From: [email protected]

Hello!

[Mon, 16 Aug 2004] Jakob Bohm wrote:

Followup-For: Bug #248665

One more time for the obviously uncooperative maintainer:

1. Any program that *can* use jack but does not *need* to use
jack currently needs to link to libjack because the jack
development libraries do not provide any easy alternative.

There are quite a few easy alternatives to depending on libjack:

* dlopen()
* gstreamer0.8-jack
* libjackasyn (jacklaunch)

2. A rapidly growing number of Debian packages now fall into
this category because they either support jack as one of
several sound output alternatives, or link to a library (such
as arts) that does so.

arts? Any pointers that arts uses jack?

BTW: Most of the "popular" programs that say they support JACK, are not suitable for serious use with JACK because they are not RT-safe. These
programs can not fulfill the requirements that JACK poses.

3. Installing jackd on a system that doesn't *need* to use jack
is a problem because future versions of libjack may start
jackd automatically (according to the jackd man page).
It is generally very bad for a library to Depend on any
non-library package.

Why? Seems to be common practice. Look through the package lists and search libfoo-bin packages, then chack whether their libfoo depends on them
either via libfoo-common or directly on libfoo-bin.

The first I found: libgnomeprint-bin

4. This implies that libjack MUST NOT UNDER ANY CIRCUMSTANCES
Depend, Recommend, PreDepend, include within the package or
otherwise bring in jackd. Until this is fixed, libjack is NOT
fit for inclusion in ANY Debian release, and the RM should
move with maximum speed to get it out from sarge.

5. The excuse that libjack is not useful without jackd is simply
not true (see 1 and 2 above).

6. The excuse that jackd is not suid is not true, because
jackstart is suid which is just as bad.

Jackstart is clean. It only ever executes the jackd with the hardcoded checksum. And only if you already willingly applied the givecap patch to
your kernel.

6. The excuse that some of the few packages that actually use
libjack in such a way that they are useless without jackd
might forget to depend on jackd is just that: A really lame
excuse for forcing jackd down everybody else's throat.

Go away and spend your time on real problems. You seem to think that libjack0.80.0 depending on jackd is the same as coreutils depending on
apache2 or mysql-server. It's not.

If you are really interested (only reason would be saving a few kB of
space, you can write a libjack-dummy (which provides, conflicts, replaces libjack0.80.0-dev) that has a /usr/lib/libjack-0.80.0.so.0 with empty
funtions and a always failing jack_client_new().

If you can't sleep without fighting with us: Feel free to ask
tech-ctte.

Robert.

--
Computer, n.:
An electronic entity which performs sequences of useful steps in a
totally understandable, rigorously logical manner. If you believe
this, see me about a bridge I have for sale in Manhattan.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFBILCnHSjkv+Av7xERAquwAJ4iOG9E64zlw45gZOw5PXj3LUqUVACbB6ak DRkpFvT9zYaOrWRPqPYkxQk=
=KcbX
-----END PGP SIGNATURE-----

--- SoupGate-Win32 v1.05
* Origin: you cannot sedate... all the things you hate (1:229/2)

From: [email protected]

Subject: libjack: This IS a grave bug, fix jack or remove it from Debian BEFORE sarge
Followup-For: Bug #248665
Package: libjack0.80.0-0
Version: 0.98.1-5

One more time for the obviously uncooperative maintainer:

1. Any program that *can* use jack but does not *need* to use
jack currently needs to link to libjack because the jack
development libraries do not provide any easy alternative.

2. A rapidly growing number of Debian packages now fall into
this category because they either support jack as one of
several sound output alternatives, or link to a library (such
as arts) that does so.

3. Installing jackd on a system that doesn't *need* to use jack
is a problem because future versions of libjack may start
jackd automatically (according to the jackd man page).
It is generally very bad for a library to Depend on any
non-library package.

4. This implies that libjack MUST NOT UNDER ANY CIRCUMSTANCES
Depend, Recommend, PreDepend, include within the package or
otherwise bring in jackd. Until this is fixed, libjack is NOT
fit for inclusion in ANY Debian release, and the RM should
move with maximum speed to get it out from sarge.

5. The excuse that libjack is not useful without jackd is simply
not true (see 1 and 2 above).

6. The excuse that jackd is not suid is not true, because
jackstart is suid which is just as bad.

6. The excuse that some of the few packages that actually use
libjack in such a way that they are useless without jackd
might forget to depend on jackd is just that: A really lame
excuse for forcing jackd down everybody else's throat.


-- System Information:
Debian Release: 3.1
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: i386 (i686)
Kernel: Linux 2.4.18jbj3.1.64
Locale: LANG=C, LC_CTYPE=da_DK

Versions of packages libjack0.80.0-0 depends on:
ii jackd 0.98.1-5 JACK Audio Connection Kit (server ii libasound2 1.0.5-1 Advanced Linux Sound Architecture ii libc6 2.3.2.ds1-16 GNU C Library: Shared libraries an ii libraw1394-5 0.10.1-1 library for direct access to IEEE

-- no debconf information


--
This message is hastily written, please ignore any unpleasant wordings,
do not consider it a binding commitment, even if its phrasing may
indicate so. Its contents may be deliberately or accidentally untrue. Trademarks and other things belong to their owners, if any.


--
To UNSUBSCRIBE, email to [email protected]
with a subject of "unsubscribe". Trouble? Contact [email protected]

--- SoupGate-Win32 v1.05
* Origin: you cannot sedate... all the things you hate (1:229/2)

From: [email protected]

On Mon, Aug 16, 2004 at 03:03:35PM +0200, Robert Jordens wrote:

Hello!

[Mon, 16 Aug 2004] Jakob Bohm wrote:

Followup-For: Bug #248665

One more time for the obviously uncooperative maintainer:

1. Any program that *can* use jack but does not *need* to use
jack currently needs to link to libjack because the jack
development libraries do not provide any easy alternative.

There are quite a few easy alternatives to depending on libjack:

* dlopen()
* gstreamer0.8-jack
* libjackasyn (jacklaunch)

Do the jack headers provide ready-to-use declarations and macros
for use with dlopen? or does each maintainer of each
jack-compatible program have to do his or her own dlopen-adapted
copy of the jack headers?

Is gstreamer0.8-jack usable outside the GNOME environment?

Does libjackasyn provide full and uncompromising access to the
features of jack?

2. A rapidly growing number of Debian packages now fall into
this category because they either support jack as one of
several sound output alternatives, or link to a library (such
as arts) that does so.

arts? Any pointers that arts uses jack?

The libarts that was uploaded on Aug 14 with priority High
depends on libjack. This is what made me look at it at all, and
see how arrogant and uncooperative you have been about this bug.
I have also reported a bug against libarts asking that they stop
supporting libjack until this bug is fixed.

Judging from the other posts made to this bug in the past 3
days, I am not the only user to be angry about suddenly having
another daemon and associated libraries brought into my system.

BTW: Most of the "popular" programs that say they support JACK, are not suitable for serious use with JACK because they are not RT-safe. These programs can not fulfill the requirements that JACK poses.

You still don't get it: While the primary jack audience may
consist of hard core studio technicians and stage hands wanting
CD-mastering quality sound, there will undoubtedly be a large
number of users who will want to use jack at the same time as
they use lower-fidelity audio sources such as the error-beeps
from their office application or a beep when incoming mail
arrives while rehearsing.

To make this possible it is necessary for the ordinary, low-fi
audio applications and libraries (such as arts and esd) to be
able to send their output to jack. The obvious way of doing
that is to add jack as just another output library parallel to
alsa, oss, nas, esd and arts. To make that work, libjack must
behave like a good client library and allow itself to be linked
into such general purpose libraries and applications on a
just-in-case basis. This requirement includes the ability to
install libjack and libjack-dev without bringing in any other
overhead, such as jackd, lib1394, makedev (I use devfsd) etc.

Here is a hardware analogy: Studio and stage equipment
typically uses high quality balanced audio signals fed through
coaxial balanced plugs that are secured in place with rugged
screw-on fittings. However most studios and stages also carry
an assortment of converter cables that allow them to plug in
ordinary consumer grade equipment for both input and output.
This is used to play canned CD music (used to be cassette tapes)
in the breaks and while setting up or taking down the stage, for
listening to received demo tapes, recording funny telephone
conversations etc. Calling libjack from ordinary lo-fi
applications serves the same kind of purpose and libjack needs
to allow itself to be wired up to consumer grade audio software
without causing overloads or short-circuits in those fragile
plastic gadgets.

3. Installing jackd on a system that doesn't *need* to use jack
is a problem because future versions of libjack may start
jackd automatically (according to the jackd man page).
It is generally very bad for a library to Depend on any
non-library package.

Why? Seems to be common practice. Look through the package lists and search libfoo-bin packages, then chack whether their libfoo depends on them
either via libfoo-common or directly on libfoo-bin.

The first I found: libgnomeprint-bin

Yes, gnomeprint is a PITA for anyone using ghostscript (which is
just about everyone). I notice that the latest gs packages have
stopped depending on libgnomeprint, probably because of this.

4. This implies that libjack MUST NOT UNDER ANY CIRCUMSTANCES
Depend, Recommend, PreDepend, include within the package or
otherwise bring in jackd. Until this is fixed, libjack is NOT
fit for inclusion in ANY Debian release, and the RM should
move with maximum speed to get it out from sarge.

5. The excuse that libjack is not useful without jackd is simply
not true (see 1 and 2 above).

6. The excuse that jackd is not suid is not true, because
jackstart is suid which is just as bad.

Jackstart is clean. It only ever executes the jackd with the hardcoded checksum. And only if you already willingly applied the givecap patch to
your kernel.

That is not the point. It is suid because it actually does
something that the ordinary user is not permitted to do. The
admin of a recording-studio won't mind granting realtime
privileges to the sound software. The admin of an office
terminal server where KDE is linked to arts which is linked to
libjack which brings in jackstart probably does mind. The admin
of any kind of security-focused operation will not like having
any suid files brought in without pre-approval, source code
audits etc.

Applying the sadly needed kernel bugfixes for the capabilities
to actually work is not an invitation to install more suid
binaries. I have not had the time to check on the progress, but
a few months ago they were working on getting useable
capabilities into the stock kernel.

6. The excuse that some of the few packages that actually use
libjack in such a way that they are useless without jackd
might forget to depend on jackd is just that: A really lame
excuse for forcing jackd down everybody else's throat.

[continued in next message]

--- SoupGate-Win32 v1.05
* Origin: you cannot sedate... all the things you hate (1:229/2)

From: [email protected]

Hello!

[Tue, 17 Aug 2004] Jakob Bohm wrote:

There are quite a few easy alternatives to depending on libjack:

* dlopen()
* gstreamer0.8-jack
* libjackasyn (jacklaunch)

Do the jack headers provide ready-to-use declarations and macros
for use with dlopen? or does each maintainer of each
jack-compatible program have to do his or her own dlopen-adapted
copy of the jack headers?

No. File a severity-wishlist bug.

Is gstreamer0.8-jack usable outside the GNOME environment?

Yes. Why not?

Does libjackasyn provide full and uncompromising access to the
features of jack?

The question was "easy alternatives". Applications, that want the
"features of JACK" AFAICT _only_ get these features with JACK and thus
are quite happy with libjack depending on jackd.

arts? Any pointers that arts uses jack?

The libarts that was uploaded on Aug 14 with priority High
depends on libjack. This is what made me look at it at all, and
see how arrogant and uncooperative you have been about this bug.
I have also reported a bug against libarts asking that they stop
supporting libjack until this bug is fixed.

That is their decision. But we have a policy recommendation that says to
enable as many features as reasonably bossible (IIRC). The only drawback
with enabling JACK support in arts are the 700kB dependencies you are
talking about (300kB libjack and 400kB jackd).

Judging from the other posts made to this bug in the past 3
days, I am not the only user to be angry about suddenly having
another daemon and associated libraries brought into my system.

jackd is not a daemon like artsd or inetd. It's a process that runs in
the foreground and is started manually.

suitable for serious use with JACK because they are not RT-safe. These programs can not fulfill the requirements that JACK poses.

You still don't get it: While the primary jack audience may
consist of hard core studio technicians and stage hands wanting
CD-mastering quality sound, there will undoubtedly be a large
number of users who will want to use jack at the same time as
they use lower-fidelity audio sources such as the error-beeps
from their office application or a beep when incoming mail
arrives while rehearsing.

I have yet to see a Recording Studio that routes their doorbell to their
mixing desk. JACK is not about building a multi-function tool that works
for every fart your system can come up with. The mentioned
mail-notofocation is exactly what is _not_ intended with JACK. BTW: If
you have "lower-fidelity audio" then you can't afford wasting another
precious channel for "error-beeps" which you are forced to use if you
are processing your mix externally in order not to have the
"error-beeps" on your recording.

To make this possible it is necessary for the ordinary, low-fi
audio applications and libraries (such as arts and esd) to be
able to send their output to jack. The obvious way of doing
that is to add jack as just another output library parallel to
alsa, oss, nas, esd and arts. To make that work, libjack must

JACK is not meat to be "another output" server parallel to "alsa, oss,
nas, esd and arts". The assumtion is incorrect and applications are
missusing jack as stated above.

behave like a good client library and allow itself to be linked
into such general purpose libraries and applications on a
just-in-case basis. This requirement includes the ability to

JACK is not for "just-in-case".

install libjack and libjack-dev without bringing in any other
overhead, such as jackd, lib1394, makedev (I use devfsd) etc.

Here is a hardware analogy: Studio and stage equipment
typically uses high quality balanced audio signals fed through
coaxial balanced plugs that are secured in place with rugged
screw-on fittings. However most studios and stages also carry
an assortment of converter cables that allow them to plug in
ordinary consumer grade equipment for both input and output.

This is used to play canned CD music (used to be cassette tapes)
in the breaks and while setting up or taking down the stage, for
listening to received demo tapes, recording funny telephone
conversations etc. Calling libjack from ordinary lo-fi
applications serves the same kind of purpose and libjack needs
to allow itself to be wired up to consumer grade audio software
without causing overloads or short-circuits in those fragile
plastic gadgets.

There are enough "converter cables" available: ecasound and libjackasyn
can do that.

6. The excuse that jackd is not suid is not true, because
jackstart is suid which is just as bad.

Jackstart is clean. It only ever executes the jackd with the hardcoded checksum. And only if you already willingly applied the givecap patch to your kernel.

That is not the point. It is suid because it actually does
something that the ordinary user is not permitted to do. The
admin of a recording-studio won't mind granting realtime
privileges to the sound software. The admin of an office
terminal server where KDE is linked to arts which is linked to
libjack which brings in jackstart probably does mind. The admin
of any kind of security-focused operation will not like having
any suid files brought in without pre-approval, source code
audits etc.

The two latter admins will never apply the givecap patch or install realtime-lsm. This stops jackstart from doing anything. There is dpkg-statoverride.

Applying the sadly needed kernel bugfixes for the capabilities

givecap not a bugfix. It's a decision to impose another policy on
capabilities that also poses a great security risk.

to actually work is not an invitation to install more suid

[continued in next message]

--- SoupGate-Win32 v1.05
* Origin: you cannot sedate... all the things you hate (1:229/2)