Re: package managers [was: FatELF patches...]

From: Valdis . Kletnieks
Date: Wed Nov 04 2009 - 21:25:16 EST

On Thu, 05 Nov 2009 00:55:53 +0100, Mikulas Patocka said:

> In some situations, the package manager is even more dangerous than manual
> install. For example, if you are manually installing new alpha-quality
> version of mplayer, and it is buggy, you end up with a working system with
> broken mplayer. If you install alpha-quality version from some package
> repository, it may need experimental version of libfoo, that needs
> experimental version of libfee, that needs experimental version of glibc,
> that contains a bug

Total bullshit. You know *damned* well that if you were installing that alpha
version of mplayer by hand, and it needed experimental libfoo, you'd go and
build libfoo by hand, and then build the experimental libfee by hand, and then
shoehorn in that glibc by hand, and bricked your system anyhow.

Or if you're arguing "you'd give up after seeing it needed an experimental
libfoo", I'll counter "you'd hopefully think twice if yum said it was
installing a experimental mplayer, and dragging in a whole chain of pre-reqs".

And any *sane* package manager won't even *try* to install an experimental one
unless you specifically *tell* it that the vendor-testing repository is
fair game. You install Fedora, it looks in Releases and Updates. You want
it to look for testing versions in Rawhide, you have to enable that by hand.
I'm positive Debian and Ubuntu and Suse are similar.

Plus, building by hand you're *more* likely to produce a brick-able library,
because you didn't specify the same './configure --enable-foobar' flags that
the rest of your system was expecting. (Been there, done that - reported a
Fedora Rawhide bug that an X11 upgrade borked the keyboard mapping, so the
keysym reported for 'uparrow' was 'Katakana', among other things. Actual root
cause - running a -mm kernel that didn't have CONFIG_INPUT_EVDEV defined.
Previous X didn't care, updated it. Whoops).

Attachment: pgp00000.pgp
Description: PGP signature