to what happens in Gentoo. Not by monitoring every
mailing list, but by monitoring what portage will do when they use
it, and by being sure that this is what they desire. USE flags are a
huge part of this. Guessing at what any USE flag means is no good, so
yes, sometimes it is needed to actually look at the ebuild to learn
what will happen. Personally I find ebuilds to be amazing as
documentation, because they are also the actual code.

I've built some Gentoo systems tailored to specific needs which work
great but which are not getting updated, because the sysadmins who
take care of those systems since they were deployed aren't
comfortable and efficient with Gentoo. That's fine - Gentoo is
clearly not a system for everyone.

But it *is* a fantastic system for those who are aware that a finely
tuned machine requires good care, and who are able and willing to
take such care, by being active in creation of their systems. It is
fantastic because it is so easy for Gentoo to change for the better,
which happens constantly.

I think USE=-server is a great way to change the ebuild for the
better. I don't care at all about a news item. They are generally
only annoying me. :)


//Peter

Re: [gentoo-dev] Re: [RFC] Defaulting desktop profiles to net-nds/openldap[minimal]

[Dale]

Peter Stuge wrote:
> Michael Orlitzky wrote:
>> I just get annoyed with the "don't use Gentoo unless you like your
>> stuff broken" attitude.
> Don't confuse stuff changing with stuff breaking - they are very
> different things.
>
> In Gentoo stuff changes every single day. I heard that gentoo-x86
> gets some number of commits per hour, or was it per minute..
>
> Stuff generally doesn't change for changes sake, but because the
> change is an overall improvement to Gentoo. Gentoo being source
> based is also a big part of why there are so many and frequent
> changes.
>
> This means that anyone who wants to use Gentoo and have a system
> which reliably does what they want it to do *need to pay attention*.
>
> They need to pay attention to what happens upstream, and they need to
> pay attention to what happens in Gentoo. Not by monitoring every
> mailing list, but by monitoring what portage will do when they use
> it, and by being sure that this is what they desire. USE flags are a
> huge part of this. Guessing at what any USE flag means is no good, so
> yes, sometimes it is needed to actually look at the ebuild to learn
> what will happen. Personally I find ebuilds to be amazing as
> documentation, because they are also the actual code.
>
> I've built some Gentoo systems tailored to specific needs which work
> great but which are not getting updated, because the sysadmins who
> take care of those systems since they were deployed aren't
> comfortable and efficient with Gentoo. That's fine - Gentoo is
> clearly not a system for everyone.
>
> But it *is* a fantastic system for those who are aware that a finely
> tuned machine requires good care, and who are able and willing to
> take such care, by being active in creation of their systems. It is
> fantastic because it is so easy for Gentoo to change for the better,
> which happens constantly.
>
> I think USE=-server is a great way to change the ebuild for the
> better. I don't care at all about a news item. They are generally
> only annoying me. :)
>
>
> //Peter
>
>


+1

As a regular desktop user, I know to look before updating.  If I don't
understand something, I search the mailing list in the past week or so
in case someone else has run into the issue, I search the forums but
most importantly, I also read this mailing list.  Generally changes are
talked about here first.  The others are my backups.  If none of those
answers my question, I don't update until I get a answer.  If needed, I
ask on the -user mailing list what something is for or what something
means.  Basically, it is up to me to educate myself about changes.

It has always been like this, when you update, do -p or -a first.  If
you blindly update, you get to fix it because it is your own fault for
the breakage.  Zac, he has done one heck of a job with portage giving us
information.  We can see USE flag changes and everything else BEFORE
emerge does anything.  If a person doesn't do that, they are going to
cause themselves trouble and they should only complain to themselves. 

Gentoo has never been a distro to hold a persons hand.  If a person
needs their hands held, they should have chosen another distro.  Gentoo
is not a hand holding distro.  It's just a distro that has great docs
for people to learn first, then update.   

This has been a users perspective.  Back to my hole.  ;-)

Dale

:-)  :-) 

-- 
I am only responsible for what I said ... Not for what you understood or how you interpreted my words!

Re: [gentoo-dev] Re: [RFC] Defaulting desktop profiles to net-nds/openldap[minimal]

[Alec Warner]

On Sat, Dec 1, 2012 at 9:27 PM, Peter Stuge <peter@stuge.se> wrote:
> Michael Orlitzky wrote:
>> I just get annoyed with the "don't use Gentoo unless you like your
>> stuff broken" attitude.
>
> Don't confuse stuff changing with stuff breaking - they are very
> different things.
>
> In Gentoo stuff changes every single day. I heard that gentoo-x86
> gets some number of commits per hour, or was it per minute..
>
> Stuff generally doesn't change for changes sake, but because the
> change is an overall improvement to Gentoo. Gentoo being source
> based is also a big part of why there are so many and frequent
> changes.
>
> This means that anyone who wants to use Gentoo and have a system
> which reliably does what they want it to do *need to pay attention*.

Anyone running any distro (that receives updates) needs to pay
attention. I manage thousands of Ubuntu machines (desktops, servers,
laptops, including ldap servers.) Screwups will happen.

At one point, Ubuntu pushed a pam package that broke ABI and caused
cron to not work. Cron broke..on thousands of my machines.

