Tootfinder

1. Do random changes to cython-test-exception-raiser, and commit them as "initial code".
2. Move the extension module from the package directory into top-level "raiser.*.so", for no apparent reason.
3. Switch to CalVer, so that #Twisted newer upgrades to the new releases (it pins to <2).
4. I file a bug, because I'd like to finally remove the old version from #Gentoo.
#Python

Now here's the fun part. After my successfull Gentoo reinstall yesterday I came across a great tuto on setting up Larry with encryption et al. Of course 😂 And that's actually a must-have on this laptop. The setup uses systemd, which is also a first for me on Gentoo (I've always used OpenRC prior). My updated dwm will get pushed to my Codeberg and pulled back in later on, so that effort isn't wasted. Here we go again 🤣

#gentoo #zeitgeist #foss
Gentoo faces a slop dilemma:

While working through another last rites slew, I was thinking that back in the day there were a number of developers who believed they should add a lot of packages to #Gentoo, in the name of giving users a choice. Like, they were projects whose sole purpose of existence seemed to be to find every piece of software that roughly fit a specific topic, get it to build and package it for Gentoo.
Of course, the long-term effect of that is that there's a lot of unmaintained, often broken packages. "The choice" doesn't really work. Sure, users have a lot of packages to choose from — but they have to actually figure out which of these packages are actually useful (if any).
A few years ago attempting to remove packages also faced some verbal opposition. You shouldn't remove unmaintained or outdated packages, because they still work. You shouldn't remove packages that sometimes fail to build, because some flag combinations still work. You shouldn't remove packages that don't build at all, because the user can visit Forums and find some workaround to make them build 🤦. Or they'll have an ebuild handy to start working on it. And anyway, you shouldn't be removing stuff at all, but fixing it instead.
Sometimes the arguments were straight dishonest too: people literally said we need more packages to lure new users in. Like, it didn't matter to them that the packages didn't really work and that the people trying to use them will get a nasty surprise. They wanted people to say "hey, Gentoo has this software we need, let's start using Gentoo".

Falls ihr das #Python "dist"-Modul oder #Ansible nutzt und bei #Gentoo plötzlich für distribution/ansible_distribution/… falsche Werte erhaltet (z.B. ClearLinux):
Gentoo quo…

I think we should EOL #Python versions more often. This triggers not-very-active projects to finally make a release, including another batch of releases today (apparently 6 months mark). Unlike, I don't know, bug fixes.
#Gentoo

This Old Geezer was found shouting at the Clouds last month, a certain patch was suddenly left out of Bakkeby's Flexipatch? One that I absolutely need?
Found out today that I called it switchtotag (which isn't to be found anywhere), whereas the actual name is switchtag (which is included).
Larry knows where I'm heading tomorrow 🐮 !
#gentoo

Kinda related to #Gentoo, so cool" or "they stopped using it, so sad". And I'm like, "why should we care?"
Do they donate money to Gentoo? They don't. And if they did, it would probably come with obligations making this not worth it.
Do they contribute back? Rarely, and if they do, they are unreliable. They benefit more than we do. They just want to dump the packages they need, quickly duct taped together, so that we would maintain them going forward. Their employees rarely reveal that they're paid to do this, and if they do, it's not so they'd be held to higher standards, but to emphasize their importance: "you must placate us."
Well, sometimes they hire Gentoo developers. It's nice that these developers get some gratification for their work, especially if they're able to continue contributing on work time. But in the end, company priorities win. We are either left with loads of new packages with no maintainer and unclear significance, or a Google employee who appeared every once in a while to dump a bunch of ChromeOS patches and never bothered handling the fallout.
So, sorry, but I'd rather care for volunteers who want to make Gentoo better, than companies who see some profit incentive in it.
PS. I'm probably focusing too much on the negative aspects, and we likely had some positive interactions that are far less known and usually don't meet with such fanfare.
#FreeSoftware

