[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: When you needed newer software than Sid/Backports provide...



Hi,

I understand Aoki-san's concern.
There's no easy way to find out whether a package can be trusted or not.

I'd use stow for the moment. It would work for my purpose in most cases.
Someday I might like them to be packaged to deploy them in easy way.
Even in that case, I'd still keep those things away from official
system to avoid
them overwriting *stable* software. (/usr/local or the like)

Thank you

On Thu, Jul 9, 2009 at 11:48 PM, Osamu Aoki<osamu@debian.org> wrote:
> Hi,
>
> I appreciate Boyd's enthusiasm but I hope he will be a bit careful
> checking facts and learn best practices.
>
> On Wed, Jul 08, 2009 at 01:45:56PM -0500, Boyd Stephen Smith Jr. wrote:
>> In <20090708155214.GA5316@osamu.debian.net>, Osamu Aoki wrote:
>> >On Wed, Jul 08, 2009 at 10:41:44AM -0500, Boyd Stephen Smith Jr. wrote:
>> >> In <90bb445a0907071607k26d7720fwf19c65e91c501fcd@mail.gmail.com>, Akira
>> >> Kitada wrote:
>> >> >So here's my question. How can you manage new softwares while keeping
>> >> >the system stable?
>> >> >Using packages from backports.org or Sid? Do you build .deb packages
>> >> > yourself? Can you keep the Lenny's intact?
> ...
>> >> You can choose the version from backports, testing, sid, or experimental
>> >> through the aptitude curses interface, or by using 'aptitude install -t
>> >> $release $packages' or 'aptitude install $package=$version'.
>> >
>> >"You can install a package" is different from "you can get reliable
>> >system".  This type of reckless comment is dangerous as advise to
>> >general public.  (Boyd knowing well, he may be OK) I was once reminded
>> >by other DD when I made similar remarks...
>>
>> It's true that a mixed system isn't completely supported.
>
> This is important and there is reason for this :-)
>
>> However, ...
>
> I know it works mostly ... but this is not something novice user should
> be casually advised to do without knowing how to judge when to do it.
>
>> The main difficulty I've encountered when running a mixed system is that
>> 'aptitude safe-upgrade' and 'aptitude full-upgrade' often need more advice
>> as to what to install.  I found the aptitude curses UI quite valuable when
>> resolving those issues.  If you throw up your hands and mail the list as
>> soon as aptitude can't auto-resolve an installation/upgrade to your
>> satisfaction, a mixed system isn't for you.
>
> sigh ...
>
>> >> If Sid/experimental doesn't contain a new enough package for you, find
>> >> it is some other signed repository, add it to your sources.list, set a
>> >> priority (200 maybe?) for it, and add the signing key to your apt
>> >> keychain.
>> >>
>> >> If it isn't in any signed repository, just install a .deb using dpkg, or
>> >> an .rpm via alien.  If you *have* to compile to software yourself, roll
>> >> your own .deb; it's not that hard to make a minimal one so that the
>> >> software can be easily uninstalled and file conflicts can be detected.
>> >
>> >Oh.... you are going too far.
>>
>> The supported options are (a) don't install that software or (b) get that
>> software into Debian by becoming a Debian maintainer.  Some people
>> can't/won't take either of those options.
>
> I do not share your idea .... there is many things you can do as non-DD
> such as making private backports.  This is elaborated in my "Debian
> Reference" if you ever cared to read.
>
>> My advice is a third option.  It is not supported, but it works quite a bit
>> better than doing all the work of a package manager yourself.  Stow,
>> mentioned elsewhere in the thread, is also a great tool if there is no .deb
>> available, but it still leaves you having to fight with the ./configure &&
>> make process which is not *always* trivial.
>
> I encourage much more careful approach to your system maintenance and
> advise to others.
>
> Osamu
>
> PS: Boyd seemed to suggest any signed archive can be used.  I hope he
> will not find a malicious archive with a signature .... I know
> installing malicious package can easily erase his system.
>
>
> --
> To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
>
>


Reply to: