Sometimes media people are not ashamed to look like incompetent idiots. The only explanation I can imagine is that there is some purpose to pursuer. Going an mass for a hidden goal is a conspiracy by definition, right? Being an OpEd reader, I begin to see the pattern when things like climate change or nuclear weapons or hunger or Linux are discussed. The first three are major compared to all things Linux, so we have a minor Linux conspiracy to deal with.
The immediate reason for my post is the following link: click here The problem is not in the article itself, it is in the fact this article is a typical one.
The question is: "If a Linux user could just download an installer for any program she finds in the Net and install it easily, just like on Windows, would it be great?" The assumed answer is "Yes", the assumed current situation is that Linux users have problems installing software, and the rest is the discussion of some efforts to "find one good way to install software on Linux". Sounds good and reasonable? I guess no.
Let me, having in mind that Windows only people, explain how software is getting to Linux desktops and servers. It takes several steps. First, it is written by developers who produce the source code. Second, it is packaged by distribution maintainers who produce packages for their distributions, provided the distribution decides the application is good enough and worth the effort. Third, Linux users download the package for their distribution and install the application, the process being faster, simpler, and with better final results than on Windows.
Just to educate Windows only users. The process is faster since there is no Registry related overhead. It is simpler because there are less possible cases to handle (for a given distribution, naturally; for Linux in general there are a lot more cases to handle). And the end results are better because the uninstallation is clean (playing with applications does not lead to performance degradation), shared libraries are in fact shared (so the overall volume of installed files is smaller and improvements made for one application automatically make some other better), and the files are in perfect order (on a well maintained system you can point to any file and the package manager will tell you what package installed it, when it installed it, and what applications use it).
What problems do you see? Or let me ask it differently: if there were problems here, how come Microsoft considers Linux to be a threat to Windows? So, the current state of software installation on Linux is not bad, thus revealing the first false assumption in the article (and lots of similar articles as well).
The "problem" such articles are based on is twofold. First, what if a developer does not want to release the source code and does not want to allow the distribution vendors to distribute compiled binaries? Yes, the end user will have to deal with such vendor one on one, which can ruin some pipe dreams of that vendor. This does not mean that closed source vendors cannot do business on Linux, they just have to play by the rules. Do you want closed source run amok on Linux as they do on Windows? I do not.
Second, what if a user wants an application for which her distribution does not provide an installation package? Possibly she uses a wrong distribution. Maintainers do not just package software for easy installation. They also select the software to package and assure quality. The way they do these two things is the main factor that influences the distribution choice of a competent user. For example, if you want the best, rock solid, and essential - go Slackware. If you want full (really full) control, go Gentoo. If you want variety, choose Debian stable or testing. If you want "just works", go Ubuntu. And so on, for each desire there is a distribution to fulfil it.
So, the search for a "good one way to install software" is in fact the search of a way to bypass distribution maintainers. That is, to be free to feed the users with crap and have a free ride on the efforts of the above mentioned maintainers. Is allowing that a good thin? I guess not, more so because the "good one way" is impossible without limiting my freedom to configure my Linux system. And you know, I would better keep my freedom and survive without that "good one way".
Interestingly enough, there is a real problem. The life of distribution maintainers will be easier if the software vendors follow some rules. For example, they should allow to compile their software, copy it to a different folder, and use it from there. Sounds natural, but Linux allows to hard code folders easily and some developers misuse the feature. Possibly enforcing some rules will be good. However, since any enforcing may result in some developers just quitting software development, it also can be bad.
So, how can the plan be read? Write articles about the "good one way" so that software developers, especially those working for free, do all the technical work for us. If they succeed, enforce the "good one way". Harm all the distributions beyond the few compatible with it. Flood Linux with crap, both open and closed source. Let commercial distributions handle tech support for our crap. If the "good one way" is not found, be happy that we successfully purged time and effort of Linux developers that could be used elsewhere. Even if nobody takes the bite, harm Linux creating an illusion that there is a software installation problem in it.
You correctly cited many of the the technical and non-technical reasons why a single all inclusive installation method is not a desirable thing for GNU/Linux. I have to say I had not seen the possibility of nefarious intent before in the push for 'the common installer'. I will have to give some thought to it now, it does indeed have a familiar smell.
I'd also like to further illustrate some things that were important to some of the users of proprietary software I have dealt with regarding installing new software into GNU/Linux.
We users of GNU/Linux are often heard saying that we 'are immune to viruses, trojans, and spyware'. Sometimes it sounds really arrogant, and until you know why this is true it also sounds impossible to most(Windows) users.
