On Fri, Jan 23, 2015 at 10:57:55AM +0000, Anthony Towns wrote: > It takes a couple of minutes to download something using pip or > npm; how long does it take to get a python or nodejs Debianized and > installable? (eg: learning that npm2deb exists, how to use it, what else > you have to do to have a package, building the package, and getting apt > access to the package -- which in turn presumably includes setting up > and distributing an archive key) > > In an ideal world, users would just be able to say "apt-get install > lib-whatever-perl" and have it. At worst, they might have to modify > their apt sources explicitly to say "yes, I know there's a lot of crap > on CPAN that doesn't necessarily receive good security updates, I know > what I'm doing". > > There's two ways that could be achieved: > > - having automated scripts pull everything from CPAN (et al), package > it as debs, and publish it > > - having about 14,000 new DDs each individally maintaining 10-20 > library packages > > But if the answer is "oh, you want to use some random nodejs package? just > npm it into /opt. if you want there's some tools to help start you off > in packaging it too" > > (Yes, I really think Debian should have 300k+ packages, including If this is being done in an automated fashion is there not a third option? Teach apt and associated tools about the language specific repositories. They'd do the download from CPAN or wherever, do the conversion, and pass to dpkg. On the fly, no need to expand the archive and no need to wait for the latest and greatest if you're that way inclined. For extra bonus points teach cpan, gem etc to still work but register the package + files with dpkg. I think there are some issues with automated packaging which would mean that you'd still want hand crafted bits, and there's the question of how you pin to a "stable" version (though I think often the reason people are pulling in from external sources is because the version in stable simply isn't recent enough, rather than unavailable) but it'd be kinda cool to have: cpan http://cpan.etla.org/ cran http://mirrors.ebi.ac.uk/CRAN/ etc in /etc/apt/sources.list and have it just work. You could probably treat each different source as a different suite to aid with apt pinning (and by default preferring the Debian version rather than the external version). J. -- I reckon that me and you should rule the world.
Attachment:
signature.asc
Description: Digital signature