[TUHS] /usr separation

Grant Taylor gtaylor at tnetconsulting.net
Thu Feb 25 03:50:03 AEST 2021 

On 2/24/21 7:14 AM, Theodore Ts'o wrote:
> I wouldn't say that; I'd rather say that if you have a huge combination 
> of configurations that you have to test, those configurations which 
> aren't regularly tested will tend to bitrot, or have odd failures 
> in various error cases.  The more corners that you have, the more 
> corner cases.

Fair enough.

> I would call this the "Tyrany of Gold", as in the reformulated Golden 
> Rule, "The ones with the Gold, makes the Rules".

Being a fan of the golden rule, I would not make, much less use, that 
derivation.  I think it completely changes the meaning of the spirit 
behind the golden rule.

I don't fault your logic.  I just dislike where it ended up.

> GRUB doesn't care.  But various system administration utilities that 
> want to manage to UEFI boot menu (as distinct from the GRUB boot menu), 
> they need to modify the files that are read by the UEFI firmware.

Valid distinction.

> So it's convenient if it's mounted *somewhere*.  Also, even if it's not 
> mounted, it's still a partition that has to be around, and one reason 
> to keep it mounted is to avoid a system administrator from saying, 
> "hmmm, what's this unused /dev/sda1 partition?  I guess I can use it 
> as an extra swap partition!"

I seem to recall hearing about a problem where a rogue rm could 
accidentally wipe out part of the UEFI.  Maybe it was the contents of 
the /boot/efi partition.  So, I'd suggest a happy medium of mounting it 
Read-Only.  That way it's known to be used /and/ it's protected from a 
simple rogue rm.  It can relatively easily be re-mounted as Read-Write 
when necessary.  As well as subsequently re-mounted back to Read-Only.

> Yes, in another 5 or 10 years, we can probably completely deprecate 
> the MBR-based boot sequence.  At which point there will be another 
> series of whiners on TUHS ala the complaint that distributions are 
> dropping support for i386....

I feel like we've already abandoned i386 as in 80386 (or compatible) 
architecture.  I think we now require Pentium (586?) or better.  At some 
point, we'll completely remove 32-bit support from mainstream Linux 
distributions, thus requiring something from the 21st century.

> But since most TUHS posters aren't paying $$$ to enterprise 
> distributions, most enterpise distro engineers are going to give 
> precisely zero f*cks.  But hey, if you want to volunteer to provide 
> the hard work for supporting these configurations to the community 
> distribution, like Debian, those distros will be happy to accept the 
> volunteer help.  :-)

~chuckle~



-- 
Grant. . . .
unix || die

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4013 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://minnie.tuhs.org/pipermail/tuhs/attachments/20210224/10df8907/attachment.bin>

More information about the TUHS mailing list