Re: When you needed newer software than Sid/Backports provide...
I understand Aoki-san's concern.
There's no easy way to find out whether a package can be trusted or not.
I'd use stow for the moment. It would work for my purpose in most cases.
Someday I might like them to be packaged to deploy them in easy way.
Even in that case, I'd still keep those things away from official
system to avoid
them overwriting *stable* software. (/usr/local or the like)
On Thu, Jul 9, 2009 at 11:48 PM, Osamu Aoki<firstname.lastname@example.org> wrote:
> I appreciate Boyd's enthusiasm but I hope he will be a bit careful
> checking facts and learn best practices.
> On Wed, Jul 08, 2009 at 01:45:56PM -0500, Boyd Stephen Smith Jr. wrote:
>> In <20090708155214.GA5316@osamu.debian.net>, Osamu Aoki wrote:
>> >On Wed, Jul 08, 2009 at 10:41:44AM -0500, Boyd Stephen Smith Jr. wrote:
>> >> In <email@example.com>, Akira
>> >> Kitada wrote:
>> >> >So here's my question. How can you manage new softwares while keeping
>> >> >the system stable?
>> >> >Using packages from backports.org or Sid? Do you build .deb packages
>> >> > yourself? Can you keep the Lenny's intact?
>> >> You can choose the version from backports, testing, sid, or experimental
>> >> through the aptitude curses interface, or by using 'aptitude install -t
>> >> $release $packages' or 'aptitude install $package=$version'.
>> >"You can install a package" is different from "you can get reliable
>> >system". This type of reckless comment is dangerous as advise to
>> >general public. (Boyd knowing well, he may be OK) I was once reminded
>> >by other DD when I made similar remarks...
>> It's true that a mixed system isn't completely supported.
> This is important and there is reason for this :-)
>> However, ...
> I know it works mostly ... but this is not something novice user should
> be casually advised to do without knowing how to judge when to do it.
>> The main difficulty I've encountered when running a mixed system is that
>> 'aptitude safe-upgrade' and 'aptitude full-upgrade' often need more advice
>> as to what to install. I found the aptitude curses UI quite valuable when
>> resolving those issues. If you throw up your hands and mail the list as
>> soon as aptitude can't auto-resolve an installation/upgrade to your
>> satisfaction, a mixed system isn't for you.
> sigh ...
>> >> If Sid/experimental doesn't contain a new enough package for you, find
>> >> it is some other signed repository, add it to your sources.list, set a
>> >> priority (200 maybe?) for it, and add the signing key to your apt
>> >> keychain.
>> >> If it isn't in any signed repository, just install a .deb using dpkg, or
>> >> an .rpm via alien. If you *have* to compile to software yourself, roll
>> >> your own .deb; it's not that hard to make a minimal one so that the
>> >> software can be easily uninstalled and file conflicts can be detected.
>> >Oh.... you are going too far.
>> The supported options are (a) don't install that software or (b) get that
>> software into Debian by becoming a Debian maintainer. Some people
>> can't/won't take either of those options.
> I do not share your idea .... there is many things you can do as non-DD
> such as making private backports. This is elaborated in my "Debian
> Reference" if you ever cared to read.
>> My advice is a third option. It is not supported, but it works quite a bit
>> better than doing all the work of a package manager yourself. Stow,
>> mentioned elsewhere in the thread, is also a great tool if there is no .deb
>> available, but it still leaves you having to fight with the ./configure &&
>> make process which is not *always* trivial.
> I encourage much more careful approach to your system maintenance and
> advise to others.
> PS: Boyd seemed to suggest any signed archive can be used. I hope he
> will not find a malicious archive with a signature .... I know
> installing malicious package can easily erase his system.
> To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact firstname.lastname@example.org