Linux Distributions' Tracking of Upstream Projects Examined

← Back to Stories (view on slashdot.org)

Linux Distributions' Tracking of Upstream Projects Examined

Posted by timothy on Monday July 20, 2009 @07:31AM from the perhaps-software-should-come-with-renewal-dates- dept.

An anonymous reader writes "Linux distributions track upstream projects, releasing a particular version with each official release. But how far behind the latest versions do these releases linger? Scott Shawcroft did an interesting new study into this relationship between distributions and upstream projects. Shawcroft says: 'Over the last 10 months I've been working on Linux evolution research. Similar to distrowatch, I track the current versions of packages in a number of distributions and the current upstream version. Based on that data I then graph a number of metrics to understand the relationship between upstream and downstream.' His presentation on the topic scheduled for [this] week's open source convention, OSCON, should provide an interesting insight into that relationship. Currently he is tracking 20 projects including the Linux kernel, Firefox, GCC, OpenSSH and GNOME on Arch, Debian, Fedora, Gentoo, openSUSE, Sabayon, Slackware, and Ubuntu."

132 comments

Min score:

Reason:

Sort:

What's Firefox? by 0100010001010011 · 2009-07-20 07:35 · Score: 5, Funny

I run Debian you insensitive clod!
1. Re:What's Firefox? by nschubach · 2009-07-20 07:39 · Score: 1
  
  I'm sure he's translating between Iceweasel and Firefox properly... I'm still kind of disappointed that they haven't upgrade IW to 3.5 though.
  On another note, if you want bleeding edge (without rolling your own), it looks like Arch is where it's at? I was thinking about switching from Debian to Arch and this data is intriguing to me.
  
  --
  Every time I start to have faith in humanity, I ruin it by driving to work between 7 and 8 am.
2. Re:What's Firefox? by mcgrew · 2009-07-20 07:39 · Score: 3, Funny
  
  If I ever find a woman named Debbie Ann, I'll marry her.
  
  --
  Free Martian Whores!
3. Re:What's Firefox? by XPeter · 2009-07-20 07:40 · Score: 1
  
  What's Debian?
  
  I run DOS you insensitive clod!
  
  --
  "The difference between genius and stupidity is that genius has it's limits" - Albert Einstein
4. Re:What's Firefox? by ls671 · 2009-07-20 07:44 · Score: 1
  
  Well I run Slackware which ranks just as bad as Debian. The upside is that most big iron companies run deprecated version of Linux, some still run kernel 2.4.X. They only patch their systems with security updates.
  The idea is that newer packages might have security bugs in them that aren't found yet. Packages which have been around for years have less chances to contain undisclosed security bugs. Recent Firefox 3.5 security bugs tend to confirm this principle.
  So it doesn't bother me at all that Slackware ranks just as bad as Debian ;-)
  
  --
  Everything I write is lies, read between the lines.
5. Re:What's Firefox? by Anonymous Coward · 2009-07-20 07:46 · Score: 1, Insightful
  
  Who says she wants to marry you? This is Slashdot, nobody gets married.
6. Re:What's Firefox? by Anonymous Coward · 2009-07-20 07:54 · Score: 2, Insightful
  
  Close, but no cigar. Marriage and sex are two different things.
7. Re:What's Firefox? by Anonymous Coward · 2009-07-20 07:57 · Score: 0
  
  Deb already married Ian. They should put out a distro.
8. Re:What's Firefox? by b4upoo · 2009-07-20 07:58 · Score: 0
  
  Debian! Isn't that Ubuntu Lite?
9. Re:What's Firefox? by morgan_greywolf · 2009-07-20 08:01 · Score: 1
  
  What's DOS? I run ITS and I'm posting this from the original Emacs, you insensitive clod!
  
  --
  My blog
10. Re:What's Firefox? by XPeter · 2009-07-20 08:02 · Score: 3, Funny
  
  You kidding? Slashdotters have a better chance at marriage then sex. Women hardly want it as it is, and nerds are a total turn off.
  
  Slashdotter: Hey, so after the movie you want to go to my place?
  Babe: Sure
  Slashdotter: Here it is! *walks in*
  Mom: Hey honey, how was the date?
  
  --
  "The difference between genius and stupidity is that genius has it's limits" - Albert Einstein
11. Re:What's Firefox? by XPeter · 2009-07-20 08:08 · Score: 1
  
  What's Emacs?
  
  I run MCP and how do you run two operating systems on top of each other?
  
  --
  "The difference between genius and stupidity is that genius has it's limits" - Albert Einstein
12. Re:What's Firefox? by just_another_sean · 2009-07-20 08:12 · Score: 4, Funny
  
  Actually Ubuntu is an African word that means "one who is unable to install Debian".
  
  --
  Creationist Textbook Stickers Declared Unconstitutional by CowboyNeal
13. Re:What's Firefox? by Anonymous Coward · 2009-07-20 08:19 · Score: 0
  
  Fellow DiveIntoMark reader i presume?
14. Re:What's Firefox? by just_another_sean · 2009-07-20 08:30 · Score: 0, Redundant
  
  Heard it attributed to him recently, shamelessly stole it for my own use here. :-)
  
  --
  Creationist Textbook Stickers Declared Unconstitutional by CowboyNeal
15. Re:What's Firefox? by morgan_greywolf · 2009-07-20 08:33 · Score: 1
  
  Women hardly want it as it is, and nerds are a total turn off.
  Trust, me, son. You just don't know the right women.
  
  --
  My blog
16. Re:What's Firefox? by morgan_greywolf · 2009-07-20 08:37 · Score: 1
  
  I run MCP and how do you run two operating systems on top of each other?
  With Emacs, it ain't hard.
  
  --
  My blog
17. Re:What's Firefox? by rumith · 2009-07-20 08:43 · Score: 1
  
  Here. Now, be a gentleman and keep your word. By the way, her page looks promising. :)
18. Re:What's Firefox? by Ironica · 2009-07-20 09:18 · Score: 1
  
  Deb already married Ian. They should put out a distro.
  But what if it's a girl? Would she be Distra?
  
  --
  Don't you wish your girlfriend was a geek like me?
19. Re:What's Firefox? by Anonymous Coward · 2009-07-20 09:24 · Score: 0
  
  Would she be named Dikstra? Because that would not be the right name.
20. Re:What's Firefox? by someSnarkyBastard · 2009-07-20 09:52 · Score: 1
  
  Amen, good sir. Any woman turned on by Star Wars and perl hacks is a keeper.
21. Re:What's Firefox? by sconeu · 2009-07-20 10:02 · Score: 1
  
  With Emacs, it ain't hard.
  
  You do know that they have medicines for that... v1AgrA, C1alis, etc...
  
  --
  General Relativity: Space-time tells matter where to go; Matter tells space-time what shape to be.
22. Re:What's Firefox? by jedidiah · 2009-07-20 10:17 · Score: 1
  
  Star Wars, Empire, and parts of Jedi...
  
  --
  A Pirate and a Puritan look the same on a balance sheet.
23. Re:What's Firefox? by SwordsmanLuke · 2009-07-20 10:25 · Score: 1
  
  Next time, please note when your link is NSFW. KTHXBYE
  
  --
  Any plan which depends on a fundamental change in human behavior is doomed from the start.
24. Re:What's Firefox? by Zancarius · 2009-07-20 11:05 · Score: 0, Offtopic
  
  I disagree - with the exception of religious conservatives, sex almost always comes first.
  I was going to answer your comment based upon the prospect that it appear to imply religious conservatives as anti-sex until I realized upon closer inspection that you're probably referring to the "sex first, marriage later" behavior that is rather common in our society. In that case, you are correct.
  However, (and please don't feel that I'm picking on you in particular--I have no idea what your beliefs are since that one statement doesn't tell enough to share with me your ideologies) there are some individuals who mistakenly believe that religious conservatives are anti-sex, anti-birth control and see it exclusively as a tool for procreation. While there are some who do genuinely believe this--I know of a few who truly do believe this line of reasoning--not all of us do. There are some of us (perhaps a small minority) that see utility in birth control--albeit within the context of marriage. Reading Paul's letters to the Corinthians sheds an interesting light on the notion of sex and its role, and it grows much more difficult to argue the "sex for procreation only" stance. To this extent, I disagree with those who believe sex is exclusively the domain of procreation even if I may be politically aligned with their beliefs.
  Along these lines, this is one such thing that has often surprised with some religious conservatives (many of whom are NOT Catholic but protestant). Many of them agree with and believe many of the ideals that started in the Catholic church--including some the Pope has rescinded! It's amazing what a difference it makes to read the religious texts for yourself!
  But no, I don't think it's fair to tar all of us with the same brush as some people are wont to do. Perhaps those who feel as I do would be considered more socially liberal (particularly with sex and its kin), although I can't say I'd be particularly fond of that label. ;)
  
  --
  He who has no .plan has small finger. ~ Confucius on UNIX
25. Re:What's Firefox? by Anonymous Coward · 2009-07-20 11:26 · Score: 0
  
  That's my mom, you insensitive clod!
26. Re:What's Firefox? by dondelelcaro · 2009-07-20 11:43 · Score: 2, Informative
  
  I'm still kind of disappointed that they haven't upgrade IW to 3.5 though.
  It's available in experimental. See packages.debian.org/iceweasel and bug #535192.
  
  --
  http://www.donarmstrong.com
27. Re:What's Firefox? by Anonymous Coward · 2009-07-20 11:53 · Score: 0
  
  I'm disappointed that Ubuntu 9.04 ships with a shitty version of Midori (webkit web browser), which doesn't work for shit because of a library issue. If the Ubuntu distro team wants to encourage people to use the repositories they need to really make sure version they are shipping is library compatible or just ship an older more compatible version until they iron out a fix.
28. Re:What's Firefox? by Anonymous Coward · 2009-07-20 13:46 · Score: 1, Informative
  
  Arch is pretty nice, if you want a minimalist distro. It is fine for a desktop, but you're going to have to do a bit of work at first. I'm using it on multiple servers.
29. Re:What's Firefox? by ignavus · 2009-07-20 14:34 · Score: 1
  
  If I ever find a woman named Debbie Ann, I'll marry her.
  And you could always have Amanda as a backup!
  
  --
  I am anarch of all I survey.
30. Re:What's Firefox? by bertramwooster · 2009-07-23 13:00 · Score: 1
  
  I read somewhere that it meant "I can't configure Debian". :)
31. Re:What's Firefox? by vassilios10 · 2009-07-28 07:13 · Score: 1
  
  Actually Ubuntu is an African word that means "one who is unable to install Debian".
  weak dude. weak.
32. Re:What's Firefox? by just_another_sean · 2009-07-31 00:23 · Score: 1
  
  The truth hurts buddy. :-)
  
  --
  Creationist Textbook Stickers Declared Unconstitutional by CowboyNeal
Tracking Debian Stable instead of Testing by Anonymous Coward · 2009-07-20 07:37 · Score: 3, Informative

In Debian, all software in the repositories is frozen when a release is cut (e.g. Lenny). Only security updates are applied. If the author is going for accuracy, he should track Debian Testing, which gets updated frequently with new releases of various packages. The name "testing" is somewhat misleading. Packages in testing are considered stable enough for everyday use. The stable branch is intended to minimize updates, which is what you'd want for servers.
1. Re:Tracking Debian Stable instead of Testing by diegocgteleline.es · 2009-07-20 07:53 · Score: 1
  
  As an alternative, Debian could fix their release process (they still consider critical bugs of almost unknow and barely used packages as release-critical bugs that can stop the release of widely used and know packages with no critical bugs?).
2. Re:Tracking Debian Stable instead of Testing by foom · 2009-07-20 07:57 · Score: 1
  
  (they still consider critical bugs of almost unknow and barely used packages as release-critical bugs that can stop the release of widely used and know packages with no critical bugs?).
  Not true. Unfixed release-critical bugs in unknown and barely used packages result in the package being removed from the release, not the release being delayed.
3. Re:Tracking Debian Stable instead of Testing by Sparr0 · 2009-07-20 08:43 · Score: 1
  
  There is nothing wrong with Debian's release process. The problem lies with release-centric management that refuses to install packages from Debian testing. Debian testing is, in my long and varied desktop experience, more stable than Ubuntu (with a 6 month release cycle mostly based on Debian testing) AND more up to date. For any usage except a mission critical server, I would recommend Debian testing over Debian stable.
4. Re:Tracking Debian Stable instead of Testing by Tubal-Cain · 2009-07-20 09:18 · Score: 1
  
  (with a 6 month release cycle mostly based on Debian testing)
  Ubuntu's upstream is sid, not testing.
5. Re:Tracking Debian Stable instead of Testing by Sparr0 · 2009-07-20 09:23 · Score: 1
  
  Technically true, but from what I have seen there is more lag in the Ubuntu release cycle than the average unstable->testing transition for Debian. Which means that, on average, that Ubuntu packages are already in Debian testing by the time they are released as part of Ubuntu.
Potayto potahto by $RANDOMLUSER · 2009-07-20 07:39 · Score: 4, Insightful

Labeling the column "%Obsolete" is one way to look at it, sure. Or we could go with 1/X and call it "%NotBleedingEdge". Seriously, the distro maintainers are also looking at their own build packages, compatibility with other packages, internal documentation, etc. Just because the KOffice team (for example) decides to lose monolithic builds and go with package builds, doesn't mean that it doesn't make a hell of a lot of work for the downstream maintainers, and that only starts after the upstream guys release.

--
No folly is more costly than the folly of intolerant idealism. - Winston Churchill
1. Re:Potayto potahto by mcgrew · 2009-07-20 08:05 · Score: 1
  
  To those with more dollars than sense, %NotBleedingEdge == %Obsolete.
  
  --
  Free Martian Whores!
2. Re:Potayto potahto by Anonymous Coward · 2009-07-20 08:15 · Score: 0
  
  Just call that column "Stability %" and be done with it.
3. Re:Potayto potahto by Burz · 2009-07-20 09:26 · Score: 4, Insightful
  
  And all of that work should be done by the application authors, not people who work on the OS who don't know what they are doing. I repeat: Ability to work on an operating system doesn't mean you know squat about sanely-coded and presented applications.
  This dynamic is why Firefox on FOSS systems is slow and feature-poor: A party that can't possibly take responsibility for all the apps being offered is inserting themselves between the application users and the authors, degrading what is otherwise a top-notch effort (Firefox).
  Think about that the next time radio buttons disappear after selecting (only on Linux Firefox for years), self-update keeps prompting when it couldn't even work, users are urged to "get the latest!" while they are forced to wait weeks (or forever) after their Mac and PC colleagues have upgraded, and when you click on a link and get prompted to "select application" to open with... and the dialog doesn't show applications but the Unix filesystem instead.
  Self-updating applications is an application feature, not an OS feature. People need approachable ways to install new and updated apps on OSes that are older than a few months! No one should be forced to the bleeding edge of OS releases every 6 months just to upgrade their apps.
  It all speaks of an OS that isn't feature-stable enough to give app developers a chance to properly target and integrate with the system. This problem of poor testing and integration arising from poor targetability is repeated over the whole spectrum of available applications.
  Stop releasing every 6 months and get the distro managers out of the applications.
  PS- I would also like to state what a POS the Slashdot editor has become.
4. Re:Potayto potahto by Anonymous Coward · 2009-07-20 12:36 · Score: 0
  
  On what distros is that happening? Can't be RedHat or Gentoo.
5. Re:Potayto potahto by Kjella · 2009-07-20 13:08 · Score: 4, Insightful
  
  Distro/package maintainers tend to be the only thing keeping Linux sane with the endless dependencies on libraries that again rely on other libraries with turtles all the way down. It's might work poorly for the five applications that are basically big enough to roll their own framework but for all the Gnome/KDE apps that would be just terrible.
  I don't know why firefox is bugging me but my guess it's because the developers are lazy... there's a little perl app called apt-show-versions:
  
  kjella@kjella-desktop:~$ apt-show-versions firefox
  firefox/jaunty-security uptodate 3.0.11+build2+nobinonly-0ubuntu0.9.04.1
  See that? It is up to date, and stop bloody bugging me about it. I'm sure the same could be done with an #ifdef LINUX and a few lines in C if anyone would bother, it doesn't even take a sudo. Do you know that when I go in Opera, right-click a file in the transfer window I do get a list of my Linux applications to open it with? They got sub-percent market share and do it right, but Firefox can't be arsed to do it. Why should I think it's the maintainer's fault when the developers can't be arsed to do the things they can do? Face it, Linux is maybe 5% of the total Firefox userbase now and we're getting the same shit we are with closed source apps.
  
  --
  Live today, because you never know what tomorrow brings
6. Re:Potayto potahto by kigrwik · 2009-07-20 18:42 · Score: 1
  
  there's a little perl app called apt-show-versions:
  There is also apt-cache policy *packagename* which is mighty useful when tracking several Debian branches (e.g. unstable+experimental).
  
  --
  -- don't discount flying pigs until you have good air defense
7. Re:Potayto potahto by Anonymous Coward · 2009-07-20 19:46 · Score: 0
  
  calling 3.0.11 up to date is like saying that GHWB is the latest president.
8. Re:Potayto potahto by Pastis · 2009-07-20 21:28 · Score: 2, Interesting
  
  It's not because you're used to another paradigm that the Linux distribution one isn't appreciated by other people
  Releasing every 6 months allows me to get new _system features_, not new apps. Most of the time I already got the apps I need thanks to appropriate sources. It's easy to add sources for the few things you might want to keep bleeding edge, e.g. browser, chat, office? The rest I am happy to have it stable.
  But most of the time, I don't have a need to upgrade an application. And every 6 months I am usually happy to upgrade my system.
  I find it much easier to _manage_ a system when you have sources. I can even do that remotely without fear. I like it when someone has verified the compatibility of having multiple apps on my system.
  On other system, it's OK to have a small application self update itself as long as it doesn't mess with shared libraries. Think installing newer MS Office screws up your IE, or the other way around. Sometimes with no way to downgrade. I don't want that on my machine.
  
  --
  Sneak teach kids Algebra using a game
9. Re:Potayto potahto by Anonymous Coward · 2009-07-21 01:49 · Score: 0
  
  Arch Linux is a rolling release OS. I have been considering switching my PC's and laptop to Arch and am 90% sure i will be switching. I want to control what is installed by default on my systems. I'm thinking of going XFCE as well, i'm not liking where Gnome and Ubuntu are heading.
10. Re:Potayto potahto by Burz · 2009-07-22 18:15 · Score: 1
  
  Dude, the current version of Firefox is 3.5, not 3.0.11+build2+nobinonly-0ubuntu0.9.04.1.barf.barf.barf.
  This is so pathetic. And no, your package manager + repo didn't even do a half-assed job.
11. Re:Potayto potahto by Burz · 2009-07-22 18:21 · Score: 1
  
  Think installing newer MS Office screws up your IE, or the other way around.
  Not on a Mac it won't. But why bother yourself with the gold standard for the desktop when MS's poor engineering can be used as an excuse for poor engineering in FOSS.
fair comparison ? by cheap.computer · 2009-07-20 07:39 · Score: 3, Informative

I am not sure if it is fair to compare Ubuntu Jaunty with Fedora, IIRC RHEL is a stable release so is Ubuntu Jaunty, and fedora is more like a dev release that tracks upstream closely. Similarly, Ubuntu Karmic is the dev version that tracks upstream closely before a stable cut of it is released. So probably comparing fedora to Ubuntu Karmic is a fair comparison.
1. Re:fair comparison ? by migla · 2009-07-20 07:53 · Score: 1
  
  ...on the other hand, maybe it would not be fair to compare karmic current stability with that of a released fedora?
  
  --
  Some of my favourite people are from th US; Vonnegut, Chomsky, Bill Hicks.
2. Re:fair comparison ? by pembo13 · 2009-07-20 08:07 · Score: 2, Funny
  
  Fedora is not a dev release.
  
  --
  "Thanks for all the money you paid to us. We've used it to buy off ISO among other things" -Microsoft
3. Re:fair comparison ? by TwinkieStix · 2009-07-20 08:12 · Score: 1
  
  I think that Ubuntu contains a lot of Debian Testing and even some Debian Unstable packages. Perhaps Ubuntu is to Debian as Fedora is to RHEL? Or, maybe Ubuntu is to Ubuntu LTS as Fedora is to RHEL?
  
  Either way, comparing Ubuntu and Fedora is a pretty good comparison to me. Both Fedora and Ubuntu claim to be stable and for mass consumption by the end user.
4. Re:fair comparison ? by Otto · 2009-07-20 08:44 · Score: 1
  
  Fedora isn't a dev release. Fedora-11 is the stable track. Fedora-devel is the development track.
  https://admin.fedoraproject.org/pkgdb/collections/id/21 - Stable
  https://admin.fedoraproject.org/pkgdb/collections/id/8 - Development
  Comparison to Jaunty is perfectly valid, as Jaunty is kept up to date with "stable" packages from time to time.
  
