You'll note, however, that for most distros Perl doesn't depend on
openssl, libssp, etc.
Also, including extra optional stuff as dependencies is considerably
more acceptable when you're installing a primary OS. We expect a Fedora
or Arch install to need 10GB and daily security updates. That's the
unfortunate reality of linux today. For cygwin, on the other hand,
people's expectations are different. A lot of people want cygwin to act
like "unxutils on steroids" and just give them some basic functionality
to supplement Windows. Not everybody is trying to make KDE on Cygwin-X
their primary desktop.
Last year I complained when libcurl suddenly started pulling in the
entire kerberos stack (9 packages), presumably due to changing the
compile time option to include it. Yaakov dismissed my complaint as
irrelevant because disk space is cheap. I didn't feel like arguing the
point then, but the only thing I think of when I hear "kerberos" is the
many many high-publicity vulnerabilities in the kerberos stack over the
years. If you're putting cygwin on a bunch of machines just to ensure
they all have access to a few basic utilities, keeping update worries to
a minimum would be nice.
I know that for a lot of packages the packagers will have legitimate
reasons to decide that some users' desire for increased functionality
overrides other users' desires for a small, possibly even portable,
cygwin install with minimal update needs. Such is life. But please don't
just completely dismiss the latter group of users' concerns as irrelevant.
--
Problem reports: http://cygwin.com/problems.html
FAQ: http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
