libera/#devuan-dev/ Monday, 2020-12-28

masonAnd Russ weighs in on the side that sees Debian lose support and relevance.02:41
bgstack15Explain, mason.02:42
bgstack15Are you saying he is arguing for a side that you predict will weaken debian as a base for everything else in the *nix 'verse?02:43
masonbgstack15: It's re: Debian #975075.02:50
masonI'll find a link.02:50
bgstack15I've read his latest email.02:51
bgstack15I just don't understand it to your level.02:51
masonAh, kk. So, he's stamping on the notion that Debian needs to accomodate non-systemd.02:52
masonbgstack15: His position is a lot like his position in 2014.02:52
masonAnd the world already has Fedora, so causing Debian to follow suit isn't useful.02:52
masonMy reading of it is that he's saying there's no reason for the bug to exist.02:53
masonFor Devuan, this'll mean an increasing need to fork packages and/or roll our own.02:53
masonThis isn't a bad thing if we can keep up with it, mind you.02:53
JackFrostIf one can keep up with itâ„¢02:54
JackFrostThat is to say, that's a big "if" there.02:54
masonWhich is why I said it, yes.02:55
bgstack15Maybe the visibility of this but report will increase available work hours to the Devuan team!02:55
masonBut if we can, which will require some packager interest, that'd suggest that the Debian stance isn't as universally accepted as they'd like.02:55
masonConsider stuff like Debian GNU/kbsd. They'd have a 100% easier time being a first-class citizen under Devuan, whereas Debian is squeezing them out by insisting on the use of non-portable software.02:56
masonAnd there's Bdale Garbee weighing in. Sigh.08:18
DPAI think it would be cool if things like Debian GNU/kFreeBSD started moving to devuan as a base, but is it easier or even viable? Devuan is still an overlay, it doesn't rebuild all the packages,08:48
DPAa lot of packages may not build without systemd, or at least not without manually replacing libsystemd-dev with libelogind-dev in their control files, and I would presume something08:48
DPAlike kFreeBSD would need to rebuild all the packages, wouldn't it?08:48
bgstack15Hey, some rational thinking from Sam H. on the bug#975075 thread!16:47
masonbgstack15: Don't be taken in! :P19:32
bgstack15Hm, you appear to be more knowledgeable about how one ought to interpret the statements. Please, enlighten me!19:32
masonbgstack15: I can easily hear that with a sarcastic overlay, but taking it straight: I'm not sure I'm more knowledgeable, but I tend to disbelieve that zebras can change their stripes, so I try to look at someone's overall contribution.19:33
bgstack15Yes, I wasn't sure myself if what I said was sarcastic.19:34
masonOkay if it was, honestly.19:34
bgstack15You definitely seem to enjoy popping my enthusiasm bubbles.19:34
bgstack15(heh, I guess that means I want to live in a bubble)19:34
masonbgstack15: As best I can describe it, I have a strong surface skepticism with a deeper hopeful strata often hidden.19:34
bgstack15With all due respect to our team here, I would love for Debian to somehow include sysvinit again and the need for Devuan would dissipate.19:35
masonbgstack15: Oh, I imagine all of us feel that way, but it seems less likely as time passes.19:35
masonbgstack15: So, for example, look at https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=975075 and find Hartman's contributions generally. I guess I mostly fear that he's being utterly reasonable in pursuit of an unreasonable (IMHO) end.19:37
bgstack15Oh, in the same vein as, "I'm just following orders"?19:38
masonbgstack15: What informs my whole feeling of hopelessness is that Unix was always aggressively standards-based, with inter-system compatibility a big priority, and that's explicitly not the case with systemd. Debian used to have an amazing ethic in this regard, but we're seeing that close up these last few years.19:38
masonOr rather, not intersystem-compatibility so much as portability.19:39
bgstack15The child has reached maturity and wants out from under Mr. and Mrs. Unix's household and rules.19:39
bgstack15*the age of majority19:39
masonWell. What's notable is all the software that actually matters comes from the mindset that portability matters. Email, web services, DNS, crypto software, networking generally.19:40
bgstack15Well, for now.19:40
masonEverything that matters comes from the mindset that portability makes things better. This is a new direction for the Linux world, throwing away portability and saying "my way or the highway".19:41
masonbgstack15: "For now" is "for most of recorded history" in our terms. systemd first blasted onto the scene with RHEL 7 in 2014, and it didn't hit the majority of even RHEL deployments for several years, because it was not a good move for enterprise sysadmins, suddenly losing their stable platform and relevant knowledge of how these systems work.19:42
masonEven today, after it's officially on life support, there are companies with large (expensively supported) RHEL 5 and RHEL 6 deployments.19:43
bgstack15What makes me sad is that parts of systemd are really cool. I think declarative service files are great. I cannot think of any other good things to come out of that project, though. Even the service control syntax changed order... because NIH19:43
masonThe closest thing we've seen to critical new infrastructure is Kubernetes, and that arises from Docker, for for some years systemd wouldn't even run in Docker, which is why Alpine and CoreOS got such a leg up.19:44
masonbgstack15: Some of that declaritive syntax is deceptive. Here's a thought exercise for you. Tell me why (without digging too far) you might want PrivateTmp for a service and how it probably would work.19:45
masonIf you dig, the joke will be up, so let's approach it from the surface.19:45
bgstack15How it would work? I would expect we should just export TMPDIR=/run/user/$SERVICEUSER/19:45
masonWhich is to say, the "simplicity" of a simple declaritive syntax where you don't specify behaviour.19:45
masonbgstack15: Good, that's a good thought. And why would you even want it?19:46
bgstack15I'm guessing it's not that simple.19:46
bgstack15Well, to help isolate the service's data in general.19:46
bgstack15But couldn't you just set the umask of the running process?19:47
bgstack15and leave its temp data in /tmp?19:47
masonSure. But more specifically, tmpfile races are a known security issue. It's well-solved with mktemp, but not everyone uses mktemp for some reason.19:47
bgstack15is that mktemp(1) or mktemp(3) if there is one?19:47
masonWell, a mask can help with privacy, but not creation races. mktemp solves races.19:47
masonRight.19:47
bgstack15I'm a shell plebe, so I use mktemp(1)19:47
masonSo, you have mktemp as a solution, but now with systemd you also have PrivateTmp.19:47
masonmktemp is almost always the right answer.19:48
masonSo, PrivateTmp... In order to do the same thing mktemp does... DROPS YOUR ENTIRE FILESYSTEM NAMESPACE INTO A PRIVATE CGROUP. Changes in the original and in the new cgroup don't interact with each other. This includes things like new mounts.19:49
masonThis leads to a host of really bad issues that are really tough to solve.19:49
masonAnother example, socket-activated services. Let's say you want to change your hostname or your default system locale...19:50
masonSo, you use "localectl" and that talks to the locale daemon. The locale daemon is socket-activated, so it runs when you need it and then quits after three minutes.19:50
masonFunny thing, for "security" this *also* drops into a private filesystem namespace, and rather than using an Access Control system like SELinux or AppArmor, systemd remounts everything read-only inside that new private namespace. Guess what happens if you have a sick NFS mount?19:51
mason(SELinux being a MAC, AppArmor being a DAC)19:52
bgstack15It hangs your process for 10 minutes.19:52
bgstack15I know that one ...19:52
masonIt hangs a range of things for an indeterminate amount of time.19:52
masonYou can control how bad this is by adjusting the SystemProtect setting, but it's absolutely non-obvious.19:53
bgstack15I think the hostnamectl thing is super weird and not important. And I'm guessing localectl attempts to control your shell's LC_* env cars?19:53
bgstack15Vars19:53
masonWell, they're both kind of important. But yeah, hostnamectl impacts environment variables, keyboard maps, etc.19:54
masonlocalectl* I mean19:54
masonSo, just saying, the simple declarative syntax hides a host of timebombs.19:54
bgstack15and hostnamectl, what, fscks up your /etc/hostname?19:54
masonbgstack15: That'd be true if /etc/hostname were the only thing with the "authoritative" record of the system's hostname. :P19:55
masonIt's bad design to patch over bad design.19:55
bgstack15well, the few bytes of memory for pid 1 are the ultimate authority, I presume...19:55
bgstack15that loads it from /etc/hostname after mounting /etc?19:55
masonI don't want to get sidetracked, though. systemd's "take it all or it's painful" makes the free software world smaller.19:56
masonbgstack15: I think it keeps it in a private store actually.19:56
masonUnsure. I've never had to read the source to that one, gratefully.19:56
masonAnyway, the next person to devise a better bootloader, a better syslog server, a better IPC system, a better automounter, they're all out of luck, because systemd wants to do all that. And by systemd, I mean a smallish group of Fedora developers.19:58
masonThis is all why we need Devuan and similar projects. And yeah, I'd love it if Debian obviated Devuan, but this current bug and today's new traffic makes it clear that they have other priorities.19:59
masonMaybe we'll be surprised when the CTTE rules. We'll see, I guess.20:01
bgstack15Do we have a plan to (make it easy|publish a path) for a Debian uploader/maintainer/developer to come start helping here at Devuan?20:06
bgstack15One reason I'm a contributor here and not in Debian is because I showed up in irc, asked a few questions about a package, and was handed one! In debian, you have to go through more red tape than getting a job.20:07
masonbgstack15: I don't know... Folks who've been here longer than me will doubtless have opinions. It certainly seems like a do-ocracy, and that'd probably need to scale if we ever have wild success.20:11
masonThe more widely we're used, the more valuable a target we become for people subverting our infrastructure or packages.20:12
bgstack15Ah, please don't start feeling that paranoid.20:13
bgstack15That sort of thinking will make us all leave the www entirely.20:13
bgstack15and then were will I clone my apt mirrors from?20:13
masonbgstack15: That kind of paranoia has been a part of too many of my jobs for me not to look at things based on risk.20:13
bgstack15Wow, I don't have a high enough clearance to discuss those sorts of things with you.20:14
masonThat's not useful.20:14
masonHere, this is relevant reading: https://lwn.net/Articles/786593/20:15
bgstack15But to continue pressing the matter, does that mean that you plan on limiting your current contributions because the distro might become a higher-priority target for somebody at some point in the future?20:15
masonbgstack15: Wow, you start off in the wrong direction and then it's head down, racing for the finish line.20:15
masonbgstack15: No, it means I want us to do things right, which means transparency and accountability on every level.20:16
masonbbl20:16
bgstack15ping again upon your return and we can continue. Sorry if I misinterpret your wizened security concerns.20:19
masonbgstack15: Hey, I'm back. Crashed the drone one and wrecked a propeller set, but after disassembling the arm and replacing the rotor, I was up and flying and got some good video of the yard and kids.22:29
masonbgstack15: So, here's my perspective, limited of course by it being lodged in just one head: People will hopefully depend on us more and more, and this will increase our value as a target, and as such, I think there will be a need for auditability and accountability and for transparency in our processes.22:30
bgstack15OK. I feel that we do a good job of that.22:30
bgstack15I like the public access of the Jenkins that builds the assets that go into the repos.22:30
masonbgstack15: I'll give you Slackware as an example. It's an exceedingly pleasant system to use, but development is closed, there's no public bug-tracking system, and it's not as easily trusted as a result.22:31
masonbgstack15: Oh, yeah, Devuan does a lot right. I love the developer meetings being public and having notes published.22:31
bgstack15I had no idea. I also don't expect anyone who needs more than a handful of systems would ever choose Slackware.22:31
masonI'm just thinking about what it would look like if we started being as big as Debian in size.22:31
bgstack15I doubt that would ever happen, but it would be cool.22:32
masonbgstack15: Ah, you might be surprised. Hanging out in that community, at least historically they've had some decent-sized deployments.22:32
bgstack15does Slackware offer anything in the host-your-own-repo like apt or FreeBSD's poudriere?22:32
masonbgstack15: Well. That's the question. It might not happen, but I hope it does happen, especially if Debian doesn't change their trajectory.22:32
masonbgstack15: Um, the packaging system is quite simple and straightforward, so repositories are trivial by comparison to either FreeBSD or Debian. For third-party development, slackbuilds.org is nice.22:33
bgstack15Is there a reason you keep inserting my name in your messages?22:33
bgstack15I'm right here.22:33
masonbgstack15: Yes. There is. https://youtu.be/gRdfX7ut8gw22:34
masonbgstack15: So, for me, for example, this tradition means that if I have conversations going in multiple channels (which in fact I do just now) someone using my name will be a different highlight than "just some traffic".22:35
masonI'm following 51 channels right now, so this kind of hint helps me not drop the ball on conversations.22:35
masonI also order channels by priority so I'm likely to look at this channel (for instance) more frequently based on there just being traffic.22:36
bgstack15Ah, so would you prefer that I use your name, then?22:36
masonbgstack15: It'd have the property of guaranteeing that I see the message even if I am involved elsewhere.22:37
masonbgstack15: But I try to adhere to Postel's Law and treat IRC and email etiquette as a protocol, so I won't ask you to change how you do it just for me. (Of course, there are lots of folks who operate the way I do, so it might be worth considering that.)22:38

Generated by irclog2html.py 2.17.0 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!