Re: Survey answers part 1: systemd has too many dependencies, …

To: debian-devel@lists.debian.org
Subject: Re: Survey answers part 1: systemd has too many dependencies, …
From: Bjørn Mork <bjorn@mork.no>
Date: Sun, 09 Jun 2013 11:45:30 +0200
Message-id: <[🔎] 87zjuzwrb9.fsf@nemi.mork.no>
In-reply-to: <[🔎] x6fvws19x5.fsf@midna.zekjur.net> (Michael Stapelberg's message of "Sun, 09 Jun 2013 01:04:38 +0200")
References: <[🔎] x6fvws19x5.fsf@midna.zekjur.net>

Michael Stapelberg <stapelberg@debian.org> writes:

> since some people might not read planet debian, here is a link to my
> first blog post in a series of posts dealing with the results of the
> Debian systemd survey:
>
> http://people.debian.org/~stapelberg/2013/06/09/systemd-bloat.html

I was hoping you would cover my reason why I fear the "too many
dependencies":

external dependencies obfuscates what code is part of pid 1 and what is
not.  Some (most?) of the external projects you depend on are probably
not developed with this use case in mind, and hence are not suitable for
being used like this.  This is not a critisism of the externel
libraries. There is quite a difference between writing code which can
exit and writing code which cannot.  No sane person will attempt to do
the latter unless strictly required.

You claim that the systemd code using these dependencies is simple, and
I have no reason do doubt that.  But you ignore the fact that you make
the external code part of systemd.  That code also needs to be audited
as if it were an integral part of systemd.  You could just write a
"libpid1" and a 5 line application using that library.  It should be
obvious that auditing the 5 line application would be unsufficient.

The point is that it is not obvious that all these external dependencies
are suited for use by systemd, and that the responsibility for ensuring
that they are lies with the systemd project.  Not with the external
projects.

I understand that there are lots of developers having a hard time
understanding that there is a difference between
 - desktop application depending on libfoo, and
 - criticial (securitywise, stabilitywise, other) application depending
   on libfoo

You do of course not have to agree.  This is my personal opinion only.
But I believe it is useful to read Jamie Zawinski's view on screensavers
and toolkit library dependencies, and try to figure out how that can be
relevant to systemd and external dependencies:
http://www.jwz.org/xscreensaver/toolkits.html

Using a library in a critical application will make any harmless library
bug into a critical bug.  Are the maintainters of those dependencies
really ready to handle that?

This is the primary reason why the list of dependencies terrifies me.
Not any of the four reasons you list, which, although valid, are only
minor issues which could be outweighed by advantages offered by the
dependency.

Bjørn

Reply to:

Follow-Ups:
- Re: Survey answers part 1: systemd has too many dependencies, …
  - From: Michael Stapelberg <stapelberg@debian.org>
- Re: Survey answers part 1: systemd has too many dependencies, …
  - From: Vincent Bernat <bernat@debian.org>

References:
- Survey answers part 1: systemd has too many dependencies, …
  - From: Michael Stapelberg <stapelberg@debian.org>

Prev by Date: Re: Bug#711359: ITP: python-first -- simple function that returns the first true value from an iterable
Next by Date: Re: Bug#711359: ITP: python-first -- simple function that returns the first true value from an iterable
Previous by thread: Re: Survey answers part 1: systemd has too many dependencies, …
Next by thread: Re: Survey answers part 1: systemd has too many dependencies, …
Index(es):
- Date
- Thread