I know this is probably sarcastic but honestly Gentoo’s great if you don’t trust binaries by default. Nothing is an absolute guarantee against compromise, but it’s an awful lot harder to compromise a source code repository or a compiler without anyone noticing (especially if you stick to stable versions) than it is to compromise a particular binary of some random software package. I trust most package maintainers, but they’re typically overworked volunteers and not all of them are going to have flawless security or be universally trustworthy.
I like building my own binaries from source code whenever possible.
Genuine question from a longtime Linux user who never tried Gentoo - doesn’t updating take forever? I used a source build of firefox for a bit and the build took forever, not to mention the kernel itself
Gentoo does not have always the latest builds, not by default.
Updates depend on your amount of packages, hardware, and willingness to utilize that hardware for compiling.
I don’t use DE, just dwm+dmenu, so my biggest packages are Firefox and LibreOffice, which can take 3+ hours with dependencies. KDE or Gnome would most likely add more.
But you can put number of cores for compiling into config. If you have your PC on most of the day, you can set it to 1 or 2 and you most likely won’t even know about it.
Or, if you have 16 core CPU, let 14 do the compiling and you can browse the web with the remaining two.
This all assumes you have enough RAM as well. It’s not as bad, but you should have at least 32GB.
The distro is smooth, way more than anything I’ve ever tried, and I’m not switching from it.
There are a lot of binary packages now, and explicit bin versions of big ones like firefox or the kernel. Without using those an update after some months may take half a day. With them, even a weak laptop only takes a few minutes.
Gentoo doesn’t want to push you into some compiled utopia, it’s offering you the option of customizing or taking control where needed.
You can have your system use binary packages but then set one packet to source, download the source, modify it, write a patch, and have a package with a completely custom sourcecode modification that you can easily keep updating as normal at the cost of it now taking longer due to compiling from source.
Depends on your system specs, but… yes, generally speaking. There is a reason most people and most distros use binaries. Even Gentoo can use binaries for some stuff.
Are you going to suffer significant damage if your updates take forever though? What’s the hurry? The number of times I have literally needed the absolute latest version of something installed right now are pretty damn minimal. The major exception is widespread, exploited zero-day remote-access vulnerabilities, but those are rare, and especially rare are ones that affect the exact versions and configurations of software that I am currently using and cannot reasonably just opt to “stop” using. Even so, there are usually other ways to block the network traffic, disable the offending part of the configuration, or otherwise mitigate the risk. Besides, there’s nothing stopping you from literally just downloading a patched binary if that’s what you need at that moment.
Patience is a virtue, and it’s generally good for you. You don’t have to be addicted to constant updates, but you do need to be thoughtful and understand how to build defense-in-depth.
It’s not so much “I must have the latest version NOW” and more that while it was building my system load would spike from 0.1 to 7+ and everything ran like shit for like half an hour.
I’m a messy, impatient boy - I know my limitations!
I know this is probably sarcastic but honestly Gentoo’s great if you don’t trust binaries by default. Nothing is an absolute guarantee against compromise, but it’s an awful lot harder to compromise a source code repository or a compiler without anyone noticing (especially if you stick to stable versions) than it is to compromise a particular binary of some random software package. I trust most package maintainers, but they’re typically overworked volunteers and not all of them are going to have flawless security or be universally trustworthy.
I like building my own binaries from source code whenever possible.
Genuine question from a longtime Linux user who never tried Gentoo - doesn’t updating take forever? I used a source build of firefox for a bit and the build took forever, not to mention the kernel itself
Gentoo does not have always the latest builds, not by default.
Updates depend on your amount of packages, hardware, and willingness to utilize that hardware for compiling.
I don’t use DE, just dwm+dmenu, so my biggest packages are Firefox and LibreOffice, which can take 3+ hours with dependencies. KDE or Gnome would most likely add more.
But you can put number of cores for compiling into config. If you have your PC on most of the day, you can set it to 1 or 2 and you most likely won’t even know about it.
Or, if you have 16 core CPU, let 14 do the compiling and you can browse the web with the remaining two.
This all assumes you have enough RAM as well. It’s not as bad, but you should have at least 32GB.
The distro is smooth, way more than anything I’ve ever tried, and I’m not switching from it.
The long update has the advantage of providing an opportunity to touch grass.
touch grassis literally a one-liner, cmon broThere are a lot of binary packages now, and explicit bin versions of big ones like firefox or the kernel. Without using those an update after some months may take half a day. With them, even a weak laptop only takes a few minutes.
Gentoo doesn’t want to push you into some compiled utopia, it’s offering you the option of customizing or taking control where needed.
You can have your system use binary packages but then set one packet to source, download the source, modify it, write a patch, and have a package with a completely custom sourcecode modification that you can easily keep updating as normal at the cost of it now taking longer due to compiling from source.
Depends on your system specs, but… yes, generally speaking. There is a reason most people and most distros use binaries. Even Gentoo can use binaries for some stuff.
Are you going to suffer significant damage if your updates take forever though? What’s the hurry? The number of times I have literally needed the absolute latest version of something installed right now are pretty damn minimal. The major exception is widespread, exploited zero-day remote-access vulnerabilities, but those are rare, and especially rare are ones that affect the exact versions and configurations of software that I am currently using and cannot reasonably just opt to “stop” using. Even so, there are usually other ways to block the network traffic, disable the offending part of the configuration, or otherwise mitigate the risk. Besides, there’s nothing stopping you from literally just downloading a patched binary if that’s what you need at that moment.
Patience is a virtue, and it’s generally good for you. You don’t have to be addicted to constant updates, but you do need to be thoughtful and understand how to build defense-in-depth.
It’s not so much “I must have the latest version NOW” and more that while it was building my system load would spike from 0.1 to 7+ and everything ran like shit for like half an hour.
I’m a messy, impatient boy - I know my limitations!