From mboxrd@z Thu Jan  1 00:00:00 1970
From: "Carlos O'Donell" <carlos@redhat.com>
Subject: Re: [PATCH] Gracefully handle incompatible locale data
Date: Fri, 25 Sep 2015 17:20:13 -0400
Message-ID: <5605BA8D.40907@redhat.com>
References: <876132lbic.fsf@gnu.org> <20150922191804.GA13637@domone>
 <877fnijgin.fsf@gnu.org> <20150922215022.GA27201@domone>
 <8737y4hkrz.fsf@gnu.org> <20150924082755.GA4767@domone>
 <87h9mjeqyy.fsf@gnu.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
Return-path: <libc-alpha-return-63502-glibc-alpha=m.gmane.org@sourceware.org>
List-Unsubscribe: <mailto:libc-alpha-unsubscribe-glibc-alpha=m.gmane.org@sourceware.org>
List-Subscribe: <mailto:libc-alpha-subscribe@sourceware.org>
List-Archive: <http://sourceware.org/ml/libc-alpha/>
List-Post: <mailto:libc-alpha@sourceware.org>
List-Help: <mailto:libc-alpha-help@sourceware.org>, <http://sourceware.org/ml/#faqs>
Sender: libc-alpha-owner@sourceware.org
In-Reply-To: <87h9mjeqyy.fsf@gnu.org>
To: =?UTF-8?Q?Ludovic_Court=c3=a8s?= <ludo@gnu.org>, =?UTF-8?B?T25kxZllaiBCw61sa2E=?= <neleai@seznam.cz>
Cc: libc-alpha@sourceware.org, guix-devel@gnu.org
List-Id: guix-devel.gnu.org

On 09/24/2015 12:12 PM, Ludovic Courtès wrote:
> Ondřej, I think we have been miscommunicating.
> 
> I noticed that a program linked against 2.21 or earlier would abort with
> an assertion failure when it stumbles upon 2.22 locale data.
> 
> All the patch tries to do is change the abort to EINVAL (and skip locale
> data) when that happens.
> 
> I’m not claiming this is perfect, and I agree with you on that point.
> I’m just saying that ignoring the faulty locale data and returning
> EINVAL (which the application can choose to take into account or not) is
> preferable to aborting.
> 
> Does that make sense?

Despite Roland saying "LGTM", I think this is not a good change.

Firstly, it's not the community consensus as Ondrej is pointing out.

https://sourceware.org/glibc/wiki/Style_and_Conventions#Error_Handling

It is a fundamental system misconfiguration issue not to have upgraded
the binary locale data from one release to another.

The community consensus was that user errors like this should fail
immediately, but in ways which the user understands the failure, and
fixes the system.

Returning an error code simply leads to the user ignoring the serious
configuration issue. Worse is that in a locale archive file we now
skip such bad binary archives (_nl_load_locale_from_archive), and
this hides the problem. Worse we might also skip locale files in
directories like /usr/lib/locale/C.utf8, which we might want to always
be loaded as a default UTF-8 locale. I'd rather see an error message
in Fedora than allow that to continue by skipping that locale with
no error given.

We should abort, but the abort error message should be much clearer
about what's going wrong. Therefore I would accept a patch that gives
a clearer error message in this case, but not one that removes the
assert.

Cheers,
Carlos.