Interview with Ian Jackson

Figuring you can never get too much Ian Jackson, Trevelyan writes: "Debian Planet has an interview with the long time Debian maintainer, and a former DPL, a current member of the technical committee and the author of dpkg. Also announced Debian GNU/Linux 2.2r7 released. In case some of you thought Debian won't be releasing anything this year =)"

Desktop or Server

[xannik]

I would be interested for slashdot to host and interview with Ian. As a user of gentoo linux I have experienced much of the power of a ports based system with its portage package management system, which has close ties to Debian's very own apt-get and dpkg. Debian seems very focused on a stable kernel, even more so than any other distribution I know of. Would it not serve Debian to focus more on the Server side of things and leave the desktop to the propeller heads, Gentoo that is. :)

Re:Desktop or Server

[reaper20]

Debian seems very focused on a stable kernel, even more so than any other distribution I know of.

I think you mean a stable core of the distro. Debian uses Linus' kernels, they don't keep a seperate distribution specific fork like the commercial distributions.

Re:Desktop or Server

[jsse]

As a Debian and Gentoo user and being used Linux extensively for production environment, I think I could answer some, if not all, of your questions.

Gentoo is great, its portage system rocks. The feeling of optimizing every single piece of packages squeezing last drop of performance out of existing hardware is so cool.

However, portage system cannot beat Debian's package system in production environment. First of all, most production systems have most development system removed, especially for firewalls and edge servers. We are not doing it in order to make life harder, but we must reduce of risk and lost when the boxes are being hacked.

Second, updating of packages in portage system takes too much time. Even you do the update every day 'emerge -u world' still takes you a lot of time. Not to mention when we could only perform the update once per week.

Third and most important, the strength of Debian's package system does not only lie in its technical merit, but also its overall management by maintainers. As we know Debian is divided into three distro - stable, testing and still in development(or unstable). Each branch is carefully managed and maintained. The stable distro is very desirable for most production environment.

You may say most packages in 'stable' are too out-of-date, but it's really stable, thanks to the efforts of many maintainers.

I can say, the status of portage system is very near the sid distro of Debian. However, having unstable version deployed in production environment is very risky, especially on some servers involved expensive transactions where 10% boost in performance cannot cover the lost in single downtime.

Just my two cents.

Re:Port ports!!!!

[WanderingGhost]

Debian is always out of date so why dont they add a bsd like ports system.
Just for the record... Last time I tried FreeBSD, I found the ports tree not to be all that stable. Trying to install gdm I found something like 4 or 5 broken dependencies.
You can't get quality in a hurry. (Not that FreeBSD isn't great and stable -- I'm just saying Debian is absolutely more polished)
Anyway -- Debian will have something similar to the ports tree (but better) in Woody+1. (apt-src)
Besides that, Debian has been innovating since ever, and has great features:
- APT (now in Conectiva too)
- update-alternatives (now in Red Hat)
- First to adhere closely to FHS
- Bug reporting tools are the best I've ever seen (try reportbug -- the latest version even warns you about the "usual non-bugs in this package") - Kernel compiling tools are quite sophisticated - Debian has been incorporating more Java packages than any other distribution I know of
- Runs on *lots* of architectures. First to use the Hurd. Will soon work wirh BSD kernels (Free, Net & Open)
- Recently created apt-src program will let you create source trees much better than the BSD ports tree.

That's why it takes time to release a new version of Debian.

Re:Debian doesn't really stand a chance anymore

[SavingPrivateNawak]

Well 'outdated' is not a major problem when you want a RELIABLE server.
And I think this is the point of Debian Stable. Tell me exactly what you would need for a home or semi-pro server that's not in Debian Stable?
If you want recent software, 'testing' and unstable shall make you happy.

I think it's a very good thing that a distro keeps a branch that is very unlikely to cause security problems

Re:Port ports!!!!

[Vulture_]

Ever heard of testing? Replace 'stable', 'slink', or (when it's released) 'woody' with 'testing' in /etc/apt/sources.list and update. Then everything's fairly up-to-date, but since it's already gone through 2 weeks of testing by people who run unstable (like me), it's also fairly stable. It's not as stable as 'stable', of course, but it's not horribly outdated, either.

