[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#331405: Accidential activation of nscd is too simple

Gabor Gombas @ 2005-10-05 (Wednesday), 16:08 (+0200)
> What is that "something"? Investigating the output of apt-cache rdepends
> nscd, libnss-pgsql1 and libnss-mdns Suggests: nscd, and libnss-ldap
> Recommends: it, but nothing Depends: on it. So you should've given a
> choice by whatever package installation frontend you've used.

It would be libpam-ldap which suggests libnss-ldap in my case. But
running apt-rdepends and analyzing it's output suggests that there are
35 packages which depends on nscd in etch today. That's depends as in
any of the relationships that drags a package along, either directly or
as a consequence of a second or higer order dependency.

The fact that the frontend gives me a theoretical chance of hindering
additional software from getting installed doesn't help much.

> Well, the description of nscd says: "You should install this package
> only if you use slow Services like LDAP, NIS or NIS+". If you are not
> using one of these services, why did you choose to install nscd?

Please reflect over these words:

It's not sane to assume users read the descriptions of packages reverse
depending on what they actively install. Normally one just wants the
functionality of the selected package in question, and don't care all
that much about the details of it's dependencies. Add to that the normal
cases that removing suggestions and recommendations normally influence
the package's usability and that the apt frontends still could need some
work on their human computer interaction interfaces.

That's reality, I'm afraid. Disk space is cheap, time is limited, and
users trust in debian is high. (When did you last read the description
of libopencdk8? It's number 100 in popcon, so chances are you have it

I'm not trying to be ignorant or anything. For me personally, the
problem is found and solved. What I'm trying to accomplish with this bug
report is increased quality in the distribution so that it will not have
to happen to anyone else without a good reason.

> Also, the default negative-ttl for the hosts map is just 20 seconds
> which I think _is_ a quite reasonable default.

If twenty seconds were the case, I wouldn't have complained. I had the
laptop on, without any suspend mode or such, for a full nights sleep of
at least eight hours before hunting down and removing the package.

Even if I might have guessed the wrong cause, I still had a problem with
nscd in it's default configuration.

> Why? You said "I've always found the debian way to be having software
> installed with reasonable defaults." The only reasonable default for a
> program called Name Service Caching Daemon is to cache name service
> calls when installed. Otherwise why did you install it at all?

There have been threads about if simply installing a package should
automatically start it's services on debian-devel as recently as a month
ago, and no clear consensus was reached then as far as I understood. One
could have several opinions both for and against, and it's fairly easy
to find packages that does not configure or start their daemons by

Having a debconf question asking about whether to start the daemon or
not would not be to much of an annoyance to legitimate users in my
opinion. Especially not if it defaulted to Yes and has it's priority set
to medium.

If you feel that tagging this report wontfix is a sufficient way to deal
with the problem, I won't nag you more about it.

Reply to: