About F19 Firewall

Phil Knirsch pknirsch at redhat.com
Fri Sep 20 16:12:56 UTC 2013

On 09/20/2013 06:07 PM, Phil Knirsch wrote:
> On 09/20/2013 05:12 PM, "J├│hann B. Gu├░mundsson" wrote:
>> On 09/20/2013 02:15 PM, Matthew Miller wrote:
>>> On Tue, Sep 17, 2013 at 04:50:06PM +0200, Mateusz Marzantowicz wrote:
>>>> It's written in Python and so what? Interpreted languages like Perl and
>>>> Bash are widely used in Linux world to implement many tools. I don't
>>>> buy
>>>> argumentation that if something is not implemented in C it sucks.
>>> It's not that it "sucks", it's that it requires significantly more
>>> resources. In a minimal install, firewalld is by far the largest memory
>>> consumer out-of-the-box, which is very wasteful in the 99.99% of the
>>> time
>>> where it isn't doing anything.
>>> And, the python stack is a meaningfully-large portion of the minimal
>>> install. Right now, that's unavoidable because of yum, but in the
>>> not-so-far
>>> future dnf may make it possible to remove that. If we're putting in
>>> _more_
>>> python-dependent infrastructure code, we'll never get there.
>> Do you have list somewhere of python dependent code in the core/baseOS?
>> JBG
> Just ran a minimal install on a box here. Ended up with about 310
> packages and a
> rpm -q --whatrequires "python(abi)" --qf "%{NAME}\n" | sort
> gives me this list:
> authconfig
> dbus-python
> firewalld
> libselinux-python
> newt-python
> pycairo
> pygobject2
> pygobject3-base
> pygpgme
> pygtk2
> pyliblzma
> python-decorator
> python-iniparse
> python-pycurl
> python-slip
> python-slip-dbus
> python-urlgrabber
> pyxattr
> rpm-python
> yum
> yum-metadata-parser
> So there's quite a bit of other stuff that still requires python as well
> apart from firewalld.
> Thanks & regards, Phil

A quick bit more info to that:

the pygtk2 stuff came from a powerpc-utils package, so ignore that for now.

The rest is really yum, authconfig and firewalld in the chain. So i 
agree with a focus on those 3 apps to be tackled in the near future, and 
i know that firewalld is geting a rewrite in C soon, see the same for 
yum via dnf. That only leaves authconfig, which should be doable as well 
(just needs someone actually doing it).

Thanks & regards, Phil

Philipp Knirsch              | Tel.:  +49-711-96437-470
Manager Core Services        | Fax.:  +49-711-96437-111
Red Hat GmbH                 | Email: Phil Knirsch <pknirsch at redhat.com>
Wankelstrasse 5              | Web:   http://www.redhat.com/
D-70563 Stuttgart, Germany

More information about the devel mailing list