Ian Jackson and the Holy Grail...

[tlambert]

When I first joined the project, dpkg was a very evil shell script that was little more than a placeholder.

Listen, lad. I built this kingdom up from nothing. When I started here, all there was was swamp. Other kings said I was daft to build a castle on a swamp, but I built it all the same, just to show 'em. It sank into the swamp.

"I wrote dpkg v2, a Perl script, because it was the thing that needed writing next."

So, I built a second one. That sank into the swamp.

"The current C dpkg is actually the third dpkg. I think there may have been parts of the Perl one that were done by someone else, but I basically wrote the Perl version, and wrote all of the C version."

So, I built a third one. That burned down, fell over, then sank into the swamp

"Around the introduction of the C version, the format was changed from the old `two lines of text and two gzipped tarfiles'. I wanted something more extensible, with room for some additional out-of-band metadata. I also wanted something you didn't need Debian-specific tools to unpack."

but the fourth one... stayed up! And that's what you're gonna get, lad: the strongest castle in these islands.

-- Terry

You can never have...

[WolfWithoutAClause]

Figuring you can never get too much Ian Jackson

Grins. That was not exactly my experience. I used to work with him whilst he was doing a summer job before he went to Cambridge. He didn't actually get fired or have to resign; but let's just say that at the time he was rather more interested in security than the system administrators would wish perhaps...

Anyway he matured loads at Cambridge; must have done, cos he's still alive ;-)

Bloody smart guy.

Re:Port ports!!!!

[a_mastronardi]

Sorry but Debian isn't out of date. If you like, you can use testing or unstable versin of package and you are more updated that with other distro. But if you want a very stable system maybe it's ok to wait the stable. The difference are in security. Now I run 3 servers, two with RedHat and one with Debian, and difference are important.
I can wait for Debian developer to release the new version with it's ok in quality and security features. If you like more "updates" and more insecure system use Redhat like distro.

Re:Port ports!!!!

[Zenki]

What tends to happen is the ports directory lags behind software releases, especially the ports directory that gets installed from cd, and the particular .tar.gz source file that the makefile is trying to fetch isn't hosted on the web anymore.

It's really easy to get cvsup to continually update your ports directory. Just run it once in a while (like once a month or so) to update your ports directory to take into account newer versions of software packages and such. Once you do this, all issues with getting things built will probably never show up.

Re:What annoyes me about Debian folks

[LinuxGeek8]

Are rpms still such a pain in the ass to create? With dpkg, all you need is a "make clean" and "make install" target, and 2 minutes with dpkg-make and you've got a deb of your own software.

In essence, Yes.
You make a specfile which mostly consists of macros; like %configure, %make, %makeinstall. Of course you have to specify other Metadata, like License, Source, Patch1, Patch2, Url. You can make a filelist yourself, where you choose which files end up in the package.

And if you're packaging something that uses libaries, dpkg-buildpackage will automatically figure out what libraries you're using, what packages provided those libraries, and then automatically add them to the package's dependency list.

Yup, rpm uses on mandrake the scripts /usr/lib/rpm/find-requires and find-provides. You can manually add Requires or Provides to the specfile, like Provides: smtpdaemon.
A difference is that rpm uses mostly files from libraries as dependencies, while dpkg uses packages. In the end that should just work the same.

Combine that with the ability to easily make your own sources for apt, and making many workstations is as easy as creating one deb file that depends on all the packages you want to have on a workstation. Just add your local source to /etc/apt/sources.list on a new workstation, apt-get update, and apt-get install ourworkstationload and it downloads the latest version of everything and installs.

Well, if you use apt together with rpm, you can just do the same I suppose.
If you use urpmi with rpm, you can use genhdlist which makes a hdlist.cz file with the rpm-headers. You can then use "urpmi.addmedia name ftp://ftp.bla.org/RPMS with hdlist.cz" and install packages from that repository.
And for the fake package, you can make a specfile without a real tar.gz and filelist, but with your own defined dependencies.

apt and dpkg rock compared to rpm.

There you go again.
You can compare dpkg and rpm.
And you can compare apt+dpkg and apt+rpm or urpmi+rpm.
You cannot compare apt to rpm, in the same sense that you cannot compare apt and dpkg.