At one point, Ubuntu shipped a sendmail package that would cause data
loss in some edge cases that we happened to trigger, and a bunch of
emails were accidentally deleted.

At one point, Ubuntu shipped an nfs-utils package that would cause
your machine to hang if you had kerberos in your PAM stack, locked
your screen, and had a sec=krb5 NFS mounted homedirectory. The
solution was to ssh into the machine and kill the screensaver process,
or run kinit.

This is in the Ubuntu LTS, which once released, doesn't receive
updates that often (one per day perhaps..)
We certainly don't review them, as most of the are fine. Gentoo
receives updates at a much more rapid rate. Testing all the updates is
basically not possible. Understanding the updates is basically not
possible.

The proper way to have a 'rock solid' LDAP system is to realize the
above, that we live in an imperfect system, and manage your services
appropriately. As a sysadmin, that means you schedule a maintenance
window for your openLDAP stuff; so your users know it might be down,
and why. That means you build binpkgs, so you can easily revert if
something goes wrong. That means you have a test server. That means
you have two production servers, behind anycast, or a loadbalancer;
you take the first one down, do the upgrade, test, and then restore to
production, then do the second server. If the first server fails
testing, you still have the working server to tide you over.

>
> They need to pay attention to what happens upstream, and they need to
> pay attention to what happens in Gentoo. Not by monitoring every
> mailing list, but by monitoring what portage will do when they use
> it, and by being sure that this is what they desire. USE flags are a
> huge part of this. Guessing at what any USE flag means is no good, so
> yes, sometimes it is needed to actually look at the ebuild to learn
> what will happen. Personally I find ebuilds to be amazing as
> documentation, because they are also the actual code.
>
> I've built some Gentoo systems tailored to specific needs which work
> great but which are not getting updated, because the sysadmins who
> take care of those systems since they were deployed aren't
> comfortable and efficient with Gentoo. That's fine - Gentoo is
> clearly not a system for everyone.
>
> But it *is* a fantastic system for those who are aware that a finely
> tuned machine requires good care, and who are able and willing to
> take such care, by being active in creation of their systems. It is
> fantastic because it is so easy for Gentoo to change for the better,
> which happens constantly.
>
> I think USE=-server is a great way to change the ebuild for the
> better. I don't care at all about a news item. They are generally
> only annoying me. :)
>
>
> //Peter
>

Re: [gentoo-dev] Re: [RFC] Defaulting desktop profiles to net-nds/openldap[minimal]

[Peter Stuge]

Alec Warner wrote:
> Testing all the updates is basically not possible. Understanding
> the updates is basically not possible.

I think it's very possible to understand updates which are important
for the system.

Of course it is a lot of work if it is to be done every day. I would
not update systems every day.


> manage your services appropriately

Absolutely. No distribution can compensate for lacking process.

The .se registry published a .se.se zone once, and got cake.


Michael Orlitzky wrote:
> At the very least, my company has to pay my salary. If I were to spend
> a week reading the ebuilds for every update I do, that would also waste
> thousands of dollars of their money.

Part of the job is IMO to know which packages are important and to
look at those carefully. That's not a waste of money, that's what
they pay you to do, if your job is to keep things running.


> There seems to be a vocal minority of hipsters who want Gentoo to remain
> "hard" so that they can use it ironically.

Am I a hipster? That would be funny. Thanks for the trolling.

It is important for me that Gentoo remains powerful. This means that
Gentoo will by definition be more complex, or more difficult, or
harder, than other distributions which are less powerful, because the
power means needing to know more about what Gentoo is taking care of.


> There isn't anything inherently difficult about Gentoo.

I disagree completely. Being source based indeed makes Gentoo
inherently difficult for everyone who is not experienced with using
package sources.

Gentoo adds the amazing USE flags value to help with this, but there
are countless administrators who are simply not comfortable and
efficient with Gentoo. That is fine.

In order to not make a mess of their systems they would need to learn
new things (or they would already be comfortable and efficient) and
if they can not or do not want to do that then Gentoo isn't a very
good tool for them.


> And the Gentoo that you know and love isn't going "soft" if it
> warns people that their LDAP servers might go away.

I think a USE change does that really well.


//Peter

Re: [gentoo-dev] Re: [RFC] Defaulting desktop profiles to net-nds/openldap[minimal]

[Dale]

Michael Orlitzky wrote:
> On 12/01/2012 09:48 PM, Duncan wrote:
>> Chí-Thanh Christopher Nguyễn posted on Sun, 02 Dec 2012 01:28:26 +0100 as
>> excerpted:
>>
>>> If this change is applied anyway, I suggest to at least produce a news
>>> item in order to not surprise users about the sudden loss of their
>>> openldap server.
>> I wouldn't object to a news item.  More information is good.
>>
>> <mode=rant>
>>
>> However, hasn't it always been gentoo policy to *STRONGLY* encourage 
>> users to run emerge --pretend/--ask and EXAMINE THE RESULTS for anything 
>> unexpected, and resolve it in one way or another to "expected", before 
>> going ahead?
>>
>> Thus, anyone suddenly losing their openldap server as a result of a 
>> simple uncaught USE flag change, "gets to keep the pieces", as the saying 
>> commonly goes.  Gentoo has /always/ been about reasonable documentation 
>> but has /never/ been about handholding.  We've never been afraid to point 
>> users who expect to be handheld or babysat to other distributions that 
>> are a more appropriate match to their expectations.
> We should! This is just an excuse for shitty QA. These things have real
> consequences for real people.
>

Normal user posting ahead:

I don't see it as a QA problem.  I see it as the person sitting in the
chair not knowing what they are doing.  Gentoo has never been a 'hand
holding' distro.  The info is given before the update, it is up to the
person in the chair to notice the changes and adjust IF needed. 

>> So yes, a news item is reasonable as it's arguably part of that "good 
>> documentation".  But in general, there's something wrong if we're unduly 
>> worrying about loss of functionality involving a USE flag change, or even 
>> a simple USE flag default change, because equally as arguably, anyone not 
>> catching such things with the --pretend/--ask they do BEFORE letting 
>> things just run, and/or not following up accordingly, really should be 
>> thinking about a distribution other than gentoo in the first place.  
>> That's a fact that's not really practical to change at this point, both 
>> because we haven't the manpower to do all the required handholding, and 
>> because it would make gentoo into something it's not, and something it 
>> was never intended to be.  Paraphrasing Star Trek's Bones, that would be 
>> "Gentoo, Jim, but not as we know it."
>>
>> </mode>
>>
> I beat my wife, is it her fault she gets beaten for choosing to be with
> me? Don't blame the victim.

If she chooses to stay with you, then she lives with that choice.  She
may be the victim but she chose to stay and that is her decision.  Maybe
she likes it that way.  Who knows. 

>
> Handholding != making an effort not to screw up people's systems. Even
> with emerge --pretend, all I'm going to see is that the minimal flag
> switched from off to on by default. Which I'll interpret as meaning,
> "the minimal flag was changed so that openldap[minimal] today means what
> openldap[-minimal] did yesterday."
>
> Someone's going to reboot three months after this change and their whole
> office is going to be down while they try to figure out why they don't
> have an LDAP server. For even a small business, that could mean
> thousands of dollars.
>
> "Ha ha, you shouldn't have trusted me!" is not the appropriate response.
>
>

If you see the flag changing, best find out what that change is about
BEFORE you update.  I do this every time I update.  I check USE flag
changes, upgrade/downgrade and anything else Zac has done to help me see
what is coming.  A news item is fine to give additional notice but it is
still up to the person in the chair. 

As a user, I don't expect Gentoo to hold my hand like I am a 3 year old
crossing the road.  If a person needs that hand holding, maybe Gentoo is
not for them.  There are plenty of distros that hold your hand while you
cross the road. 

Dale

:-)  :-) 

-- 
I am only responsible for what I said ... Not for what you understood or how you interpreted my words!

[gentoo-dev] Re: [RFC] Defaulting desktop profiles to net-nds/openldap[minimal]

[Duncan]

Michael Orlitzky posted on Sat, 01 Dec 2012 22:44:36 -0500 as excerpted:

> On 12/01/2012 09:48 PM, Duncan wrote:

>> So yes, a news item is reasonable as it's arguably part of that "good
>> documentation".  But in general, there's something wrong if we're
>> unduly worrying about loss of functionality involving a USE flag
>> change, or even a simple USE flag default change, because equally as
>> arguably, anyone not catching such things with the --pretend/--ask they
>> do BEFORE letting things just run, and/or not following up accordingly,
>> really should be thinking about a distribution other than gentoo in the
>> first place.

> I beat my wife, is it her fault she gets beaten for choosing to be with
> me? Don't blame the victim.
> 
> Handholding != making an effort not to screw up people's systems. Even
> with emerge --pretend, all I'm going to see is that the minimal flag
> switched from off to on by default. Which I'll interpret as meaning,
> "the minimal flag was changed so that openldap[minimal] today means what
> openldap[-minimal] did yesterday."

As others have mentioned, equery u[ses] openldap .

Anyone who doesn't know gentoo equery (or similar alternative) basics 
like that really should be looking at a different distro, for the safety 
and health of their own system, and thus their own health and sanity.  
It's part of checking out what that USE flag change actually MEANS to 
them as a gentoo user and gentoo system sysadmin.

Of course, whether individual global flags have appropriate per-package 
descriptions is another question entirely.  Unfortunately, openldap 
doesn't appear to have a local description for the minimal USE flag, and 
the global description really is NOT adequate if the flag is as important 
as this discussion indicates it is.  That would be a bug in the package, 
one I'd rate as CRITICAL, given that a change in the value of the flag is 
here being rated as CRITICAL.  I wonder why there's still no such local 
description for such a critical flag?

Unless the maintainer doesn't judge it that critical after all.

But that's the bug.  Either the flag is critical, or its not.  If it is, 
why isn't there a local description warning how critical it is.  If it's 
not, why this big discussion about changing its default value?

But it's exactly this sort of bug that has users who really CARE about 
their system having to look in the ebuilds (or worse yet, look it up in 
an N'th level inherited eclass, piecing together the value of variables 
at runtime by manual logic trace, etc...) to trace the REAL effect of a 
flag.  And even then, sometimes there's no substitute for doing an 
ebuild ... unpack, then running configure --help in the appropriate dir 
(or looking at the various auto* files), to see what the configure 
description actually is for the thing.

Actually, I have a bug open at this very moment about a new ambiguous USE 
flag, USE=fma, in the new sci-libs/fftw-3.3.3 ebuild.  My bdver1 has 
fma4, but not fma3.  Does it apply?  I checked the flag description, no 
help.  I checked the ebuild, it just use_enables fma.  On the bug, I've 
actually tested and found it works for my fma4 hardware, and I've posted 
on the amd64 list asking someone with fma3 (probably an amd trinity apu 
machine, at this point) to test it as well.

https://bugs.gentoo.org/show_bug.cgi?id=445053

Hopefully we'll get a description that unambiguously states that it works 
for both fma3 and fma4 out of that bug; either that or the flag will 
change to presumably fma4, if it only works for fma4 (which I've tested) 
and not fma3.

Now obviously I don't expect most users to go to /that/ level.  I'd 
expect most users to simply leave the flag disabled if they're unsure.  
But I WOULD expect most users to SEE the new flag, and investigate at 
least far enough to see that they can simply leave it off if they don't 
know whether their system has fma or not.  The result might be a bit 
slower, but it'll work, whereas if they don't have the hardware and turn 
it on, things might not work.

And I'd argue that if they don't care at LEAST enough to investigate to 
see that the new version will work, either they judge the package not 
critical enough to their system operation to worry about, or they really 
SHOULD be looking at a different distro, because they simply don't CARE 
(or even want to care) enough about their system to safely run gentoo.  
There's other distros where such decisions are made for them and they 
don't /have/ to care.  Gentoo isn't one of them, nor, I'd argue, SHOULD 
it be.

> Someone's going to reboot three months after this change and their whole
> office is going to be down while they try to figure out why they don't
> have an LDAP server. For even a small business, that could mean
> thousands of dollars.

If it's thousands of dollars at stake, then anybody caring about it will 
surely have taken appropriate measures.  Another way of stating that is 
that if they have NOT taken such measures, then by definition, they do 
not CARE about the possibility of losing those thousands of dollars!

This isn't a new concept.  It's the SAME concept that admins are used to 
dealing with in terms of evaluating whether their backups are 
sufficient.  Yes, people get caught out all the time when things fail and 
they find out their backup (if any) failed as well, because they never 
actually tested it, but that's not the distro's problem, nor even the 
backup device manufacturer's problem, if they weren't following the 
instructions including the test the backup instructions.

> "Ha ha, you shouldn't have trusted me!" is not the appropriate response.

In this case like the backup case, it's more like, <shaking head> "Too 
bad, the documentation was there, but they didn't read and they didn't 
test before deploying in production.  If they'd only done so...  
Hopefully they can learn from it and next time they'll be prepared, 
because there WILL be a next time."

It's worth noting that "learning from it" may involve EITHER adapting 
their practices to reality, OR switching to a distro more appropriately 
matched to their use case.  Gentoo isn't for everyone, nor can it be and 
still be what we know as gentoo.  There's no shame in admitting that and 
encouraging those for whom it's a bad match to go elsewhere... with our 
blessings! =:^)

Meanwhile, my own approach on my own systems is, it's MY system and MY 
life (or at least ease and comfort) at stake.  Yes, I trust gentoo devs 
not to do anything /insane/, but USE flag changes as they normally appear 
aren't insane, they're simply routine, and checking what those changes 
are all about should be just as routine as the changes themselves.  I 
trust gentoo devs to keep their end of the bargain and not change what a 
flag actually does;  I trust MYSELF to use the tools made available to me 
to detect a change in flags and to act accordingly, because gentoo devs 
don't know my system, my needs, or my customizations, neither should they 
be expected to know them.  As a gentoo user, which in this context means 
sysadmin of a gentoo system, that's *MY* job.

When package aspects of that customization in the form of USE flags 
change, portage is very good about displaying and even color-coding the 
proposed changes, so I can take a look and see how they affect me, and as 
I said, change anything /unexpected/ to /expected/ in the results, before 
I give portage the go-ahead to actually do it.

If I choose to bypass or ignore that display, that's my responsibility, 
and nobody but me bears the blame.

-- 
Duncan - List replies preferred.   No HTML msgs.
"Every nonfree program has a lord, a master --
and if you use the program, he is your master."  Richard Stallman

Re: [gentoo-dev] Re: [RFC] Defaulting desktop profiles to net-nds/openldap[minimal]

[Michael Orlitzky]

On 12/02/2012 04:40 AM, Duncan wrote:
> 
> As others have mentioned, equery u[ses] openldap .
> 

Does nothing in this case.


> Actually, I have a bug open at this very moment about a new ambiguous USE 
> flag, USE=fma, in the new sci-libs/fftw-3.3.3 ebuild.  My bdver1 has 
> fma4, but not fma3.  Does it apply?  I checked the flag description, no 
> help.  I checked the ebuild, it just use_enables fma.  On the bug, I've 
> actually tested and found it works for my fma4 hardware, and I've posted 
> on the amd64 list asking someone with fma3 (probably an amd trinity apu 
> machine, at this point) to test it as well.
> 
> https://bugs.gentoo.org/show_bug.cgi?id=445053
> 
> Hopefully we'll get a description that unambiguously states that it works 
> for both fma3 and fma4 out of that bug; either that or the flag will 
> change to presumably fma4, if it only works for fma4 (which I've tested) 
> and not fma3.
> 
> Now obviously I don't expect most users to go to /that/ level.  I'd 
> expect most users to simply leave the flag disabled if they're unsure.  
> But I WOULD expect most users to SEE the new flag, and investigate at 
> least far enough to see that they can simply leave it off if they don't 
> know whether their system has fma or not.  The result might be a bit 
> slower, but it'll work, whereas if they don't have the hardware and turn 
> it on, things might not work.

I think you have Stockholm syndrome. I've updated thousands of packages
this month. I cannot do this for each one, and even if I could, there's
a huge (unnecessary) opportunity cost to doing so.

At the very least, my company has to pay my salary. If I were to spend a
week reading the ebuilds for every update I do, that would also waste
thousands of dollars of their money.

I don't buy the false dichotomy that I should leave Gentoo rather than
trust things not to break without warning.


> Gentoo isn't for everyone, nor can it be and still be what we know as gentoo.

This is really what I have a problem with, the openldap issue aside.
There seems to be a vocal minority of hipsters who want Gentoo to remain
"hard" so that they can use it ironically. The silent majority just want
as many things to work as possible with as little effort as possible.

This attitude not only gives Gentoo a bad reputation (see, for example,
any distro thread on r/linux), but makes it hard to retain new users and
contributors. Whenever something stupid breaks for no reason, there's
always someone there to say "maybe Gentoo isn't for you." And some of
those people leave.

There isn't anything inherently difficult about Gentoo. Bad decisions by
humans are what can make it hard to use[1], not anything fundamental to
its nature. And the Gentoo that you know and love isn't going "soft" if
it warns people that their LDAP servers might go away.



[1] Please, no one take this as criticism. Things are in general wonderful.

Re: [gentoo-dev] Re: [RFC] Defaulting desktop profiles to net-nds/openldap[minimal]

[Diego Elio Pettenò]

On 02/12/2012 08:02, Michael Orlitzky wrote:
> I think you have Stockholm syndrome. I've updated thousands of packages
> this month. I cannot do this for each one, and even if I could, there's
> a huge (unnecessary) opportunity cost to doing so.

Sorry but there is no way you could have updated thousands of packages
_in stable_ at least not for a single system, this month (and I take it
as November, rather than December).

I have four differently-configured servers in front of me, and none had
more than 51 packages installed on it during the course of November —
and this is with quite a few packages being updated more often (Icinga
and Munin) because I've been working on them.

As I said in the other messages, I agree that we can do better – and
going with USE=server to me looks like going better – but I don't buy
the strawmen arguments that we have to cover for the totally unskilled
sysadmin that thinks he can run Gentoo in production and can't even see
what the updates are. So please drop it.

-- 
Diego Elio Pettenò — Flameeyes
flameeyes@flameeyes.eu — http://blog.flameeyes.eu/

Re: [gentoo-dev] Re: [RFC] Defaulting desktop profiles to net-nds/openldap[minimal]

[Michael Orlitzky]

On 12/02/2012 11:19 AM, Diego Elio Pettenò wrote:
> On 02/12/2012 08:02, Michael Orlitzky wrote:
>> I think you have Stockholm syndrome. I've updated thousands of packages
>> this month. I cannot do this for each one, and even if I could, there's
>> a huge (unnecessary) opportunity cost to doing so.
> 
> Sorry but there is no way you could have updated thousands of packages
> _in stable_ at least not for a single system, this month (and I take it
> as November, rather than December).
> 

If this was a single system, I wouldn't be wasting your time.


> I have four differently-configured servers in front of me, and none had
> more than 51 packages installed on it during the course of November —
> and this is with quite a few packages being updated more often (Icinga
> and Munin) because I've been working on them.
> 
> As I said in the other messages, I agree that we can do better – and
> going with USE=server to me looks like going better – but I don't buy
> the strawmen arguments that we have to cover for the totally unskilled
> sysadmin that thinks he can run Gentoo in production and can't even see
> what the updates are. So please drop it.
> 

The USE=server solution is fine with me; the whole openldap thing was
really tangential to the point I was trying to make. And for some reason
it's not as fun to argue in the morning as it is at 2am, so thanks for
working on it, it's dropped =)

Re: [gentoo-dev] Re: [RFC] Defaulting desktop profiles to net-nds/openldap[minimal]

[Pacho Ramos]

[-- Attachment #1: Type: text/plain, Size: 405 bytes --]

El dom, 02-12-2012 a las 11:54 -0500, Michael Orlitzky escribió:
[...]
> The USE=server solution is fine with me; the whole openldap thing was
> really tangential to the point I was trying to make. And for some reason
> it's not as fun to argue in the morning as it is at 2am, so thanks for
> working on it, it's dropped =)
> 

Didn't see 'server solution' before, that also looks fine to me ;)

[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 198 bytes --]

[gentoo-dev] Re: [RFC] Defaulting desktop profiles to net-nds/openldap[minimal]

[Duncan]

Michael Orlitzky posted on Sun, 02 Dec 2012 11:02:09 -0500 as excerpted:

> On 12/02/2012 04:40 AM, Duncan wrote:
>> 
>> As others have mentioned, equery u[ses] openldap .
>> 
>> 
> Does nothing in this case.

