[TriLUG] package management pitfalls
Igor Partola
igor at igorpartola.com
Tue Oct 30 12:19:27 EDT 2012
Brandon,
Yes, these are all good points. That's why I mentioned homebrew and their
package quality. I think the proliferation of PPA's in Ubuntu's corner of
the world is getting close to the territory of "dangerous and unreliable".
The strength of APT in Debian/Ubuntu comes from two sources: (1) the fact
that APT is a very nice piece of software working over a well-designed
package format and (2) the fact that the standard Debian/Ubuntu
repositories are both plentiful and very well maintained. I am also a big
fan of private repositories such as those from nginx or 10gen (MongoDB),
where really only a single package is supplied, it comes from a trusted
source, and is specifically packaged for a particular release of
Debian/Ubuntu. However, all too often you do see posts on StackOverflow and
such that advise people to just add a PPA that is run by "some guy" that
has package X. I even had someone once enable the experimental repositories
on a Debian 5 box on such advise. He was half-way done with the system
upgrade when I discovered this. Thankfully, this was not a critical
production system...
I like your term "package paranoia". I do get that periodically, especially
at the intersection of system packages and various Python libraries. While
Debian/Ubuntu repositories are plentiful, they are not all-inclusive. That
can be a pain. However, in my experience there are really two broad
categories of usage:
1. Desktop users. I have yet to come across an application that would be
both useful for a desktop user and is not in the Ubuntu repositories. This
case seems to be well addressed.
2. System admins/developers/production server users. In this case, there
are plenty of cases where you might need package X version 0.2 but only 0.1
is available (especially if you are running LTS releases). However, by this
point it seems that the problems are solvable other ways. You point out at
least one: compiling packages from source. I usually start there, but end
up creating my own packages in the end (
http://igorpartola.com/uncategorized/making-debian-packages) and putting
them in my own repository. In fact, I find this approach much easier than
pinning individual packages.
TL;DR version is, I agree with you on the whole: there are plenty of
problems with Linux distro packages, at least judging by Debian/Ubuntu.
However, this system is still about 5 times better than any other I've seen
or heard of.
Igor
More information about the TriLUG
mailing list