Hi ! On 2021-05-19 3:28 p.m., Reco wrote: > Hi. > > On Wed, May 19, 2021 at 02:23:40PM -0400, Greg Wooledge wrote: >> On Wed, May 19, 2021 at 02:15:29PM -0400, Polyna-Maude Racicot-Summerside wrote: >>> Why would a package I get from a git repository be supportable but a >>> package I save some packaging time and get from another source (Kali, >>> Ubuntu for example) would become unsupportable ? >> >> Because things you pull from git and install in /opt or /usr/local or >> even $HOME do not interfere with the Debian system. > > It's not true in the case of /usr/local. > Any library that's installed in /usr/local/lib will be processed by > ldconfig (see /etc/ld.so.conf.d/*.conf), possibly leading to all > kinds of mess. > Exactly what I was saying. >> They don't create dependency issues within the dpkg database, nor do >> they overwrite essential system libraries or files, > > But to ld.so any library in /usr/local takes priority over /usr, i.e. > you don't need to overwrite the library to break the binary, providing > ABI-incompatible library at /usr/local (and running ldconfig) is sufficient. > And, last time I've looked at $PATH, /usr/local/bin is listed before > /usr/bin, which can be the source of funny things too. > >> An Ubuntu or Kali package, especially a badly built one, can cause *all* >> kinds of havoc. Even some third-party repositories set up by Debian >> developers have been notorious for causing these kinds of problems in >> the past -- take a look at the history of the "debian multimedia" package >> repositories, in particular. > > And this very list contains numerous examples of "I forgot about that > library that I've installed at /usr/local, but it broke X and Y years > after". > One reason I prefer Debian over other distribution is all the rules involved before a package is included into the repository / distribution. There's common build options imposed that also prevent some badly coded software to compile, so you get stability, etc. Also the fact that the package build environment must be self contained (you can't pull stuff from the web or depend on dependencies outside the package system) make it even better. There's software that is for example in Kali or Ubuntu that couldn't be in Debian because of exactly those reason. > Package breakages are bad, there's nothing to argue here. But breaking > ld.so is equally bad. > At least when you build a package, there's some test involved (before build, for example with the Build-conflict, before install with Break, etc). And as dpkg keep a list of the files installed, it's somewhat easier to remove than a package that install itself using a "home brew script" in /usr/local > Reco > -- Polyna-Maude R.-Summerside -Be smart, Be wise, Support opensource development
Attachment:
OpenPGP_signature
Description: OpenPGP digital signature