Re: When you needed newer software than Sid/Backports provide...
Hi,
I appreciate Boyd's enthusiasm but I hope he will be a bit careful
checking facts and learn best practices.
On Wed, Jul 08, 2009 at 01:45:56PM -0500, Boyd Stephen Smith Jr. wrote:
> In <[🔎] 20090708155214.GA5316@osamu.debian.net>, Osamu Aoki wrote:
> >On Wed, Jul 08, 2009 at 10:41:44AM -0500, Boyd Stephen Smith Jr. wrote:
> >> In <[🔎] 90bb445a0907071607k26d7720fwf19c65e91c501fcd@mail.gmail.com>, Akira
> >> Kitada wrote:
> >> >So here's my question. How can you manage new softwares while keeping
> >> >the system stable?
> >> >Using packages from backports.org or Sid? Do you build .deb packages
> >> > yourself? Can you keep the Lenny's intact?
...
> >> You can choose the version from backports, testing, sid, or experimental
> >> through the aptitude curses interface, or by using 'aptitude install -t
> >> $release $packages' or 'aptitude install $package=$version'.
> >
> >"You can install a package" is different from "you can get reliable
> >system". This type of reckless comment is dangerous as advise to
> >general public. (Boyd knowing well, he may be OK) I was once reminded
> >by other DD when I made similar remarks...
>
> It's true that a mixed system isn't completely supported.
This is important and there is reason for this :-)
> However, ...
I know it works mostly ... but this is not something novice user should
be casually advised to do without knowing how to judge when to do it.
> The main difficulty I've encountered when running a mixed system is that
> 'aptitude safe-upgrade' and 'aptitude full-upgrade' often need more advice
> as to what to install. I found the aptitude curses UI quite valuable when
> resolving those issues. If you throw up your hands and mail the list as
> soon as aptitude can't auto-resolve an installation/upgrade to your
> satisfaction, a mixed system isn't for you.
sigh ...
> >> If Sid/experimental doesn't contain a new enough package for you, find
> >> it is some other signed repository, add it to your sources.list, set a
> >> priority (200 maybe?) for it, and add the signing key to your apt
> >> keychain.
> >>
> >> If it isn't in any signed repository, just install a .deb using dpkg, or
> >> an .rpm via alien. If you *have* to compile to software yourself, roll
> >> your own .deb; it's not that hard to make a minimal one so that the
> >> software can be easily uninstalled and file conflicts can be detected.
> >
> >Oh.... you are going too far.
>
> The supported options are (a) don't install that software or (b) get that
> software into Debian by becoming a Debian maintainer. Some people
> can't/won't take either of those options.
I do not share your idea .... there is many things you can do as non-DD
such as making private backports. This is elaborated in my "Debian
Reference" if you ever cared to read.
> My advice is a third option. It is not supported, but it works quite a bit
> better than doing all the work of a package manager yourself. Stow,
> mentioned elsewhere in the thread, is also a great tool if there is no .deb
> available, but it still leaves you having to fight with the ./configure &&
> make process which is not *always* trivial.
I encourage much more careful approach to your system maintenance and
advise to others.
Osamu
PS: Boyd seemed to suggest any signed archive can be used. I hope he
will not find a malicious archive with a signature .... I know
installing malicious package can easily erase his system.
Reply to: