Apologies for the really late reply. Sadly I was ill for the best part of December.
So I wouldn’t claim this is a solved problem, because it really gets
fixed when we discover a problematic case, and we certainly overlook
some of them. Yet, that’s something I pay attention to, and I think we
must clearly look to address more of such issues.
WDYT?
I am super excited about Guix and the system seems to be progressing very quickly. Loads of commits everyday. However, the more I dig into Guix, the more i see this as an urgent issue.
For example, consider samtools, a package I use daily and that was recently committed to Guix:
http://git.savannah.gnu.org/cgit/guix.git/tree/gnu/packages/bioinformatics.scm#n139It forces me to install python. In contrast, consider Arch AUR's package:
https://aur.archlinux.org/packages/samtools/Python is listed an optional dependency. In my opinion, it is highly undesirable that Guix doesn't have a mechanism to decouple packages from optional dependencies. This scenario seems to be arising mostly in case of interpreters that may be called by the program to execute some optional stuff.
An extreme example of this is weechat:
http://lists.gnu.org/archive/html/guix-devel/2014-09/msg00229.htmlCompare with:
https://www.archlinux.org/packages/extra/i686/weechat/Guix version forces the user to install all interpreters for running user-defined scripts to extend Weechat. These are quite many: lua, perl, python, ruby, tcl (and guile).
I understand Guix/Nix philosophy and I adhere to it. But at some point we need to draw the line between a dependency and dynamic linking. Otherwise, installing a package may lead to many undesired dependencies getting installed. This has many implications, including security ones.
A.