GoKawiilMultiple times in the past I’ve been thinking of how Gentoo is perceived by the wider public, the non-users. What probably stands out most is compiling. Almost everyone who heard of Gentoo knows it has something to do with compiling everything. And why are we doing that? Well, besides being hardcore, the common sentiment goes for performance. So yeah, Gentoo users must be some kind of hardcore ricers who try to squeeze every last bit of their system performance.
To be honest, I don’t think that’s a good way to describe Gentoo. Yes, compiling is at the core of it. But performance? I don’t think so, at least not in the obvious, -O9999 -fzomg-fast way. The world has moved on, CPUs have gotten faster, optimizations have gotten smarter, and distributions have started optimizing more aggressively. Optimization-wise, I suspect your average Ubuntu package with generic optimizations may be no slower than the equivalent Gentoo package fine-tuned for your CPU. And if it’s not, then it probably won’t make a real difference anyway.
There’s much more to Gentoo than that. Yes, some of it comes from building from source: the flexibility. But a lot of it comes from the wider Gentoo philosophy, the philosophy that brought us all together. The idea that Gentoo is the distribution we’re making for ourselves and people who enjoy Gentoo. So if I were to make a few arguments for Gentoo, I’d focus on that. And this is what I’d like to do here.
Gentoo aims to be independent
There is no company behind Gentoo. There is no business model. It’s all made and governed by people dedicated to the values behind Gentoo. A few of us may be working on the distribution as part of our dayjob, but the vast majority (myself included) are just volunteers. We are driven by passion, and not by profit incentive. And if that wasn’t enough, we’re good at making Gentoo as unprofitable as possible.
The infrastructure behind Gentoo is partially donated, and partially paid for by donation money. We’re not putting all our eggs in one basket. No single donor can hold Gentoo hostage. In fact, we’re currently disbanding Gentoo Foundation in favor of SPI to reduce the risk of direct financial governance becoming a choke point.
Gentoo aims to be secure
Security is important to us. We are doing our best to keep Gentoo packages secure, often going ahead of upstream in backporting patches. We have a dedicated security team who helps everyone track the problems, resolve them and keeps our users informed.
We are maintaining our own infrastructure to reduce the risk of being hijacked. We are securing our distribution channels and mirrors using OpenPGP (and yes, it’s the best tool for the job, backed by our own infrastructure). We are only using Codeberg (which we really appreciate) and GitHub as optional mirrors and contribution channels, and we aren’t making Gentoo dependent on either. Sure, abandoning them would be inconvenient for us, but we can do that if need arises.
We have very strong QA policies, often in discord with upstream decisions. Bundled dependencies? Not on my watch. Static linking? No, thank you. Pinned dependencies? Let me try removing these pins. Or well, at least we try. As the quality of software development is dwindling, we do our best to prevent the most obvious threats, such as severely outdated dependencies.
... continue reading