Since my job is stable now and I have saved up some money, I have decided to stop accepting donations via GitHub Sponsors and Ko-fi. I would like to thank everyone who helped me over the years. There are people who need the help much more than me right now.
If you needed a suggestion, @… is doing a lot more than me for #Gentoo these days and will certainly appreciate your help. He's also way nicer than I'll ever be.
https://github.com/sponsors/thesamesam
https://ko-fi.com/thesamesam
To the best of my knowledge, Gentoo project does not need extra money right now, but there are other awesome projects such as Disroot or many Fediverse instances that would definitely use some help. However, in general I'd suggest towards supporting individuals rather than projects: people need money to live, and can use your donations directly, while projects are often bound by red tape.
Finally, please support human artists and craftspeople (and I'm counting human software developers in that). Donate to projects and people who resist enshittification and who refuse to use LLMs. They need the money.
Once again, thanks for all.

Is #ChiPass (love the new pronunciation BTW!) good enough for a snapshot in #Gentoo, or should I wait for some release?

Age verification in #Gentoo: if you're using Gentoo, you must be old enough. Problem solved.
#shitposting

I can honestly tell you that, after spending months, possibly years on the Wayland side, going back to Xorg is indeed sheer hell. I got my big-bear suit out and hammered myself through it all, but man, what a chore.
Problem: dwm is so fucking good, patched et al, and Larry is up and running again. Hard to beat that. Tomorrow: all things setup. But st and rofi are already online, so i'm looking forward to that klutzing.

How to get a package removed from #Gentoo?
1. Add a new #NIH dependency.
2. The dependency turns out to use coherent.build. Nightmare! Oh, wait, apparently coherent.build generates source distributions that use flit.core (understandable; coherent.build is unusable).
3. The dependency depends on chardet (the project famous for GPL copywashing). Okay, technically it works with the older version, and the dependency is optional with poor person's fallback, so I guess it would be fine.
4. But hey, this package is not used by anything, and the last package using it in Gentoo was removed in 2020, after not being touched for 4 years already. Also, that package is not maintained upstream since 2017, so I guess there's negligible risk of it ever coming back.
#Python

Another Saturday wasting dealing with pointless churn from #LLVM developers constantly deprecating workflows #Gentoo use, because we are supposed to switch to this new fancy workflow that doesn't actually improve anything but lets them save 10 CMake lines, except it doesn't really work but who cares…
Honestly, one day I'm just going to last rite all Clang runtimes from Gentoo, and tell people to just use GCC.

Sometimes I wonder why do I even bother. I mean, people are perfectly happy to let statistical models designed as bullshit generators do their coding. Why do I even bother running their test suites and inspecting the failures as a human, if these tests may well be complete bullshit?
#FreeSoftware #OpenSource #Gentoo #Python #AI #LLM #NoAI #NoLLM #VibeCoding

Remember how #Opera browser used not to be one huge scam?
Now they're mailing #Gentoo over dead Opera-related links on the Wiki, with random #SEO crap.

Sometimes it makes sense to act smart rather than brute-force.
For example, when Intel makes another #MKL release and you get version like "2026.0.0", and you need to figure out the remaining "-n" suffix for the .deb packages. And you really don't want to start a Debian container to figure that out.
Well, you could just keep brute-forcing until you find the right number. Or you can figure out that the index URL is #Gentoo

0 days since #Whalebone fucked up completely and #DNS4EU started resolving #Gentoo .org to some random Japanese site.

#Python is just doing great. We're not having impossible constraints, as some projects need old #setuptools for pkg_resources, and other projects are starting to require newer setuptools for some fancy new features. And ofc after promising to release pkg_resources standalone over a month ago, setuptools upstream didn't deliver.
#Gentoo

So you read about #CopyFail, and are like… owww, shit. But then you see that it was responsibly disclosed after being fixed in main, we had releases since, they went stable in #Gentoo (over other #security fixes), so we should be good, right?
Except that it turns out that after it has been fixed in mainline, nobody bothered actually backporting the fix to all the LTS branches. And it doesn't apply cleanly (#Gentoo #Linux

And non-zero version epochs in #Python are now officially discouraged. Not that anyone used them.
#Gentoo

Fun oneliner:
gpy-impl -@dead -3.11 -pypy3_11 *.ebuild && copybump $(git diff --relative --name-only .) && { check-revdep && pkgcommit -sS . -m 'Remove py3.11 (per scipy)' || git restore -WS .; }
#Gentoo

If my eyeball counting is correct, #Gentoo is already seeing more pull requests filed on #Codeberg than on #GitHub, over the last 5 days.

It's really great that #Gentoo no longer has to rely on such uncultured solutions as using scp / rsync to push a bunch of distfiles to a public_html directory that's then exposed on a HTTP server. Now I just have to… [checks notes]
1. Use 'kup putraw' to put the kernel patchset on distfiles mirror.
2. Wait an hour for mirrors to sync.
3. Start building new kernels.
4. Rsync kernels from build hosts to the local machine.
5. Use a complex script involving 'kup ls ... | grep' (yes, there is no way to check if a file exists, and most of kup commands don't even feature exit statuses) and `kup putraw ...` to upload the built kernels.
6. Wait an hour for mirrors to sync.
7. Check if all kernels were uploaded correctly.
8. Push new kernels.

I've been wondering lately if my job is #bullshit.
I've given it a lot of thought, and I think it's not directly bullshit. I'm doing stuff that's meaningful, at least in a narrow scope, both in my dayjob and my #FreeSoftware / #Gentoo work.
That said, with the arrival of all the bullshit CEOs, CTOs, all their bootlickers, wannabe bootlickers, and all the CEO/CTO/bootlicker cosplayers, the whole software industry is becoming filled with bullshit to the brim.
Even if my work is meaningful, it contributes more and more to software that's either scam in itself, used to scam people or pure unadulterated bullshit. Even if the tools used to be useful, they either gain bullshit parts or bullshit dependencies.
I hate this, and it's making me hate what I'm doing.

Greg Kroah-Hartman: "If you look there are thousands of unfixed CVEs in the older LTS kernels right now, and if distros or users that rely on those older branches wish to see those resolved, they need to provide working backports to us to apply, as our first attempt did not work (which is why they are unfixed in those branches.)"
Really asking for a "Pray tell us", given that nobody actually bothered disclosing the problem to downstreams and that the commit message was hiding it.
Either way, apparently the great LLM-backed patch backporting process that #NVidia is so proud of doesn't really work. Upstream doesn't really care about #LTS branches, and they should be considered insecure by default.
#Gentoo #Linux #CopyFail #security

If you're wondering what I'm doing on this fine morning: I'm recursively wgetting ~140G of old #Gentoo dist-kernel binary packages (that nobody really cares about) just to re-kup-load it to the same hypervisor after renaming and PGP-signing them. At roughly 14 MiB/s.
Praise be overengineered solutions.
Yes, I could be instead spending hours trying to figure out PGP agent forwarding.
EDIT: it's no longer 14 MiB/s.

PSA: The annual #Gentoo #Python switch planned for 2026-06-01. CPython 3.14 becomes the default, 3.11 and #PyPy 3.11 go out. The latter fills me with sadness but keeping it is unrealistic now that projects are aggressively pushing for 3.12 .
Of course, we'll continue shipping the interpreters, so you can use venvs if you like. However, that's going to become harder to use since many projects either don't ship PyPy wheels or don't work on PyPy at all without patching.
We will revisit PyPy support if a version compatible with Python 3.12 appears in reasonable time.
https://public-inbox.gentoo.org/gentoo-dev/20260412164104.429630-1-mgorny@gentoo.org/T/#u
https://public-inbox.gentoo.org/gentoo-dev/58cefccb3d0758671537715f4ddb34d59c938461.camel@gentoo.org/T/#u

Dear LLM brains, in case it wasn't obvious, the comments on my blog are moderated, so there's really no point in trolling and flaming. That said, if you want to engage in that, you could at least have the decency to sign them using your own nickname rather than impersonating another #Gentoo developer.

