This Time Self-Hosted
dark mode light mode Search

Let’s call a spade a spade

Some people thought that my previous blog about the libpng debacle was meant as an attack, or a derision, of the work and effort that Samuli put into getting us out of the libpng-1.2 mess we were. Let me be clear: it wasn’t. I’m glad that Samuli is there, without him I would probably have left Gentoo a long time ago, frustrated by nothing happening.

But I think that we shouldn’t hide our head under the sand and keep repeating “it’s all good, it’s all good”. It isn’t.

Samuli did the best he could to get us out of the trouble, which is much bigger than a single person, two, three or even a dozen could properly tackle with all the possible bases covered, at this point, unless there is consensus among the whole developer body, which isn’t there.

But first, I have to say that one thing I’m going to maintain was done wrong, in the rush of the moment: stabling libpng-1.4 as part of a security fix. That was simply reckless. But the fault does not lie in a single person, but rather in the general spirit of avoiding doing extra work… still, reckless or not, it’s done and we have to live with it, and learn from it.

And learning seems like we are; finally there is enough traction for --as-needed to become default as I wrote recently and I got to thank Samuli and Kacper without whom we wouldn’t be able to reach that point at all. I unfortunately still don’t see the same traction behind the hidea of dropping .la files. Removing them from gtk+ which doesn’t install any static library and thus does not need the .la files at all, would have solved if not all, most of the problems people had with the upgrade…

Oh and by the way, the update script for libpng is a hack and it will leave behind .la files when packages will start dropping them, as it changes their checksum and timestamp without updating the package database. The same is true for the (generic) lafilefixer which is why I’ll recommend again to apply the incremental one, as declared in the two posts linked at the beginning.

Finally, libpng-1.5 is going to be released sometime soon… either we make a plan now, or we’re going to suffer through another identical pain soon. And libpng is known for having security issues quite often… I already sent Samuli the plan I was thinking on this morning; I’ll write more details about that as I find the time.

Comments 5
  1. Although I agree that modifying .la-files in the tree and thus changing their checksum and timestamps is a hack (and I also frequently warn about this bad usage of lafilefixer), things are not as bad as you write:New versions of portage will remove old files on upgrades even if their checksum or timestamp differs, i.e. the danger of having orphan .la files is not there anymore. However, things like equery check or qcheck will be affected, of course.

  2. I’m afraid I don’t understand about “incremental lafilefixer”.Part of my lack of understanding is that I don’t have a file: /etc/portage/bashrc.I do have a directory /etc/portage/bin/ and associated directory /etc/portage/postsync.d/ and I understand that the file /etc/portage/bin/post_sync is a loop script designed to execute whatever scripts are in /etc/portage/postsync.d/.I don’t know if I should set up a new /etc/portage/bashrc file or if I need a structure similar to post_sync.I’m assuming that you’re recommending to add the file /etc/portage/bashrc if it doesn’t exist and populate it thusly:#!/bin/shpost_src_install() { lafilefixer “${D}”}Is this correct?

  3. I just posted a new post to the sticky linpng thread in the gentoo forums here:…I make prolific reference to your libpng12 comments. 😀 All good! I assure you!Anyway, I think you might be interested in perusing the post both to be sure I’ve referenced you/your comments accurately and to see my associated results.You are vindicated in thinking that other recommended ways of dealing with the libpng12 mess are problematical at best.You will also find that things might be worse than you think.

  4. I can feel your pain, Diego; it seems that the today trend is to purposely misunderstand the statements/assertions done by someone to cheat and change their meaning just to gain an excuse to rant/whine on the subject. It’s so childish … (or maybe it’s just the high temperatures)Samuli is a great Gentoo developers, he always give me good advices on the bugzilla (opposely to other devels that are incline to offend people proposals or to randomly close reports just to hide the problems); he listens and makes good constructive discussions, Gentoo needs more people like him.Nobody is perfect, sometime shit happens and the difference between a bad team and a good one is only the capability to learn and improve from the errors and mistakes done; this is called “discipline”.Massimo Vignelli explaination of discipline:<< The attention to details requires discipline. There is no room for sloppiness, for carelessness, for procrastination. Every detail is important because the end result is the sum of all the details involved in the creative process no matter what we are doing. *There are no hierarchies when it comes to quality. Quality is there or is not there, and if is not there we have lost our time.* It is a commitment and a continuously painstaking effort of the creative process to which we should abide. That is Discipline and without it there is no good design, regardless of its style. Discipline is a set of self imposed rules, parameters within which we operate. It is a bag of tools that allows us to design in a consistent manner from beginning to end. Discipline is also an attitude that provides us with the capacity of controlling our creative work so that it has continuity of intent throughout rather than fragmentation. Design without discipline is anarchy, an exercise of irresponsibility. >>

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.