Auteur: Simon Hobson Date: À: dng@lists.dyne.org Sujet: Re: [DNG] with or without libsystemd0
Rick Moen <rick@???> wrote:
> Remember that bit I posted about how /usr/bin/ssh makes dynamic library
> calls to sonames of two Kerberos libraries, even on the overwhelming
> majority of systems that do not implement Kerberos? ... > 'Trust' in the sense you use the word just isn't in that.
But it is.
Have you actually checked any (or all) of the libraries to be sure ? I suspect not - because inherently you "trust" that these are projects from reasonable people following the "do one thing ..." philosophy. Additionally you trust that if they did try anything, you'd get to hear about it.
I almost certainly apply more trust than you do in this wort of thing - because you clearly have more skills in the area of programming than I have and so I have to put some trust in others to "do the right thing" in terms of what makes it into a distro package.
The point is, which you seem to keep missing, is that I do not have this level of trust in anyone pushing systemd. And given the amount of noise surrounding systemd, I additionally can't trust that if someone untoward did slip into libsystemd that I'd hear about it in all the noise.
Plus, as someone else pointed out, to permit libsystemd0 (or equivs *IFF* it doesn't break packages - which it does with ClamAV) is tacitly accepting that these packages are OK to blindly depend on it. If the packagers can package that dependency and not get pushback from the users, then there's no incentive to consider if it might not be "right".
But one thing that hasn't been answered by anyone, and I'm sure there must be a couple of people here with the level of knowledge to answer it ...
How hard is it to replace a "call function_x_in_library_y" and die if library Y is missing, with something like "if_library_y_exists then call function_x" or "call function_x_in_library_y and handle failure gracefully if library Y isn't there" ?
When I raised this with ClamAV, the answer was "it's just one call, if SystemD is installed we never call anything else" - which implies that the cost of making it a soft dependency can't be that high. Ie, if you only cal it once, then the cost of checking first is only one check during start up !
It comes back to - how much is it "programmers are lazy" vs how much is "well actually it is real work".