  --
  - Give a man a fire and he's warm for a day, but set him on fire and he's warm for the rest of his life.
5. Re:fair comparison ? by Kjella · 2009-07-20 09:06 · Score: 2, Insightful
  
  Who wants fair? There was plenty missing here, for example RHEL, SLES, Ubuntu LTS and Debian are probably in the same class but only Debian was in the survey. This was more like a sample with a spread, showing the spread between bleeding edge distros and stable distros. That said, my impression is that they picked a very round-about way of figuring out the age. Ubuntu has a release every six months, so the average age is close to 6mo/2 = ~13 weeks. Debian has 18 months, so 18mo/2 = ~39 weeks. Unless you're doing significant amounts of backporting that won't change and the number of releases behind will be a fairly linear equation with time. There's some better metrics to pull out here like "How bleeding edge are they when released" but I don't see him doing any of that.
  
  --
  Live today, because you never know what tomorrow brings
6. Re:fair comparison ? by Anonymous Coward · 2009-07-20 11:19 · Score: 0
  
  Fedora 11 is stable, Fedora Rawhide is the equivalent to Noobuntu Karmic if anything. Get your facts straight.
7. Re:fair comparison ? by killthepoor187 · 2009-07-20 12:50 · Score: 1
  
  At least for me, fedora 11 has been more stable AND more up-to-date than ubuntu 9.04.
8. Re:fair comparison ? by RiotingPacifist · 2009-07-20 13:24 · Score: 1
  
  I was a long term ubuntu users, but im now on Fedora11 and its perecty...*no carrier*
  
  --
  IranAir Flight 655 never forget!
9. Re:fair comparison ? by TanNewt · 2009-07-20 15:34 · Score: 2, Informative
  
  Scott here, yeah there is a lot more analysis to do besides what is on the front page. See my thesis for more details on the underlying data and email me analysis ideas.
10. Re:fair comparison ? by TanNewt · 2009-07-20 15:45 · Score: 2, Informative
  
  Scott here. There are definitely better metrics we can derive from the underlying data. See my thesis for more details and email me your ideas.
11. Re:fair comparison ? by Rhys · 2009-07-21 02:30 · Score: 1
  
  Not to mention Jaunty isn't a LTS release, so you can't really compare it to RHEL for long-term stable releases.
  I've run most of the top of that list. I liked arch, but at the moment I'm much happier with Ubuntu. Install once, most things I need are there so I don't have to dork around with trying to install the packages I need and make gnome integrate everything, etc...
  
  --
  Slashdot Patriotism: We Support our Dupes!
He fails to see.... by Darkness404 · 2009-07-20 07:50 · Score: 5, Insightful

He fails to see that even the upgrading of a simple component like a library can cause all sorts of dependency issues. Not to mention that most distros follow a pattern of release, security updates, release where during the release is the only main changes in packages. This makes it a whole lot easier for maintainers to make sure nothing breaks.

Its no surprise that Arch makes it to the top being a rolling distro, that is, one that doesn't have "releases" like Ubuntu, Debian, etc. but rather upgrades the packages as it goes along. Similarly, Fedora and Ubuntu tend to release pretty often, Ubuntu releases every 6 months and Fedora releases pretty fast. Gentoo/Funtoo are very similar to Arch. Sabyon, Slackware, Debian and SuSE don't release new versions very often. I also find it odd that they are testing Debian stable rather than testing or unstable.

--
Taxation is legalized theft, no more, no less.
1. Re:He fails to see.... by andrewd18 · 2009-07-20 08:01 · Score: 1
  
  I also find it odd that they are testing Debian stable rather than testing or unstable.
  Technically, they're also testing Arch Stable, Fedora Stable, Ubuntu Stable, etc. You can't make a direct comparison if you're tipping the stakes in the direction of your favorite distribution.
2. Re:He fails to see.... by Darkness404 · 2009-07-20 08:06 · Score: 1
  
  Sure, but its similarly unfair to say that Debian is 95% obsolete. To say that is to imply that either they have stopped work on it, or it isn't being actively maintained.
  
  --
  Taxation is legalized theft, no more, no less.
3. Re:He fails to see.... by nine-times · 2009-07-20 08:17 · Score: 1
  
  It's perfectly fair to point out that, if you're using the stable version of Debian (which is what you should be using for any production purposes), you won't be using the most up-to-date version of most of the software you're using. Debian is, relative to other distros, very slow to incorporate updates into their stable version.
  Whether that's a good thing or a bad thing is a matter of debate, but the only thing that I think is unfair is using the word "obsolete".
4. Re:He fails to see.... by just_another_sean · 2009-07-20 08:19 · Score: 2, Informative
  
  Yeah my take on it is 95% of Debian has been around for a while and
  has been field tested so it's probably a good fit for that mission
  critical server your about to build.
  I don't need the latest and greatest most of the time, just something
  that I know, with confidence, will work well for a particular purpose.
  
  --
  Creationist Textbook Stickers Declared Unconstitutional by CowboyNeal
5. Re:He fails to see.... by vlm · 2009-07-20 08:26 · Score: 2, Interesting
  
  The mystifying part of his calculation is that Debian Lenny was frozen exactly 51 weeks ago on Jul 27th 2008.
  http://lists.debian.org/debian-devel-announce/2008/07/msg00007.html
  Yet, somehow, the "average lag" for Debian Lenny is a mere 40 weeks, when it should approach 51 weeks as of today... I do not believe there have been THAT many security related patches, have there?
  Also obsolete is the wrong word. By the definition, "No longer in use" it obviously fails by the definition of being included in the distros. By the definition "Outmoded in design, style, or construction" it obviously fails because a trivial bug fix or trivial feature add does not change the entire design, style or construction of the whole thing. Linux 0.99pl7 now that is obsolete.
  
  --
  "Science flies us to the moon. Religion flies us into buildings." - Victor Stenger
6. Re:He fails to see.... by godrik · 2009-07-20 08:28 · Score: 1
  
  The notion of obsolenece is also quite strange. Some software can be released but should not be used. I am thinking KDE 4.0 which was completely broken. I also recal gnuplot 4.0 that brings a lot a regression. regression in the kernel are also common due to driver which are not yet ported.
  All in all, I am not sure being close to the upstream is a good property for a distribution. Providing a coherent user experience is probably different from being up to date. Of course, it does not stand true for security patches which should always be applied.
7. Re:He fails to see.... by vlm · 2009-07-20 08:35 · Score: 1
  
  Whether that's a good thing or a bad thing is a matter of debate, but the only thing that I think is unfair is using the word "obsolete".
  How could it be anything other than a good thing, since the only difference between Debian stable, Debian testing, and Debian unstable, is how long they have been tested and "seasoned", and everyone in the past whom ever selected stable, selected it because it is the most seasoned and tested distribution around? The stable users would rightly be mighty annoyed if we started randomly uploading stuff directly into stable without any testing and seasoning, rather than unstable.
  Its like complaining bud-lite is better than my 12 year old whiskey, because my bud-lite has a younger born on date, when the whole point was when I went shopping I intentionally wanted 12 year old whiskey as opposed to last weeks beer. Last weeks beer is fine and all that, but not if I intentionally selected 12 year old whiskey.
  
