Announcement

**rohcQaH** · 14 November 2014, 10:17 AM

Interesting. Let's check my own /usr/ on gentoo:

Code:

 ~> find /usr/ -not -perm -004 -print0 | xargs -0 ls -dl
-rws--x--x 1 root     root         54856 Oct 23  2013 /usr/bin/chage
-rws--x--x 1 root     root         46152 Oct 23  2013 /usr/bin/chfn
-rws--x--x 1 root     root         41160 Oct 23  2013 /usr/bin/chsh
-rwxr-s--x 1 root     crontab      35896 Oct 22  2013 /usr/bin/crontab
-rws--x--x 1 root     root         23264 Oct 23  2013 /usr/bin/expiry
-rws--x--x 1 root     root         31216 Nov 27  2013 /usr/bin/fusermount
-rws--x--x 1 root     root         67912 Oct 23  2013 /usr/bin/gpasswd
-rws--x--x 1 nullmail nullmail     18640 Mar 13  2014 /usr/bin/mailq
-r-xr-s--x 1 root     man          52936 Mar 21  2013 /usr/bin/man
-rws--x--x 1 root     root         36336 Oct 23  2013 /usr/bin/newgrp
-rws--x--x 1 root     root         23144 Mar 13  2014 /usr/bin/pkexec
-rwxr-s--x 1 root     utmp        362816 Apr  7  2013 /usr/bin/screen
-rws--x--x 1 root     root        117832 Oct 27 20:27 /usr/bin/sudo
-rws--x--x 1 root     root       2174816 Apr 13  2014 /usr/bin/Xorg
drwxr-x--- 2 root     games         4096 Oct 28 20:56 /usr/games/bin
-rwxr-x--- 1 root     games      6917072 Apr  7  2013 /usr/games/bin/gnugo
-rws--x--x 1 root     root         11019 Apr 28  2014 /usr/lib64/kde4/libexec/fileshareset
-rwxr-s--x 1 root     nogroup      56280 Jun  8 00:00 /usr/lib64/kde4/libexec/kdesud
-rws--x--x 1 root     root        474112 Apr 11  2014 /usr/lib64/misc/ssh-keysign
-rwxr-s--x 1 root     utmp         10080 Oct 22  2013 /usr/lib64/misc/utempter/utempter
-rw------- 1 nobody   root             0 Jun 30 20:46 /usr/lib64/nfs/state
-rws--x--x 1 root     root         14616 Mar 13  2014 /usr/lib64/polkit-1/polkit-agent-helper-1
-rws--x--- 1 root     messagebus  310752 Oct 26 21:36 /usr/libexec/dbus-daemon-launch-helper
-rwxr-x--- 1 root     wheel        44176 Oct 22  2013 /usr/sbin/cron
-rws--x--x 1 nullmail nullmail     22768 Mar 13  2014 /usr/sbin/nullmailer-queue
drwx------ 2 polkitd  root          4096 Apr  7  2013 /usr/share/polkit-1/rules.d

These are mostly setuid/setguid binaries (where the missing w+r does not matter), as well as a few commands that should really only be run by a specific user or group.

**willmore** · 14 November 2014, 10:23 AM

About time

Good to see Fedora catching up to where most UNIX environments were two decades ago. Anyone remember Project Athena/Vincent/Andrew?

**deve** · 14 November 2014, 10:25 AM

They create strange policies which affect all applications. I don't say that their ideas are bad in general, but in some specific cases certainly yes.

For example you can't use statically linked library for your software. It doesn't really matter that this one from repository is not compatible backwards. It also doesn't really matter that sometimes you need patched version of a library and this patch was rejected upstream. They modify your code to make it work with system library. Your software now crashes and does a lot of unexpected things? Oh, sorry. Our policy is holy and is the best for every app in the world. Let's rewrite your whole application to newer library version. It will take you a half a year? Oh, sorry again...

In result we have tens of poorly working applications dowloaded from repository while the same versions compiled from source or downloaded from official website work fine.

Yes, I really don't like Fedora.

**curaga** · 14 November 2014, 10:29 AM

Why is gnugo there?

"You don't get to run games, muahaha"

**Serafean** · 14 November 2014, 10:52 AM

Originally posted by deve View Post

They create strange policies which affect all applications. I don't say that their ideas are bad in general, but in some specific cases certainly yes.

For example you can't use statically linked library for your software. It doesn't really matter that this one from repository is not compatible backwards. It also doesn't really matter that sometimes you need patched version of a library and this patch was rejected upstream. They modify your code to make it work with system library. Your software now crashes and does a lot of unexpected things? Oh, sorry. Our policy is holy and is the best for every app in the world. Let's rewrite your whole application to newer library version. It will take you a half a year? Oh, sorry again...

In result we have tens of poorly working applications dowloaded from repository while the same versions compiled from source or downloaded from official website work fine.

Yes, I really don't like Fedora.

Debian has the same policy. So does Gentoo. What do you use? These two may not be as strict in its application as Fedora, but it's there...
FYI : I support this policy. Statically linked have bit me quite a few times already. As the saying goes : unmaintained software is dead software.

Gentoo has a nice writeup about bundling libraries : https://wiki.gentoo.org/wiki/Why_not...e_dependencies

Serafean

**pal666** · 14 November 2014, 10:55 AM

Originally posted by deve View Post

They create strange policies which affect all applications. I don't say that their ideas are bad in general, but in some specific cases certainly yes.

For example you can't use statically linked library for your software. It doesn't really matter that this one from repository is not compatible backwards. It also doesn't really matter that sometimes you need patched version of a library and this patch was rejected upstream. They modify your code to make it work with system library. Your software now crashes and does a lot of unexpected things? Oh, sorry. Our policy is holy and is the best for every app in the world. Let's rewrite your whole application to newer library version. It will take you a half a year? Oh, sorry again...

In result we have tens of poorly working applications dowloaded from repository while the same versions compiled from source or downloaded from official website work fine.

Yes, I really don't like Fedora.

if your patch is not accepted upstream, choose different library. or maybe your patch is not accepted because it is insane, then do the sane thing. it is very simple. nobody is going to check your bundled libs for vulnerabilities. you seem to like http://en.wikipedia.org/wiki/Dancing_pigs
if you need old library, it can be provided by compat package. but again, who is going to fix vulnerabilities in rotting codebase ?

**deve** · 14 November 2014, 11:09 AM

@Serafean
It's not bad policy in general. But sometimes static linking is better and as you said Debian is not as strict as Fedora. We can't make app non-working or poorly working only because of this policy.

Why should I rewrite my app when it's still usefull with old library version and I see no adventages in use newer version? Lower disk space usage? I can improve something other instead of this.

Sometimes I need to compile some applications from source because maintainer broke it. Last time it was lirc package which caused irexec stop working after hibernation. Maintainer probably didn't notice it at all. But he knows better than software developers what is good...

**RahulSundaram** · 14 November 2014, 11:19 AM

Originally posted by deve View Post

@Serafean
It's not bad policy in general. But sometimes static linking is better and as you said Debian is not as strict as Fedora. We can't make app non-working or poorly working only because of this policy.

Fedora has a number of static libraries and bundled libraries as well but Fedora tries to avoid it just like any mainstream distribution does. It is not followed blindly in all circumstances as you seem to think. If unbundling causes breakages, that is a bug and should be fixed like any other bug. If you have reported them and they haven't been attended to, bring them to fedora devel list.

**pal666** · 14 November 2014, 11:32 AM

Originally posted by deve View Post

Why should I rewrite my app

why should distro include problematic app ?

Announcement

Fedora Looks To Make /usr World-Readable

Fedora Looks To Make /usr World-Readable

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment