From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id 2F6A61382C5 for ; Thu, 8 Mar 2018 23:12:33 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 886E7E0978; Thu, 8 Mar 2018 23:12:27 +0000 (UTC) Received: from mail-oi0-x243.google.com (mail-oi0-x243.google.com [IPv6:2607:f8b0:4003:c06::243]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 328FEE094F for ; Thu, 8 Mar 2018 23:12:27 +0000 (UTC) Received: by mail-oi0-x243.google.com with SMTP id x10so5676983oig.2 for ; Thu, 08 Mar 2018 15:12:27 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to; bh=YZ+aipzKnrqcQXLqPmIlSWJeCvxDwAnbmjofJcwycZc=; b=E1z9bxu26AM1l2tPd+rcGZUQxrbusHPvo2p4NXLKPBRj/JgQopR0J/kDCYQr27uCRy U9iiyK2fOt6KiG5OW0vXXJoaxP/AZGfHhR3cKm7f+XOzKde4rzeHGmmMD/+iK+La5qEB gljliponidMN/HZkUdq+CmEsvlFAAZvepUDBT0G33XcSwcK5Gw9u6NAsy7AZEbcwTxUq Dz4CJL8pAC05lLscgYVklAnmq7CVB0NW7+iY2IIthxBHBB2tDdDkBiL7TAnwmn8eTvZY CWDucUwd87paKB2WV3xiO2JTsrY8NEgN8NbRKZkE30VB5Iv5NhCZyhdVPHlmUIhhe44d 2fIA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to; bh=YZ+aipzKnrqcQXLqPmIlSWJeCvxDwAnbmjofJcwycZc=; b=B/kTJstw3ugwenZ91MV01PVO9vgYbhAx0jyVTWGvRNu0plp6uIXAbHLFn6GE4vFQ/o /GI0fkoyF+Ugiy4/AXr5nuvq8bgPcGeXQI3Y9p2KZVPASFHPerTZyhaGf1UqcpABD0Ru OiVak8kw3ytJjID4WB0THdNhPQ0bEmKdV8Ji4hoDCrE1jOVc5R99b8z5Kjr8WRxodMaK xFbUVfqON6qfcLkxEli1/7T62+ywwUMPSzIeZVdK8tgaBWsG/WCk211ltmBVg4zl7TGt zGmRfEB3j3HBduKkT3vBSJfVpDKITnQSS5mT95QGO5VRQIW1KMbyMdCK+ZwaQgmQUgYy Bklw== X-Gm-Message-State: APf1xPApR2+c+Y78PC+S8uq8IFli1IQhi6CCAxhqU6pMvw51imEwG/dg scdwgB82H8U+i81OqbWIonzxZcz2q7BG1Hlrr8lGWygb X-Google-Smtp-Source: AG47ELv21X2uIzJFhgE2X5oMPWi2beL/qj3AS3ucGHI2ObpQKiVBClNquGqjE+GtvT1/353Ie1MZjaH4DKNtIeaV03o= X-Received: by 10.202.79.2 with SMTP id d2mr17009756oib.150.1520550745955; Thu, 08 Mar 2018 15:12:25 -0800 (PST) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-dev@lists.gentoo.org Reply-to: gentoo-dev@lists.gentoo.org MIME-Version: 1.0 Received: by 10.202.185.67 with HTTP; Thu, 8 Mar 2018 15:12:25 -0800 (PST) In-Reply-To: <1520523644.13614.14.camel@gentoo.org> References: <1520523644.13614.14.camel@gentoo.org> From: Francesco Riosa Date: Fri, 9 Mar 2018 00:12:25 +0100 Message-ID: Subject: Re: [gentoo-dev] Proliferation of IUSE=static-libs in Gentoo To: gentoo development Content-Type: multipart/alternative; boundary="001a113d66a01364410566eecf8e" X-Archives-Salt: 94896d52-a01f-4b4a-9128-fed9cdca94c8 X-Archives-Hash: 46cad65f8eeb7dab27c5201f836c636e --001a113d66a01364410566eecf8e Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable 2018-03-08 16:40 GMT+01:00 Micha=C5=82 G=C3=B3rny : > Hello, developers. > > I would like to bring to your attention an alarming trend in Gentoo > ebuilds -- the proliferation of IUSE=3Dstatic-libs, that is a flag > allowing our users to build static libraries. > > I should like to remind you that static linking is almost always a bad > idea. It has serious security implications, it is poorly supported on > *nix systems (example: library dependencies are provided via hacks, we > don't have proper rebuild capabilities) and should be basically > considered a great evil. Partially relevant doc: [1]. > > This is why Gentoo does not generally support statically linking stuff, > and we force dynamic linking whenever possible (sometimes even going too > far with that but that's another story). We only allow static linking > for special cases where shared linking can't be used for one reason > or another. > > As part of that we also shouldn't deliver static libraries unless > absolutely necessary to satisfy the dependencies of applications which > we support built statically. Back in the day, Gentoo developers were > pushing against packages that built static libraries unconditionally. > However, it seems that at some point this front changed from 'fighting > unconditionally built static libraries' to 'proliferating USE=3Dstatic- > libs everywhere'. Which is bad. > > So, developers, please *stop adding USE=3Dstatic-libs* to random librarie= s > that have no reason whatever to be statically linked to. And by that I > mean a good reason, not creeping featurism, not 'user asked for it', not > 'this broken package hardcodes libfoo.a'. > this would make impossible to use qemu static with binfmt alas https://wiki.debian.org/QemuUserEmulation Also looking for which packages are eligible for static libraries or not is more work, not less, because it's a whole different layer of dependancies (when doing the qemu stuff I just decided to build static for everything rather than manage use flags per package) --001a113d66a01364410566eecf8e Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable


2018-03-08 16:40 GMT+01:00 Micha=C5=82 G=C3=B3rny <= ;mgorny@gentoo.org>:
Hello, = developers.

I would like to bring to your attention an alarming trend in Gentoo
ebuilds -- the proliferation of IUSE=3Dstatic-libs, that is a flag
allowing our users to build static libraries.

I should like to remind you that static linking is almost always a bad
idea. It has serious security implications, it is poorly supported on
*nix systems (example: library dependencies are provided via hacks, we
don't have proper rebuild capabilities) and should be basically
considered=C2=A0 a great evil. Partially relevant doc: [1].

This is why Gentoo does not generally support statically linking stuff,
and we force dynamic linking whenever possible (sometimes even going too far with that but that's another story). We only allow static linking for special cases where shared linking can't be used for one reason
or another.

As part of that we also shouldn't deliver static libraries unless
absolutely necessary to satisfy the dependencies of applications which
we support built statically. Back in the day, Gentoo developers were
pushing against packages that built static libraries unconditionally.
However, it seems that at some point this front changed from 'fighting<= br> unconditionally built static libraries' to 'proliferating USE=3Dsta= tic-
libs everywhere'. Which is bad.

So, developers, please *stop adding USE=3Dstatic-libs* to random libraries<= br> that have no reason whatever to be statically linked to. And by that I
mean a good reason, not creeping featurism, not 'user asked for it'= , not
'this broken package hardcodes libfoo.a'.

=
Also looking for which packages ar= e eligible for static libraries or not is more work, not less, because it&#= 39;s a whole different layer of dependancies (when doing the qemu stuff I j= ust decided to build static for everything rather than manage use flags per= package)

--001a113d66a01364410566eecf8e--