It gives the global description, which as I said elsewhere, for a flag 
that's as critical as people are saying this one is, is an equally 
critical bug.

So that critical bug should be fixed.  It's trivial to fix, but solves 
that problem.

I *WOULD* suggest that the default for the package *NOT* be changed as 
long as the description is as global-fuzzy as this one is, as critical as 
it is, but the changes could be made at the same time.  No problem.

>> Actually, I have a bug open at this very moment about a new ambiguous
>> USE flag, USE=fma, in the new sci-libs/fftw-3.3.3 ebuild.  My bdver1
>> has fma4, but not fma3.  Does it apply?  I checked the flag
>> description, no help.  I checked the ebuild, it just use_enables fma. 
>> On the bug, I've actually tested and found it works for my fma4
>> hardware, and I've posted on the amd64 list asking someone with fma3
>> (probably an amd trinity apu machine, at this point) to test it as
>> well.
>> 
>> https://bugs.gentoo.org/show_bug.cgi?id=445053

>> Now obviously I don't expect most users to go to /that/ level.

> I think you have Stockholm syndrome. I've updated thousands of packages
> this month. I cannot do this for each one, and even if I could, there's
> a huge (unnecessary) opportunity cost to doing so.

As others have pointed out, if you've updated thousands of packages, it's 
the same packages many times on quite a number of machines.

You investigate once, on the first upgrade, probably a test deployment if 
it's a business with business-critical machines.  After that you know 
what the change is and how it's going to affect other machines you 
update, without duplicating the investigation for each one.

What kind of admin would insist that they had to do the SAME 
investigation for the SAME package upgrade on each of 100 machines he 
administers, many of which have very similar configurations and installed 
package sets?  Yet that's effectively EXACTLY what you're arguing.

Someone else said 50-some packages upgraded, stable, one month.  That's 
few enough to investigate just the USE flag changes and news items on 
each of those 50 packages, one investigation per change, spending quite 
some time on each change since a lot of those upgrades won't have ANY 
changes, and still do it in a few hours (maybe half a day twice) a month.

Meanwhile, if you're handling that many machines, I'd recommend setting 
up similar config sets with the same flags on each, and doing binpkgs.  
Then you upgrade the first one, building the binpkgs in the process, then 
after testing the upgrade, transfer any config changes necessary on that 
first test upgrade to the others, then binpkg upgrade the others.

> At the very least, my company has to pay my salary. If I were to spend a
> week reading the ebuilds for every update I do, that would also waste
> thousands of dollars of their money.

Yes, if you're spending a week doing it, it WOULD be a waste.  Do the 
investigation for every package change ONCE, apply the knowledge a 
hundred or a thousand times over (perhaps with a different application on 
different configs, but that doesn't mean you have to investigate what the 
change /is/ again!), and you're probably under an 8-hour day's 
investigation for the entire month.  The rest of the time you're simply 
applying what you found out with the investigation you did the first time 
you did that same package upgrade and came across that same change.

Even on ~arch doing updates a couple times a week, investigating both 
THOSE changes, AND checking -rX bump changelogs to see what triggered the 
-rX bump, AND tracking git whatchanged for the three overlays I run, AND 
tracking git whatchanged for the few live packages I run, and even with 
the obsession I have at doing so, I'd estimate it's STILL not over 8 
hours of investigation a month, on average.

And you're saying it would take you a week?  For fewer package changes 
since you're presumably on stable or at least not running overlays and 
tracking live-git changes?  Yes, that's a waste.  But I'm not SAYING take 
a week to do it.  I'm saying apply the investigation done on the FIRST 
machine upgraded, to ALL of them.  Even where the configs differ and you 
make different changes as a result, you can still use the knowledge 
gained from the investigation on the first upgrade, on subsequent 
upgrades.

> I don't buy the false dichotomy that I should leave Gentoo rather than
> trust things not to break without warning.

The false dichotomy would be between having to spend a week, repeating 
the same perhaps 20 investigations over and over thousands of times, just 
to keep reasonable tabs on what's going on with your updates in terms of 
config changes, and having to leave gentoo because you /can't/ spend a 
week a month doing what /should/ take a day (or less), if you applied the 
knowledge from the first time you upgraded a package to all the /other/ 
times you did the /same/ package upgrade with the /same/ change in USE 
flags, etc, to deal with.

-- 
Duncan - List replies preferred.   No HTML msgs.
"Every nonfree program has a lord, a master --
and if you use the program, he is your master."  Richard Stallman

Re: [gentoo-dev] Re: [RFC] Defaulting desktop profiles to net-nds/openldap[minimal]

[Rich Freeman]

Lots of people wrote:
> Various good points.

Keep in mind that Gentoo users, even sysadmins, aren't expected to
read -dev.  That means that when things like profile changes happen
they have no idea why, or what the impact will be.

That's why we have news.  It seems like we put out all of about 3 news
messages a year, so the average sysadmin is hardly barraged by them
(unlike often-redundant elog messages).

