I looked up specifically examples of this and didn’t find answers, they’re buried in general discussions about why compiling may be better than pre-built. The reasons I found were control of flags and features, and optimizations for specific chips (like Intel AVX or ARM Neon), but to what degree do those apply today?

The only software I can tell benefits greatly from building from source, is ffmpeg since there are many non-free encoders decoders and upscalers that can be bundled, and performance varies a lot between devices due to which of them is supported by the CPU or GPU. For instance, Nvidia hardware encoders typically produce higher quality video for similar file sizes than ones from Intel AMD or Apple. Software encoders like x265 has optimizations for AVX and NEON (SIMD extensions for CPUs).

  • corsicanguppy@lemmy.ca
    link
    fedilink
    English
    arrow-up
    5
    arrow-down
    1
    ·
    edit-2
    16 days ago

    didn’t find answers [:] they’re buried in general discussions about why compiling may be better than pre-built. The reasons I found were control of flags and features, and optimizations for specific chips (like Intel AVX or ARM Neon), but to what degree do those apply today?

    You won’t build and install directly from source in any proper enterprise environment, simply because validation breaks and (provably) consistency goes with it; and that takes out reliability.

    Even accounting for the gains when you’re tuning stuff, or even when it’s a home build, or even when it’s a kernel build and you’re removing or adding drivers or tunable defaults, ultimately you will be building a package as a portable artefact to be submitted for testing or pulled out of backups for easy re-install. Especially when kernel builds take a long time, and even when you’re using makefiles for much of it, you’re STILL going to be building a package, only so you have the process encoded and repeatable and so you don’t have to re-make if it all works (more an issue when building a kernel package took 25 hours, but you get the idea).

    So. In short, if someone’s telling you to compile into production from source, it’s still a security risk and it’s also inefficient past the N=1 stage. Irresponsible for TWO reasons, then.

    Edit. I coordinated with Support while I was doing Security work in ~2005. You wanna know how to piss off your support worker and fast-track a ticket to ‘no repro’ death? “I compiled it on the machine from source …” and that goes for paid support or gitlab project volunteer support.