D&C GLug - Home Page

[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]

Re: [LUG] Upgrades

 

On Tue, Feb 07, 2017 at 06:48:00PM +0000, Joseph Bennie via list wrote:
> 
> > On 7 Feb 2017, at 17:25, mr meowski <mr.meowski@xxxxxxxx> wrote:
> > 
> > On 07/02/17 15:32, Joseph Bennie via list wrote:
> >> 
> >>> On 7 Feb 2017, at 15:09, Simon Waters via list <list@xxxxxxxxxxxxx>
> >>> wrote:
> >>> 
> >>> Stop installing software from random places, that is why Windows
> >>> and Apple are a mess.
> >>> 
> >>> Just stick to the distro repos, set it to auto-update, be happy.
> >>> 
> >> 
> >> thats just the most dumb ass suggestion i've ever heard!   whats the
> >> point of an open platform if you constrain yourself to a limited set
> >> of installable packages.
> > 
> > Hmm, I'm not so sure there chief - for your average *user* I'd say
> > Simon's advice is pretty solid.
> 
> for your average unix user perhaps, but your average PC/Mac user ...OMG are you 
> crazy. bring on the statically linked binaries in a zip file. 

And end up with a computer filled with unverified binaries from random websites,
with who knows what malware features and a growing list of CVEs not getting
fixed?
 
The repo system is geniunely amazing, it's such a shame that even people that
use Linux don't understand the benefits of it.

Several distros back port security fixes from the most recent versions and apply
them to the versions in their stable releases:

https://www.debian.org/security/2017

The latest versions may have a handful of *shiny-new-features* but they also
have several *shiny-new-bugs*. Having all of the software on a computer on fixed
versions between releases gives you a trustworthy base to work on. I can turn on
my Linux boxes and know that they'll behave the same way they did yesterday. I
can know that the software I've written on them will carry on working correctly
until I decide it's time to upgrade to the new release, when I'll get a
significant amount of time to test it all.

I can no longer turn on my *phone* and trust that it will work as expected.  I
drove to work in silence recently because my podcast app suddenly had a bug
where the sound cut out. 

I really like this article:

http://kmkeen.com/maintainers-matter/2016-06-15-11-51-16-472.html

> > It's not what I'd personally do but it
> > is what I do for many of my end-users. Set and forget, what's not to
> > like? If you don't know what you're doing you should probably stay away
> > from anything not in the repos I'd think and for the rest of us, as you
> > say, it's an open platform, so go wild. Not so sure about "limited"
> > package selections either... how many available apps does Debian provide
> > these days, something like 30,000+? That's about 30,000 more than the
> > Windows and Apple repositories after all. Which don't exist!
> > 
> 
> Quantity is not a substitute for quality.     Every day i need the same core apps. 
> But can I get an environment setup akin to my mac or PC .. forget it! 
> 
> There is no polish ... just lots of semi-useful stuff and a lot of tears. 
> 
> why? because with linux you have too many permutations to test to any depth, and a 
> smorgasbord of GUI hells to deal with.   (a command line app isn't quite the same 
> problem) 
> 
> statically linked binaries in a zip - significantly simplifies testing, deployment 
> and thus more effort can be applied to polish.  
> 
> >> You might as well admit that installing software on linux was simply
> >> better when we did ./configure; make; make install;  after having
> >> downloaded a zip from a newsgroup by bilbo baggins
> > 
> > Haha, good times. Yeah, that was not a good way to do things. I still
> > have to do it all the time unfortunately - in 2017 you just add a random
> > "git clone some-random-arse-repo.git" instead and skip the download
> > tar.gz. What progress we have made!
> 
> npm love  <3  but i digress
> 
> 
> > 
> >> Windows and apples a mess .. sorry but installing apps on both
> >> platforms is charm compared with linux.
> > 
> > Not quite sure I agree with you or even understand you quite right here
> > though, apologies. Windows and Apple a mess for installing new apps?
> > Yep, pretty much although the new walled garden AppStores they provide
> > now are at least curated properly, if you like that sort of thing (I
> > don't, but end users seem to). Linux systems come with gigantic repos
> > and their own highly sophisticated package managers so I'm not sure what
> > the imagined problem is there. And of course, all three systems will let
> > you hunt down random packages or even source code from the internet at
> > large and perform manual installs if you must. Well, Apple won't until
> > you disable Gatekeeper but that's another story.
> 
> as a daily mac user I have all the fun of ports, brew, npm, repo based packaging + 
> src tar.gz through to point and click magic. It all works, because no one is 
> screwing with the core libraries. 
> 
> and library versions is the problem thats being addressed, not how to inventory 
> and find items. 
> 
> I think repos are great.    ... repos are fantastic means to generate searchable 
> inventories and distribute packages.
> 
> flatpacks however are packages, but they differ from a deb or rpm in that they 
> often contain statically linked binaries.    
> 
> deb, rpms etc ship mostly dynamically linked binaries thus are very interdependent 
> on other packages.  Which is why a repo is very useful..... (to find and pull in a 
> dependency)    but a repo can also list a flatpack. 
> 
> 
> so why all the fuss. The fuss is about improving the user experience in terms of 
> test quality and app stability. because linux/GNU ecosystem is a volatile place 
> .... 
> 
> if you can focus you energy on testing a thing within a known limit you can focus 
> on deeper problems within the software, and also reduce dependency complexity.  
> 
> in a way you get little islands / bubbles of stability that float along in the 
> overall ecosystem of your desktop, each one a self contained paradise with only 
> minimal connections to core system services. 
> 
> > 
> >> flat pack feels like a common sense approach for user space apps.
> >> repos are prefect for core libs and frameworks , drivers etc .... but
> >> its clear that while distro packaged apps are easier , they dont
> >> actually work for the majority of app distributers.  so it better to
> >> have a 2 pronged solution.
> >> 
> >> packages where apps are very distro specific, and flatpack for apps
> >> that need specifics.
> > 
> > I'm going to have to disagree with you here I'm afraid. I'd like to be
> > wrong, but if we revist this same conversation in five years I'm willing
> > to bet that snapd packages and flatpak will have gone exactly the same
> > way as every other distro-agnostic packaging tool that has ever come
> > before, and there have been a lot of them too. I.e., they will be dead,
> > and good riddance.
> > 
> 
> My point here isn't that flatpack is somehow the NBT. but that the concept of a 
> zip of statically linked files with a simple meta file for menu magic is a solid 
> solution. 
> 
> There are many cases when dynamically linked libraries are the best solution, but 
> there are a great number of alternative use cases where its not. and true user 
> space apps are a great example of a good place to use flatpacks.    
> 
> > We've both joked about it but the only truly distro-agnostic installer
> > there has ever been and possibly will be for many years is the
> > venerable, dreaded source.tar.gz. It will certainly outlive us all.
> 
> amen. ... did i mention npm 
> > 
> > Cheers
> 
> 
> -- 
> The Mailing List for the Devon & Cornwall LUG
> https://mailman.dclug.org.uk/listinfo/list
> FAQ: http://www.dcglug.org.uk/listfaq

Attachment: signature.asc
Description: Digital signature

-- 
The Mailing List for the Devon & Cornwall LUG
https://mailman.dclug.org.uk/listinfo/list
FAQ: http://www.dcglug.org.uk/listfaq