There is no harm in sending out the odd message.  If our news becomes
bothersome I'm sure we'll hear about it, but many users come to Gentoo
because of our documentation, not because they like surprises.

Sure, no need to handhold, but educated articles for educated readers
is just good user relations.

All that said, I'd really encourage any Gentoo user to at least follow
planet.  There is little that is posted there that a Gentoo user
wouldn't find interesting, and often it works out as a decent
substitute for news.

Rich

Re: [gentoo-dev] Re: [RFC] Defaulting desktop profiles to net-nds/openldap[minimal]

[Chí-Thanh Christopher Nguyễn]

Duncan schrieb:
> However, hasn't it always been gentoo policy to *STRONGLY* encourage 
> users to run emerge --pretend/--ask and EXAMINE THE RESULTS for anything 
> unexpected, and resolve it in one way or another to "expected", before 
> going ahead?
> 
> Thus, anyone suddenly losing their openldap server as a result of a 
> simple uncaught USE flag change, "gets to keep the pieces", as the saying 
> commonly goes.  Gentoo has /always/ been about reasonable documentation 
> but has /never/ been about handholding.  We've never been afraid to point 
> users who expect to be handheld or babysat to other distributions that 
> are a more appropriate match to their expectations.

In the days before we started playing fast and loose with profiles, this
change would have been confined to an "under development" profile, and users
would need to explicitly switch to that. After some time, the old profile
would become unsupported and users told to use the new profile.

But today that practice is typically not considered for profile changes any more.


Best regards,
Chí-Thanh Christopher Nguyễn

Re: [gentoo-dev] [RFC] Defaulting desktop profiles to net-nds/openldap[minimal]

[Michał Górny]

[-- Attachment #1: Type: text/plain, Size: 915 bytes --]

On Sat, 01 Dec 2012 15:16:49 -0800
Diego Elio Pettenò <flameeyes@flameeyes.eu> wrote:

> So Thomáš posted today [1] that the new LibreOffice 4 is going to _need_
> an LDAP provider in the future because they are not going to keep it
> optional as it is now. Right now, the only provider we have in portage
> (as far as me and him can tell) is openldap (although mozldap also exists).
> 
> This made me cringe for a moment because I really don't want to have the
> OpenLDAP server installed on my laptops, but then I realize that there
> _is_ a minimal USE flag that only installs the library. But of course,
> that's not the default.

How about splitting the ebuild into separate library and server
and fixing the deps? It would be cleaner for people, and we'd just
release a news message that those who need an LDAP server, need to put
it in their @world.

-- 
Best regards,
Michał Górny

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 316 bytes --]

Re: [gentoo-dev] [RFC] Defaulting desktop profiles to net-nds/openldap[minimal]

[Diego Elio Pettenò]

[-- Attachment #1: Type: text/plain, Size: 452 bytes --]

On 02/12/2012 00:43, Michał Górny wrote:
> How about splitting the ebuild into separate library and server
> and fixing the deps? It would be cleaner for people, and we'd just
> release a news message that those who need an LDAP server, need to put
> it in their @world.

How about no? Split packages are a pain for maintainers and users alike.

-- 
Diego Elio Pettenò — Flameeyes
flameeyes@flameeyes.eu — http://blog.flameeyes.eu/


[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 553 bytes --]

Re: [gentoo-dev] [RFC] Defaulting desktop profiles to net-nds/openldap[minimal]

[Michał Górny]

[-- Attachment #1: Type: text/plain, Size: 761 bytes --]

On Sun, 02 Dec 2012 07:58:29 -0800
Diego Elio Pettenò <flameeyes@flameeyes.eu> wrote:

> On 02/12/2012 00:43, Michał Górny wrote:
> > How about splitting the ebuild into separate library and server
> > and fixing the deps? It would be cleaner for people, and we'd just
> > release a news message that those who need an LDAP server, need to put
> > it in their @world.
> 
> How about no? Split packages are a pain for maintainers and users alike.

For users? Since when a correctly split package is a pain for user?

I'd say rather USE-deps are painful; when you have to manually switch
USE flags because of deps and rebuild packages. Automatically pulled in
separate package solves the case much better.

-- 
Best regards,
Michał Górny

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 316 bytes --]

Re: [gentoo-dev] [RFC] Defaulting desktop profiles to net-nds/openldap[minimal]

[Diego Elio Pettenò]

[-- Attachment #1: Type: text/plain, Size: 573 bytes --]

On 02/12/2012 08:20, Michał Górny wrote:
> For users? Since when a correctly split package is a pain for user?

Funny I think you would have guessed... let's say, a Poppler split that
every other update would fail in the middle leaving a system completely
unable to start a PDF viewer without crashing, and requiring manual
intervention to get rid of the new libraries and downgrade?

Of course it's not my call, but my suggestion is forget about split
packages.

-- 
Diego Elio Pettenò — Flameeyes
flameeyes@flameeyes.eu — http://blog.flameeyes.eu/


[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 553 bytes --]

Re: [gentoo-dev] [RFC] Defaulting desktop profiles to net-nds/openldap[minimal]

[Michał Górny]

[-- Attachment #1: Type: text/plain, Size: 678 bytes --]

On Sun, 02 Dec 2012 08:23:30 -0800
Diego Elio Pettenò <flameeyes@flameeyes.eu> wrote:

> On 02/12/2012 08:20, Michał Górny wrote:
> > For users? Since when a correctly split package is a pain for user?
> 
> Funny I think you would have guessed... let's say, a Poppler split that
> every other update would fail in the middle leaving a system completely
> unable to start a PDF viewer without crashing, and requiring manual
> intervention to get rid of the new libraries and downgrade?
> 
> Of course it's not my call, but my suggestion is forget about split
> packages.

And when was poppler split a library/server split?

-- 
Best regards,
Michał Górny

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 316 bytes --]

Re: [gentoo-dev] [RFC] Defaulting desktop profiles to net-nds/openldap[minimal]

[Diego Elio Pettenò]

[-- Attachment #1: Type: text/plain, Size: 650 bytes --]

On 02/12/2012 08:48, Michał Górny wrote:
> And when was poppler split a library/server split?

Okay, listen, I tried to tell you this, before, a number of times:
repeating your same line ad nauseam is _not_ going to convince me that
you're right.

When I'm telling you I don't like your idea, you can repeat it 20 times
and waste our time 20 times, or you can get the clue, and see if someone
else agrees with your or not.

The only thing that bothers me right now is that I'm not allowed to just
plonkfile you, but I'm very tempted to.

-- 
Diego Elio Pettenò — Flameeyes
flameeyes@flameeyes.eu — http://blog.flameeyes.eu/


[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 553 bytes --]

Re: [gentoo-dev] [RFC] Defaulting desktop profiles to net-nds/openldap[minimal]

[Tomáš Chvátal]

2012/12/2 Michał Górny <mgorny@gentoo.org>:
> And when was poppler split a library/server split?
>
I think it was 2k8 or so, before the kde team took over its maintenance.

Re: [gentoo-dev] [RFC] Defaulting desktop profiles to net-nds/openldap[minimal]

[Pacho Ramos]

[-- Attachment #1: Type: text/plain, Size: 717 bytes --]

El dom, 02-12-2012 a las 07:58 -0800, Diego Elio Pettenò escribió:
> On 02/12/2012 00:43, Michał Górny wrote:
> > How about splitting the ebuild into separate library and server
> > and fixing the deps? It would be cleaner for people, and we'd just
> > release a news message that those who need an LDAP server, need to put
> > it in their @world.
> 
> How about no? Split packages are a pain for maintainers and users alike.
> 

Maybe the easiest option would be to keep current defaults and simply
include a news item when libreoffice starts to pull in openldap on a lot
of systems remembering admins that they can safely enable minimal USE
flag for openldap if they won't use server capabilities

[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 198 bytes --]

Re: [gentoo-dev] [RFC] Defaulting desktop profiles to net-nds/openldap[minimal]

[Walter Dnes]

On Sun, Dec 02, 2012 at 11:16:16PM +0100, Pacho Ramos wrote

> Maybe the easiest option would be to keep current defaults and simply
> include a news item when libreoffice starts to pull in openldap
> on a lot of systems remembering admins that they can safely enable
> minimal USE flag for openldap if they won't use server capabilities

  Howsabout following the same protocol as with CXX/NOCXX?  In the past,
portage would pick a default if neither was specified.  That was changed
to require a value, or else portage came to a screeching halt and spit
out a message telling you that you have to set one of them.  Set up 2
local USE flags "loldapsrv" and "nololdapsrv".  Pseudocode...

IF "loldapsrv" then
  build libreoffice with full ldapserver
ELSE IF "nololdapsrv" then
  build libreoffice with ldap client libraries only, removing the server
  portion if it already exists
ELSE
  stop the build and spit out an error message.  Explain the 2 previous
  options in the error message
END IF

  Send out a news item a week or 2 in advance, telling people to set the
appropriate USE variable, and what it does.  The people who read and act
on news items would have no hiccups at all.  Those who miss it would
have a one-time inconvenience, but at least their systems wouldn't be
"automagically" screwed up.

-- 
Walter Dnes <waltdnes@waltdnes.org>

Re: [gentoo-dev] [RFC] Defaulting desktop profiles to net-nds/openldap[minimal]

[Diego Elio Pettenò]

On 02/12/2012 15:34, Walter Dnes wrote:
>   Howsabout following the same protocol as with CXX/NOCXX?  In the past,
> portage would pick a default if neither was specified.

You don't know what you're talking about I'm afraid.

Before we had USE defaults (i.e. IUSE="+cxx") we had a nocxx (negative)
flags — this was not recommended, but needed because we lacked a way to
specify "we want C++ unless otherwise stated" — especially so because
sys-devel/gcc[nocxx] would not be able to build or run any C++ program
_at all_.

Now that we have USE defaults, we have ebuilds with IUSE="+cxx" to
specify that C++ support is desired unless the user (or the profile) is
explicitly disabling it.

Which is exactly what I proposed with moving to IUSE="+server" instead
of the current IUSE="minimal" to handle server installation.

And this wouldn't go through "two weeks" of notice, but more "one month
for stabling", since it would be a revision bump — and that should still
give us time enough for this to hit before LibreOffice.

-- 
Diego Elio Pettenò — Flameeyes
flameeyes@flameeyes.eu — http://blog.flameeyes.eu/