My first instaban for #slop PR to #Gentoo.
Normally, we warn people first, but here it's clearly an untested (and obviously broken) slop contribution by non-Gentoo user trying to push their software all over the place.
#NoAI #NoLLM

The bright #LLM future, next part.
git.gentoo.org is now effectively dead, being DDoS-ed by almost a million different IPs every day. Most of them are just performing a single request at a totally random URL. How are people supposed to deal with that? How can we distinguish a legitimate user who hit some URL from a scraper that distributes its operations over thousands of IP addresses?
If you use LLM crap, you're part of the problem. You support these bastards. You should be ashamed of yourself.
#Gentoo #NoAI #NoLLM #AI

Proper #security nightmare time.
#LMDB is a database that's designed to operate on trusted input. Upstream has historically rejected all bug reports regarding problems with malformed input.
Py-LMDB project provides #Python bindings to LMDB that are normally built against bundled LMDB. Someone recently started mass-filing "untrusted input" vulnerabilities against py-lmdb, and py-lmdb started #slop - coding fixes to their bundled LMDB. Of course, nobody even bothered reporting most of these bugs upstream, and the one that I've seen reported was rejected as "don't do that".
Py-LMDB supports building against system LMDB, and #Gentoo was doing that so far. However, now we are facing a problem: system LMDB operates under the assumption that it is working on trusted input, while py-lmdb (and its bundled LMDB) operates under the assumption that it may be working with untrusted input. The guarantees no longer align.
If we continue to use system LMDB (and skip all the added slop tests that literally cause Python to crash), then Gentoo's py-lmdb package will now have different input expectations than upstream py-lmdb. And of course we can't just remove that crap because someone added exactly one package (TorchVision, i.e. part of the plagiarism machine suite) depending on it.
https://bugs.gentoo.org/971352

#LLM users should be obliged to buy *expensive* scraping offsets, and the money should go to #FreeSoftware projects that have to cope with their infrastructure being *killed* by crappy #AI scrapers.
Yes, #Gentoo is suffering from another wave. And yes, if you use their projects and therefore support their business model, please don't use Gentoo.

Isn't it great when you spend half an hour dealing with the fallout of some cool kid deciding it would be great if a totally random pure #Python package required a build backend written in #RustLang?
#Gentoo #uv

A short history of #SQLGlot:
2023-07: SQLGlot is added to #Gentoo.
2023-12: Rust extension is added.
2026-03: Rust extension is replaced by mypyc compilation.
2026-03: SQLGlot now requires its own mypy fork… 🤦
Seriously, what are these people thinking?!
EDIT: and of course it's LLM #slop now.
#Python

Just a random reminder that #Qt is not a good choice. Qt is an #OpenSource spew of a malicious company whose business model is based on constant API churn, and selling proprietary security support to people who can't keep up and are stuck on old versions.
Many volunteers (including #Gentoo developers) are spending hours keeping the previous Qt version alive, so people can continue using software that hasn't been ported to the next version yet, and helping with porting. Dozens of useful programs are dying along with old Qt versions.
#FreeSoftware

So I've started the (hopefully) cross-distro debate on the hard topic: how to deal with potential #AI #slop packages. Yes, I am burned out and depressed.
#Gentoo #NoAI #NoLLM #LLM

As I've mentioned, I've finished Xenoblade Chronicles 3D. So now #Gentoo gets an up-to-date games-fps/crispy-doom (an older version used to be in ::guru).
#games #doom #CrispyDoom

I hear that #Python folk are going to enjoy their Monday.
#setuptools removed pkg_resources.
Thanks to Eli Schwartz for the advance warning. We're going to mask it in #Gentoo.

New on #blog: "Money isn’t going to solve the #burnout problem"
"""
The xz-utils backdoor situation brought the problem of FLOSS maintained burnout into the daylight. This in turn lead to numerous discussion on how to solve the problem, and the recurring theme was funding maintenance work.
While I’m definitely not opposed to giving people money for their FLOSS work, if you think that throwing some bucks will actually solve the problem, and especially if you think that you can just throw them once and then forget, I have bad news for you: it won’t. Surely, money is a big part of the problem, but it’s not the only reason people are getting burned out. It’s a systemic problem, and it’s in need of systemic solution, and that’s involves a lot of hard work undo everything that’s happened in the last, say, 20 years.
But let’s start at the beginning and ask the important question: why do people make free software?
"""
#FreeSoftware #OpenSource #AI #NoAI #LLM #NoLLM #Gentoo