Rich Freeman on 12 May 2012 09:24:28 -0700

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] A pleasant installation surprise

On Sat, May 12, 2012 at 1:20 AM, Art Clemons <> wrote:
> On 05/11/2012 10:43 PM, Rich Freeman wrote:
> Once again though, Chromium can be compiled reliably.  Especially today with
> relatively large storage hardware, 50MB isn't a really big price.

Well, in the case of Chromium we're talking about a 1GB uncompressed
tarball that has to be compiled.  Fortunately Gentoo has been leading
the way in getting rid of much of it, so now it only takes 15 minutes
to compile with four cores at full tilt and a few GB of RAM (one of
the few things that still triggers the thermal alarm on my Gentoo

The cost of self-contained packages is more than just tarball size and
compilation time.  All those non-shared libraries consume extra RAM.
While Chromium generally does a good job, lots of other packages have
issues with security fixes to embedded libraries as well.

> I suspect most distro maintainers can't possibly keep track of every
> dependency for even most of the commonly used programs.

They do.  Their distros wouldn't work if they didn't.  Occasionally
they fail (often without help from upstream), and that is what causes
bugs.  Keeping track of dependencies is half the value a distro adds
in the first place.

> You don't want bloat and I want working software even at the cost of some
> bloat.

You've just summed up the Windows/OSX vs Linux approaches very well.
Most FOSS tends to favor dependencies, and most commercial packages
tend to favor self-containment.  There are exceptions in both cases
(Google Earth for linux is one extreme - they bundle a whole extra
install of wine with it and just run the windows version).

When I look at my linux box, I know all my software is up-to-date.  I
don't have 47 processes running in the background checking for updates
from 47 different places to make it work either.  I have one unified
package management system that keeps everything up-to-date.  My distro
has a single update/security policy they aim to maintain, and I can
pick a distro that has one that I like.

On my windows boxes I have no idea what security bugs might be present
in the various software packages I install.  The only way to stay on
top of that is to sign up for 300 independent mailing lists.  Some of
my software is self-updating, which usually means 75 different update
programs running each looking to keep a few of my applications
up-to-date.  Each of them no doubt is maintained in accordance with a
different security policy.  If I run Firefox on Windows nobody will
backport security fixes the way Debian does.

To each his own I guess, but I greatly prefer the linux way.  From the
point of view of a single app I guess self-contained packages makes
some sense, but from the point of view of the whole, it doesn't work
very well.

Philadelphia Linux Users Group         --
Announcements -
General Discussion  --