Our security is in the design of the operating system itself, the basic design of which is very similar to how mainframe computers operated. This keeps user from corrupting the actual system almost regardless of what they may do while logged in.
But the safety we have in the software we use is due to the reasons mentioned by Andrey. The distributions maintain a complete and cohesive set of Free and Open Source Software(FOSS) packages that they review for stability and such, then they compile them against the library versions that ship with any particular version of the distribution. This means that every line of code in every package a GNU/Linux user installs has been or is available for scrutiny by anyone caring to do so. Trojans, spyware, or malware of any sort simply cannot exist here. There is nothing like this in any proprietary system now or ever in the past, and it's importance to the stability of the main distributions of GNU/Linux cannot be discounted.
The only place this model does not reach is the case where your distribution has v1.1 of some package and the website says they have v1.2, and perhaps it some new useful feature you would like to have. Honestly, this does happen, but there are a couple of things to note here; 1) v1.1 of this package was reviewed to be safe, stable, and useful by your distribution making it unlikely that v1.2 from those same people will be unsafe, or unstable. 2) the software project likely provides a compatible method of installing their software for a variety of distribution versions and types so the odds are good that you will be able to install this software on your system fairly easily.
While it is true that there are hundreds of distributions, most are from only a handful of GNU/Linux 'families' and compatibility isn't a major headache for lion's share of users of modern distributions of GNU/Linux. Note I said modern distributions. Because of the speed at which FOSS operates, anything more then a year old is unlikely to be widely supported. This is not a detriment and does not need to be addressed, it is just the way things work in the Free ecosystem, if a package is old it has not been recently scrutinized for bugs, vulnerabilities, and so on. The same is true for distributions that do not have active communities behind them.
It is important when choosing to use GNU/Linux that you look at how well various distributions are thought of in the community, but equally important is whether they provide a robust amount of the kind of software you like to use. For example, if you are a musician and can't find any(or only one) music and sound authoring programs in a distribution, you should probably keep looking regardless how well regarded that distribution may be.
Just understand that the whole software system behind GNU/Linux, that being Free and Open Source Software(FOSS), is so very different that it does in fact require some research on the part of the new user before jumping in to it. The rewards are great and lasting, but if you don't spend the ounce of care you will surely feel a pound of needless pain.
You correctly cited many of the the technical and non-technical reasons why a single all inclusive installation method is not a desirable thing for GNU/Linux. I'd like to go a little further to illustrate some things that concernshit many users of proprietary software.
We users of GNU/Linux are often heard saying that we 'are immune to viruses, trojans, and spyware'. Sometimes it sounds really arrogant, and until you know why this is true it also sounds impossible to most(Windows) users.
Our security is in the design of the operating system itself, the basic design of which is very similar to how mainframe computers operated. This keeps user from corrupting the actual system almost regardless of what they may do while logged in.
But the safety we have in the software we use is due to the reasons mentioned by Andrey. The distributions maintain a complete and cohesive set of Free and Open Source Software(FOSS) packages that they review for stability and such, then they compile them against the library versions that ship with any particular version of the distribution. This means that every line of code in every package a GNU/Linux user installs has been or is available for scrutiny by anyone caring to do so. Trojans, spyware, or malware of any sort simply cannot exist here. There is nothing like this in any proprietary system now or ever in the past, and it's importance to the stability of the main distributions of GNU/Linux cannot be discounted.
The only place this model does not reach is the case where your distribution has v1.1 of some package and the website of the package maintainers says they have v1.2 ready, and perhaps it some new useful feature you would like to have. This does happen from time to time, but there are a few things to note here;
1) v1.1 of this package was reviewed to be safe, stable, and useful by your distribution making it unlikely that v1.2 from those same people will be unsafe, or unstable.
2) the software project likely provides a compatible method of installing their software for a variety of distribution versions and types so the odds are good that you will be able to install this software on your system fairly easily if you want to.
3) software that has no representation in a distribution should be a red flag. It could be that there are resources this application depends on that are incompatible with other software in the distribution, there could be issues with the code that make the software unstable, the authors may not be active enough in keeping their software up-to-date regarding vulnerabilities, or any number of other factors. So often it is not a good idea to look beyond the packages provided by your distribution.
While it is true that there are hundreds of distributions, most are from only a handful of GNU/Linux 'families' and compatibility isn't a major headache for lion's share of users of modern distributions of GNU/Linux. Note I said modern distributions. Because of the speed at which FOSS operates, anything more then a year old is unlikely to be widely supported. This is not a detriment and does not need to be addressed, it is just the way things work in the Free ecosystem, if a package is old it has not been recently scrutinized for bugs, vulnerabilities, and so on. The same is true for distributions that do not have active communities behind them.
It is important once you decide to use GNU/Linux that you look at how well various distributions are thought of in the community, but equally important is whether they provide a robust amount of the kind of software you like to use. For example, if you are a musician and can't find any(or only one) music and sound authoring programs in a distribution, you should probably keep looking regardless how well regarded that distribution may be.
Just understand that the whole software system behind GNU/Linux, that being Free and Open Source Software(FOSS), is so very different that it does in fact require some research on the part of the new user before jumping in to it. The rewards are great and lasting, but if you don't spend the ounce of care you will surely feel a pound of needless pain.
by
Dave at Olympic Softworks (0 articles, 0 quicklinks, 0 diaries, 3 comments)
on Saturday, June 28, 2008 at 1:31:50 PM
Linux Standard Base and all the support distros off it provide a common package format that can be installed of RPM. And a common framework.
Issues RPM lacks features compared to what windows users are use to and its not distro netural. Currently Linux Standard Base is working on a cure to this http://www.linuxfoundation.org/en/LSB_Package_API Aimed for noverber this year.
Also the common standard of Linux provide by Linux Standard Base only got the means to add menu entries in last version and still does not have 100 percent offical sound output.
Basically you are talking about a problem that is lined up for killing in the next LSB release.
by
Peter Dolding (0 articles, 0 quicklinks, 0 diaries, 3 comments)
on Saturday, June 28, 2008 at 6:21:52 PM
The Linux Standard Base, started in 2001 provides for a theoretical 'center' point for GNU/Linux to focus on, in order to minimize fragmentation. It's a good idea, and of course following the LSB is part or whole is voluntary. I think your point is that the LSB states that there needs to be a way for 3rd party software to be installed onto a distribution.
A restricted version of .rpm is the package type viewed by the LSB as the goal. This is a bit of politics in itself since .deb is arguably more robust and has been available longer, but regardless, with or without the LSB guidelines there is a piece of software called Alien. This takes .rpm and turns them into .deb packages.
Red Hat, Suse, and derivatives use the .rpm natively while Debian and derivatives of them use .deb type files. So, versioning notwithstanding, pretty much everyone is covered.
Again, the point here was that there is no critical need for a 'one way to install' that some people seem to think is necessary. This further illustrates that this need was foreseen and has already been dealt with.
So the question remains: why all the noise?
by
Dave at Olympic Softworks (0 articles, 0 quicklinks, 0 diaries, 3 comments)
on Saturday, June 28, 2008 at 11:14:40 PM
Like Windows users expect configure on install in a lot of cases. Deb package support this. Rpm's don't.
So we have had hack packages released in the form of .run files and the like picking up the difference and not integrating into the central packaging system of the distrobutions.
Also Rpm's don't support seting up a package in a distro netual way. Ok X distro has a dependancy name X on Y the same depanancy is named Y. Cannot encode that cleanly into a rpm. Even worse you cannot encode into RPM system is using X secuirty system inload this secuirty profile.
Basically RPM is bad at being a Distro netual package. So new packaging system that addresses that.
Configure on install is wanted and custom installers are also wanted so new system is covering that as well.
After the clean up of it very much windows style + the advantages of Linux style will be Linux.
by
Peter Dolding (0 articles, 0 quicklinks, 0 diaries, 3 comments)
on Saturday, June 28, 2008 at 11:37:54 PM
Distrobution-Neutral is a severe Oxymoron in GNU/Linux
I agree totally. I use Ubuntu, it's a well rounded distro that uses the Debian base. I started using Fedora GNU/Linux about 4 yrs ago but quit after I hosed my system twice by simple add/remove of compatable software and after reading found that this was not unheard of due to the nature of .rpm package management.
But the debate about package managers is not really about a single way to load software. You mentioned the LSB as if to say it is standardizing things, but it recommends using xml with a restricted form of .rpm packages. Yet we agree that management using the .deb method is better then the .rpm method.
This was about one management system vs. another. But about addressing the percieved need for one new, single type of package manager to encompas all GNU/Linux distros. Both types: proprietary and Free. If there is a need it will arise naturally, if not, then it won't. Since switching to Ubuntu, I have not lacked for software. And when I want to install something outside of what is normal, I have no problems finding and standard Debian packages or ones built specifically for Ubuntu.
by
Dave at Olympic Softworks (0 articles, 0 quicklinks, 0 diaries, 3 comments)
on Sunday, June 29, 2008 at 3:00:21 AM
Must Read (
Well Said (
News (
Touching (
Funny (
Supported (
Interesting (
Inspiring (
Valuable (
