[ale] The bad thing about RPMs

[James P. Kinney III]

Where people run into problems with rpm is using them as a panacea for
understanding the intricate dependencies of the software. If a new
user/admin downloads and installs xyz.rpm, they are taking a gamble that
it will do what is claimed, and ONLY what is claimed. 

To RedHats credit, they have a system where a user/admin can keep their
box current. It's called the RedHat Network. It vastly simplifies the
upkeep task on a box. It is similar to apt-get. It compares what you
have with what you want _before_ you download 50M over a 33.6 dialup in
the boondocks. Ximian also has that capability with the redcarpet
service.

Every distribution has a set of core libs that everything else is built
on. When a distribution releases an update, they are staking their
reputation that the update will work on their distribution. If the box
is now half Mandrake and half RedHat because the user/admin installed a
gazillion packages that didn't ship with the distribution, they might be
headed for trouble.

But then again, that's why we use Linux. Because we can add stuff as we
want. We can't expect RedHat to keep up with all our changes, though.

I would HIGHLY recommend the following:

NEVER _EVER_ INSTALL A BINARY RPM FROM ANYWHERE BUT THE DISTRIBUTION
SITE OR A TRUSTED MIRROR!!! <end admin panicked screaming>

For a package that you have to have and is not in the distribution, get
the src.rpm and compile that. If the compile fails due to rpm dependency
problems, either satisfy the rpm dependency problems or grab the
tarball, plop it in ~/src/testing and compile it with configure/make and
then test the binary. If it works, then the make install step should put
it in /usr/local/* where it should be as it's not a part of the
distribution. 

More work? Yes. Safer? Yes. Breaks your box? Not likely. Are rpms
perfect? Nope. Are they useful? Absolutely! 

On Thu, 2002-02-07 at 22:11, Kevin Krumwiede wrote:
> Stuffed Crust writes:
> > One obvious flaw in your argument.  Using your reasoning, we'd end up
> > with "...an RPM built on, say, Mandrake 13 could be installed on
> > Mandrake 12 without upgrading a dozen other packages."
> 
> That's why I said, keep it stable until the next major version.  Or at least
> for several minor versions.  Only update for major bugfixes and security
> issues.
> 
> 
> > Come on, if you want to not upgrade a dozen other packages, then why
> > don't you get a RPM built against Mandrake 8.0 instead of 8.1?   Or
> > hell, get the SRPM and rebuild it yourself.
> 
> Exactly... or to take it even further, build the whole system from source,
> which is what I'm doing.  It's not that this is particularly difficult;
> anyone can follow the directions in the LFS book.  My point is that it's not
> something most people are willing to undertake.  RPMs are supposed to make
> things easy, and they aren't living up to this promise because of the
> version conflicts.
> 
> Krum
> 
> 
> ---
> This message has been sent through the ALE general discussion list.
> See http://www.ale.org/mailing-lists.shtml for more info. Problems should be 
> sent to listmaster at ale dot org.
> 
-- 
James P. Kinney III   \Changing the mobile computing world/
President and COO      \          one Linux user         /
Local Net Solutions,LLC \           at a time.          /
770-493-8244             \.___________________________./

GPG ID: 829C6CA7 James P. Kinney III (M.S. Physics)
<jkinney at localnetsolutions.com>
Fingerprint = 3C9E 6366 54FC A3FE BA4D 0659 6190 ADC3 829C 6CA7 



 This is a digitally signed message part