  --
  "Science flies us to the moon. Religion flies us into buildings." - Victor Stenger
8. Re:He fails to see.... by Otto · 2009-07-20 08:49 · Score: 1
  
  Whether it's "good" or not depends on your end goals.
  Yes, if I'm running a server, I want rock-hard stability. Latest version, don't need it unless it has security patches.
  For my day-to-day usage and development machine, I'm okay with bleeding edge stuff from time to time. If it crashes, meh, I can back up a version or two.
  Different uses, different desires. Having to wait for FireFox (IceWeasel, whatever) 3.5 for months after release on my box is unacceptable. Building it myself is certainly possible, but just having it appear within a couple weeks is a whole lot nicer.
  
  --
  - Give a man a fire and he's warm for a day, but set him on fire and he's warm for the rest of his life.
9. Re:He fails to see.... by xlotlu · 2009-07-20 08:51 · Score: 3, Insightful
  
  Its no surprise that Arch makes it to the top being a rolling distro, that is, one that doesn't have "releases" like Ubuntu, Debian, etc.
  
  I run Debian testing. It's very much a rolling release, and you're somewhat protected against obvious bugs by the nice policy. Of course, you can get more rolling than that and go full unstable. And throw in some experimental if you're feeling brave.
  The nice thing is you can mix-and-match. Most of my packages are testing, some are unstable, and right now i have a touch of experimental. With some APT pinning, you get a rolling release where you can decide per-package how bleeding edge you want to be.
  This is my laptop/desktop. For servers I mostly stick to stable, and if i really need a newer package I can pin it from testing, or look for it on backports.org.
10. Re:He fails to see.... by ignavus · 2009-07-20 14:43 · Score: 1
  
  The issue with Debian is complex. At work, we use Debian testing for desktops in the IT section, but Debian stable for servers.
  With developer desktops, a little occasional instability is no huge problem - you want to test the next generation of your software (e.g. the latest Apache, PHP, database, etc).
  On your production servers you want stability, even if that means running older releases. Your production servers are not the place to run beta software. And you want long uptimes on your servers (uptime on desktops is usually not such an issue).
  
  --
  I am anarch of all I survey.
11. Re:He fails to see.... by TanNewt · 2009-07-20 15:43 · Score: 2, Informative
  
  Scott here. This is not necessarily true. The lag is the time since the oldest new release. So for it to approach 51 weeks each project would have had to release a newer version upstream immediately after the lenny freeze. Email me and we can look further into this.
12. Re:He fails to see.... by h4rm0ny · 2009-07-20 21:03 · Score: 1
  
  The simple point is that he should have classed Debian Stable and Debian Unstable as separate distributions.
  
  --
  
  Aide-toi, le Ciel t'aidera - Jeanne D'Arc.
What about distros further downstream? by mr_mischief · 2009-07-20 07:54 · Score: 1

Tracking the projects is one thing. Testing and integration by the top-level distributions can take some time, and it'd defeat the purpose of using them if they didn't take the time to smooth out bumps of using a bunch of different packages together.
To me, a more interesting question is how far behind do the second and third tier distributions that source from Arch, Red Hat, Fedora, Mandriva, Debian, OpenSuse, Ubuntu, Slackware, and Puppy lag behind? Obviously with Yellow Dog, White Box, CentOS, PCLinux OS, MEPIS, NimbleX, ZenWalk, etc out there being based on other distros, some questions arise.
Some distros (notably Slackware, Mandriva, and Sabayon themselves) went from being based on other distros and started at some point doing the package integrations themselves. Which ones still wait for a stable version of another distro and start customizing it before they release? Their packages are often far behind those of the distros upon which they are built. Ones that update direct from the included projects have a huge head start on usability, features, and security updates over distros that depend on the work of another distro upstream.
Tracking the integration time of the first-tier distros answers some important questions, but with the huge number of distros out there depending on those, perhaps the more important questions will have to wait for another study.
1. Re:What about distros further downstream? by TanNewt · 2009-07-20 15:49 · Score: 2, Informative
  
  This research is ongoing. Email me (on the website) and we can add code to collect data from more distros.
2. Re:What about distros further downstream? by onefriedrice · 2009-07-21 07:17 · Score: 2, Informative
  
  Some distros (notably Slackware, Mandriva, and Sabayon themselves) went from being based on other distros and started at some point doing the package integrations themselves.
  I could be wrong, but I believe Sabayon still uses portage and the Gentoo portage repository directly. They potentially have their own packages in their overlay, but AFAIK you can't really say they do the package integrations themselves. They still very much rely on upstream Gentoo.
  
  --
  This author takes full ownership and responsibility for the unpopular opinions outlined above.
3. Re:What about distros further downstream? by mr_mischief · 2009-07-23 14:59 · Score: 1
  
  That's a special case, then, if they use the same portage repositories as Gentoo for all but their distribution-specific files. That means the packages the Sabayon team puts together are the only ones they have to worry about so long as they don't break portage. Any lag from the individual projects to Sabayon for most packages would then be only what Gentoo users would get anyway.
  Barry Kauler (the guy behind Puppy) has always worked hard on the automated rebuilding of the distro, including remastering a Puppy CD with a different package selection from an existing Puppy installation. Right now, he's working on a set of programs that will build a Puppy distro from one of a number of other distros (including automatically stripping excess files out of the packages and configuring them for minimal resource usage as much as can be managed). The project is called "Woof", and it will build a Puppy distro from T2, Arch, Slackware, Debian, or Ubuntu in just a few steps. The resulting distro is familiar to Puppy users but is binary compatible with whichever distro was used to build it and can use that distro's repositories. It's still a work in progress, but it's a nice way for a smaller, specialized distro to offer a wide variety of packages with no additional lag time.
  I'm not involved in Puppy's development. I am a happy user of it on several of my systems, and I have used the existing tools to make private LiveCD spinoffs for particular systems.
Older versions of distributions? by basicio · 2009-07-20 07:58 · Score: 2, Interesting

I'd be more interested in seeing the statistics for older versions of distributions to see which age best, because I've been running into this problem with Ubuntu Hardy (8.04 LTS) for months now. I don't have the time or the inclination to upgrade my OS every 6 months, but even the LTS release of Ubuntu doesn't get major version upgrades for some packages I end up using a lot. PulseAudio hasn't been updated from the March 2008 version (0.9.10), which likes to crash randomly several times a week. Pidgin. Gimp. Amarok. All have very stable, very mature releases that are at least one major version beyond what's available. Now that I finally have some time I'm in the process of moving my Ubuntu box over to Arch primarily because it does rolling releases. It's going to be more of a pain to set up and keep running, but it's going to be a lot better than having to manually upgrade operating systems every six months to be able to run software that's been around for more than a year.
1. Re:Older versions of distributions? by QuoteMstr · 2009-07-20 08:30 · Score: 3, Informative
  
  I don't know about those distributions, but I backport packages from Fedora to RHEL frequently. It's simple, really: just grab the fedora srpm and run rpmbuild on it. Most of the time, it'll work fine. Occasionally, you might need to adjust the spec file to accommodate some slight differences, but it's not a big deal. You end up with a package that integrates nicely with the package manager, satisfies dependencies in the normal way, and so on.
  Also, I'm not sure why the parent is moderated flamebait. It's a legitimate to want to run a stable distribution, but use later versions of particular packages.
2. Re:Older versions of distributions? by andr386 · 2009-07-20 09:06 · Score: 1
  
  Obviously Ubuntu 8.04 LTS is not for you. I am currently using it on all of my server. It's not my choice. But it's working really well. Indeed, If anny issues arise I always find the support I need on the internet. I understand one want's something else on one's desktop. And actually I really enjoy tasting many "edge" distro on the desktop. But for my servers I want something as stable and as supported as possible. Ubuntu is a good middleground for the IT people I work with, and Ubuntu, CentOS or RHEL would also be a good fit, regardless of their support of pulseaudio.
3. Re:Older versions of distributions? by basicio · 2009-07-20 09:19 · Score: 1
  
  That's basically what I've discovered over the last year or so of running it, yes.
  
  But it would really have been nice to know about this kind of thing a year ago, hence my interest in seeing how older distros fare in the same metrics. This is not something that's really apparent until you've used a distro for a while and while it may not be an issue for some, it's a huge one for me.
4. Re:Older versions of distributions? by TanNewt · 2009-07-20 15:52 · Score: 2, Informative
  
  Scott here. Yeah, there is data for older distributions, its just not on the front page. Look in the OSCON slides or my thesis.
Updates Break Things. by Anonymous Coward · 2009-07-20 08:03 · Score: 0

Yep. They do that.
I was running a version of a big commercial DB on Fedora 11. The latest set of updates mean that the DB won't start. Sigh. That is just one of the perils of bleeding edge distro.
The Same DB runs fine on RHEL/CentOS and even Debian Lenny if I could be bothered to install it.
I personally dislike the Arch release methodology. I prefer fixed releases. Sorta like a stake in the ground, a reference point from which you can build upon.
I have yet to have problems with patches breaking things like Oracle or DB2 on RHEL but maybe I'm lucky but that is really the way it should be.
Is this the right metric? by Intron · 2009-07-20 08:26 · Score: 1

The comparison in the article is on how quickly the most recent upstream version is incorporated into the distro. As a user I care more about whether bug fixes and new features are incorporated, regardless of upstream version. For example, RHEL may backport new features or drivers into old kernels. Or Fedora may incorporate a bug fix into their perl release without replacing the entire Perl source code. I imagine that other distros do this as well.

--
Intron: the portion of DNA which expresses nothing useful.
1. Re:Is this the right metric? by RiotingPacifist · 2009-07-20 13:42 · Score: 1
  
  No, there were some pretty graphs but generally it said very little about distro upstream interaction. The comments ,which sometimes provide insight round here, where additionally bleak talking only about release schedules and squabbling over who's distro has the newest penis!
  
  --
  IranAir Flight 655 never forget!
Linux package management is a mess by edmicman · 2009-07-20 08:31 · Score: 1

Maybe it's because I'm coming from the Windows world, but since I started using Ubuntu full-time for a year now, the package management and method of keeping software update has been one of my biggest complaints.

Don't get me wrong, I *do* like the general idea of package management. It is nice to have the OS take care of keeping everything up to date, and having it Just Work. But there are a handful of software I use every day, (Firefox, Filezilla, Pidgin, Deluge come to mind) that I want to always have the latest released version - and on Ubuntu that is a pain in the ass. Sure, sometimes I can go straight to the website, and there may be a .deb file I can install. Getdeb may work, too, but I've had mixed luck with that. Lots of apps have update-checkers built in, but they don't work unless I run the app as superuser. Most of these apps that I use regularly are point releases behind in the repos, and so I'm stuck having to manually muck around with things, or settle with using old software at home when I'm on the newest release at work in Windows.

I don't want to have to compile from source. I don't want to have to periodically run the app as sudo so I can run the included auto-update feature. It's brain dead easy on Windows to try beta software, and uninstall it if it breaks something. What am I missing on Linux?
1. Re:Linux package management is a mess by vlm · 2009-07-20 08:43 · Score: 1
  
  But there are a handful of software I use every day, (Firefox, Filezilla, Pidgin, Deluge come to mind) that I want to always have the latest released version - and on Ubuntu that is a pain in the ass.
  Sounds like you're way down the distribution food chain and want to move up. My advice is let the other folks in the food chain do all the debugging for you unless there is some desperate genuine need to have it now. But if you enjoy the pain:
  1) Ubuntu is just a derivative repack of Debian. Move upstream to Debian.
  2) Sounds like you're using the equivalent of Debian stable or Debian testing. Move upstream to testing, or unstable.
  But first consider the difference between "i want" and "i need". Somebody else was doing the debugging, that you will now be stuck doing.
  
  --
  "Science flies us to the moon. Religion flies us into buildings." - Victor Stenger
2. Re:Linux package management is a mess by MaerD · 2009-07-20 08:49 · Score: 1
  
  I might get labeled as flamebait for this one, but:
  
  If you don't like the update/package management, maybe you should try a different distro with a different package management?
  I'd personally suggest an rpm based distro like Fedora or Suse. I've used both .deb based and .rpm based and find that I much prefer rpm. Some people like .deb much better, but I find that Fedora and Suse were easier to maintain.
  
  Yes, it's still possible to get into dependency hell, but lately I've been able to find yum repositories that "Just Work" for most things I want on my system.
  
  (As an aside to your complaint about sudo.. Are you running as an admin account on Windows? It's "much easier" to install things on Linux if you run as root too.. I just don't think anyone would advise you to do it. :)
  
  --
  I put on my robe and wizard hat..
3. Re:Linux package management is a mess by fandingo · 2009-07-20 08:50 · Score: 1
  
  You are probably looking for PPAs on Ubuntu. They are "personal" repositories that users or sometimes communities/distros create to give users bleeding-edge stuff. I understand that your comment about Firefox was an example, but there is an easy fix. In jaunty (9.04), install firefox-3.5 that will get you updated to the most current version. It had the betas and even updated to firefox 3.5.1 the day it was released.
  I have a PPA enabled so I could get KDE 4.2.4, and they are really great because I don't want to jump into 4.3.0 until it is released, so the devs made a separate repo for that version.
  It is frustrating if there isn't a PPA for the brand, spanking new package you want, but there are for many common packages, so check it out.
  I will completely concede the point about trying beta software on Windows. Since Linux uses shared libraries, a PPA might want a newer library but all your other packages want the older version; this can lead to problems... however, the high quality PPA's should be able to address these problems, and running core software from a PPA usually isn't a good idea (although, I just did admit to running a PPA'd version of KDE).
  There are some options, but yes, it's not as easy as Windows; yet, you should've known that when you switched ;).
4. Re:Linux package management is a mess by Otto · 2009-07-20 08:54 · Score: 1
  
  All major distros have development tracks. If you want the absolute latest and greatest of some software packages, switch them over to the development versions. How to do this varies depending on your distro, of course. I think Ubuntu separates them out into "Proposed" and such.
  Of course, things might break, but then that's what would you'd expect to happen anyway with the bleeding edge.
  
  --
  - Give a man a fire and he's warm for a day, but set him on fire and he's warm for the rest of his life.
5. Re:Linux package management is a mess by edmicman · 2009-07-20 08:58 · Score: 1
  
  I realize that, but I guess my point is that I only want to be on the bleeding edge / latest release for a few select programs. I don't want *all* testing releases in the repo, I just want the select few that I use regularly. Why should I be able to use the latest Firefox (3.5 or nightly or beta or whathave you) on Windows, heck I can use it on Ubuntu without a problem, I just have to jump through a ton of hoops, or I have to wait 6 months until the next distro release? IME, there's been relatively little pain in using released stable versions of software, no matter the OS. Nightlies, sure, sometimes they break...but if it's a stable release, why should we have to wait to use it?
6. Re:Linux package management is a mess by godrik · 2009-07-20 08:59 · Score: 2, Informative
  
  The point in ubuntu is being always a couple of months late. You probably want to use a more up to date distribution such as debian unstable (note: unstable does not mean will crash after a reboot, just that they may contain bug).
  it is also possible to keep a mixed system, that is to say, use mainly debian stable but borrow some packages from unstable. It uses teh preferences options of APT and you can find information on the debian website http://www.debian.org/doc/manuals/apt-howto/ch-apt-get.en.html
  BTW, there exist an even more closer to upstream distribution of debian which is called experimental. I would not recommend a non debian developer to use that but it can be useful sometimes.
7. Re:Linux package management is a mess by StopKoolaidPoliticsT · 2009-07-20 09:39 · Score: 3, Interesting
  
  Then use a different distro that has the flexibility you want. I use Gentoo myself and while most of my system is stable, I have about 70 packages set to use the latest versions of (gcc, the kernel, nvidia drivers, pidgin, etc). It's easy with Gentoo since all of that is compiled against the libraries which exist on your system. On binary distros, there can be incompatibilities between library versions (especially as you start adding more and more unstable packages to the mix), so it's hard to keep just a few packages up to date.
  
  In fact, it was that very problem which originally caused me to drop RedHat Linux back in the late 90s and go to compiling everything from scratch (I then migrated to Gentoo to automate things). And despite the memes, it doesn't take nearly as long to compile everything on modern hardware as some would have you believe. A full rebuild of my system takes about 24 hours (AMD64 X2 4400+, 1002 packages installed), but I do that maybe once a year. It usually amounts to 10-20 minutes a day.
  
  --
  Stop Koolaid Politics
8. Re:Linux package management is a mess by Mad+Merlin · 2009-07-20 09:49 · Score: 1
  
  And despite the memes, it doesn't take nearly as long to compile everything on modern hardware as some would have you believe. A full rebuild of my system takes about 24 hours (AMD64 X2 4400+, 1002 packages installed), but I do that maybe once a year. It usually amounts to 10-20 minutes a day.
  More importantly, that's 10-20 minutes (or 24 hours) of unattended installation -- only the computer is busy, not you.
  
  --
  Game! - Where the stick is mightier than the sword!
9. Re:Linux package management is a mess by Anonymous Coward · 2009-07-20 09:50 · Score: 0
  
  Also remember that on Windows your are generally logging in as a superuser. Most people log in on an administrator level account on Windows machines, but if you were to log in as a regular user on the same system you'd find the auto-update feature wouldn't work.
10. Re:Linux package management is a mess by Locklin · 2009-07-20 10:07 · Score: 2, Informative
  
  There are PPA repositories for those masochistic enough to want to work with nightly builds. For instance the following repo has nightly builds of Firefox.
  deb http://ppa.launchpad.net/ubuntu-mozilla-daily/ppa/ubuntu jaunty main
  deb-src http://ppa.launchpad.net/ubuntu-mozilla-daily/ppa/ubuntu jaunty main
  It's also possible to add Debian unstable or testing to your repositories, but set the preferred distribution to Jaunty (Package>Preferences>Distribution in synaptic). Then you can selectively install certain packages from unstable.
  
  --
  "Knowledge is the only instrument of production that is not subject to diminishing returns" -Journal of Political Econom
11. Re:Linux package management is a mess by medlefsen · 2009-07-20 11:02 · Score: 1
  
  Depending on how tech savvy you are you should try out Arch. Keeping current with packages is a goal of theirs.
  
  And, even if they aren't fast enough for some package you really want the latest of, the packages are all built automatically from easy to use/understand/edit build scripts that you can have synced on your machine. A lot of the time you just need to change the version number to the latest, update the md5, and say makepkg to get the latest. Also, there are a lot of dev versions in the community managed repository AUR.
12. Re:Linux package management is a mess by Anonymous Coward · 2009-07-20 11:25 · Score: 0
  
  That is why I use FreeBSD. I just can use the versions of the programs I like. I don't have to upgrade all my programs just to install the latest Firefox, or fix some vulnurability in some library. On top of that I can use portaudit to learn which programs need an update due to security issues.
  Maybe you should check PCBSD. Additionally to the FreeBSD way to handle software it can use self-contained binary packages (PBI). They work like most software one Windows, they bring all their dependencies with them. This means some overhead, but hassleless installation, removal and upgrade. For popular software, like the ones you listed, these PBIs are very recent (see pbidir).
13. Re:Linux package management is a mess by thegux · 2009-07-20 12:34 · Score: 1
  This is something I can definitely relate too. However, I find that project-specific PPAs solve most of these problems. For the projects you've mentioned:
  
  Firefox
  Pidgin
  Deluge
  I couldn't find one for FileZilla. In most cases though, there will be a PPA with up-to-date packages of the stuff you want.
14. Re:Linux package management is a mess by RiotingPacifist · 2009-07-20 14:05 · Score: 2, Informative
  
  It's brain dead easy on Windows to try beta software, and uninstall it if it breaks something. What am I missing on Linux?
  /opt
  seriously in a worst-case scenario linux package management becomes the same as windows package managment (you install and maintain all versions yourself).
  
  that I want to always have the latest released version
  You are on the wrong disto then,
  If you want the latest version of everything, you definetly want a rolling release distro (sid/arch) of those if you want cutting edge i suggest arch.
  If you just want the latest stable version of a few apps, then: /opt and maintaining them yourself (as you would under windows)
  AUR, PPA, (other people compile them and host them, then apt updates them, most distros have these but they are particularly prevevalent on ARCH)
  grokk apt/yum and figure out how to safely use package from a cutting edge release (e.g sid/F12) alongside your stable release.
  Ideally all projects would host their own cutting-edge/stable repo, however while most of the time the same binary will run across most distros:
  1) packaging it up and providing the correct metadata for each release is a PITA, although opensuse have a tool that will do this for you, but nobody seams to bother :(
  2) testing against all distos is a major PITA, its much easier to let somebody familiar with the distro do it (hence PPAs/AUR are quite good)
  3) bug spam, not to be too harsh, but if a newbie can't figure out how to install the vanilla version of your releases, they are probably not going to understand enough about their system to understand when something is/isn't your fault and you end up with bugs opened against the wrong projects.
  
  --
  IranAir Flight 655 never forget!
15. Re:Linux package management is a mess by budgenator · 2009-07-20 15:00 · Score: 1
  
  I'm running Arch Linux and Vista dual-boat and I'm in LUA mode in Vista; I don't have any problems with app's auto-updating on Vista. The apps check for updates, asks for the admin password and sometimes I have to click the next button a couple times. Running as Admin get real noisey it's do you want to do this, do you really want to do this, are you sure you really want to do this; then you get to click the next button a couple times. I think using Linux first is a benefit when use Vista, it behaves like I expect. The hard-core windosers have fits with the stuff I think "it's about time they did it right" stuff like limited user accounts security.
  
  --
  Apocalypse Cancelled, Sorry, No Ticket Refunds
16. Re:Linux package management is a mess by h4rm0ny · 2009-07-20 21:10 · Score: 1
  
  I realize that, but I guess my point is that I only want to be on the bleeding edge / latest release for a few select programs.
  You want Gentoo. Build a stable system and then unmask the particular packages that you want to get a new version of. Then let your system rebuild them. If you want bleeding edge, then you can set free some of the packages that have been hard masked. But do so at your own risk. Regardless, it's Gentoo that you want.
  
  --
  
  Aide-toi, le Ciel t'aidera - Jeanne D'Arc.
17. Re:Linux package management is a mess by petrus4 · 2009-07-23 23:53 · Score: 1
  
  1) Ubuntu is just a derivative repack of Debian. Move upstream to Debian.
  2) Sounds like you're using the equivalent of Debian stable or Debian testing. Move upstream to testing, or unstable.
  Or get rid of Debian and install a distro which doesn't cause you to want to kill someone or break something every five minutes.
  - Non-sane defaults. Vim's Debian conf is ok, but that's about the only app I've used where that has been the case. I've re-written or scrapped the dotfiles for virtually every other Debian console app I've installed, including the shell.
  - The terrible concept of micromanaging every single application the OS comes with, hard wiring in distro-specific defaults for said applications, and then making the provided space for additional user configuration impossible to find. Apache is a particularly disastrous example. There are no less than three conf files for Apache with a Ubuntu install.
  - Bizarre, sarcastic, outright freaks inhabiting the Freenode support channel. #Debian has one of the most obnoxious regular groups I've ever come across on IRC, and I've spent close to 15 years on the Undernet.
  - Mindless, cultic, RMS worshipping, slavishly pro-FSF fanboys who reflexively insist that anyone who doesn't adore Debian to the degree that they do is nothing but a troll, an astroturfer, or a Microsoft shill.
  Burn in fucking Hell, Debian.
Obsolete vs Stable by Anonymous Coward · 2009-07-20 08:33 · Score: 3, Insightful

While the charts are quite nice to look at, they really aren't that meaningful.
.
Ex 1: Debian stable has 95% obsolete packages according to his metrics. For
a rolling release distro that wants to be bleeding edge like eg arch this might
be a bad indication. For a distribution that focuses on stability (like debian
does) this is an (important) design descission. They promise to be rock
solid and they guarantee that no feature changes occur during the support
cycle, and thats exactly what they deliver.
.
Ex 2: Suse is shown to have some 95% outdated packages. What he doesn't
seem to consider is the fact that they do a lot of backporting, especially
in the kde area (kdebase is one of the packages he uses for his analysis).
A Suse version of kde that might seem outdated based on the package
number will probably contain a great number of backported improvements.
.
Another point that I think would be pretty interesting would be security
updates. Not using the latest major release doesn't mean that you don't
have a great security response time (or the other way around). Maybe
he'd be able to track this as well, would be pretty interesting for those
of us who have to rely on stable, tested and secure systems.
.
Anyway, nice thing he started there. If he manages to get some more
metrics this might become a very powerful tool.
1. Re:Obsolete vs Stable by TanNewt · 2009-07-20 16:02 · Score: 2, Informative
  
  Scott here. You are totally right. These are all holes I'm aware of in the analysis. However, the problem gets much more difficult if you start considering patches and general stability. I don't deal with that because the problem already needs much more work. However, in the future, I'd be willing to explore other metrics. Email me to help out.
Distributing is not easy, anyway! by VincenzoRomano · 2009-07-20 08:41 · Score: 3, Insightful

Balancing conservative and progressive approaches in ditributions is not as easy task at all.
You can jump up a version or two of a package/project (firefox, gcc, kdebase?) and you end up collecting complaints.
You can miss a version upgrade(linux, postgresql, xorg?) and you and up collecting even more complaints.
Whoever talks about "major version bumps" and ".0 versions" is missing the real point: the need to care about features, reliability and effectiveness.
Version numbers and names are just that: numbers and names. A v0.13 of a package can provide better overall results than a v4.2 of a competitor. And the step from 1.2 to 1.3 can provide much more advances than a 8.10 to 9.04!
Distribution managers should thoroughly test in first person the forthcoming releases (alphas, betas, RCs ...). The people who use Linux for fun a hour or two a day have different feelings and needs than those who chose Linux for work 6 to 10 hours a day!

--
Maybe Computers will never be as intelligent as Humans.
For sure they won't ever become so stupid. [VR-1988]
1. Re:Distributing is not easy, anyway! by Kjella · 2009-07-20 09:22 · Score: 1
  
  Distribution managers should thoroughly test in first person the forthcoming releases (alphas, betas, RCs ...)
  For what, anecdotal evidence and "works4me" tags? Don't get me wrong, it's very important to do QA but I hope the person(s) responsible pulling together thousands of packages to make a distro got better things to do than play QA peon. Things like making sure packages aren't broken, exceptions to freeze windows, what to do with release-critical bugs whether it\s downgrade, upgrade (if upstream has fixed it), delay, release anyway or just pray for a solution and basicly administer the whole thing. If it lacks QA feedback then it's more likely the release manager has failed at producing alphas or betas and recruiting testers than that he should roll up the sleeves and try doing it alone. Of course, I wouldn\t use a release the release manager himself wouldn\t use...
  
  --
  Live today, because you never know what tomorrow brings
2. Re:Distributing is not easy, anyway! by VincenzoRomano · 2009-07-20 16:51 · Score: 1
  
  There won't be thousands new packages for every release.
  They'd just use linux (their own distro) everyday ...
  
  --
  Maybe Computers will never be as intelligent as Humans.
  For sure they won't ever become so stupid. [VR-1988]
No centos? by keepper · 2009-07-20 08:52 · Score: 1

Centos is arguably the biggest used "upstream distro" out there... and it's not even listed!!
What gives?
Bah!
1. Re:No centos? by Anonymous Coward · 2009-07-20 09:05 · Score: 0
  
  Centos is RHEL...which apparently he chose to track as Fedora
  Bah! is in your court...
2. Re:No centos? by Anonymous Coward · 2009-07-20 09:15 · Score: 0
  
  Listing CentOS would be redundant; Red Hat is already listed.
3. Re:No centos? by godrik · 2009-07-20 09:16 · Score: 1
  
  mod parent +5 irony! seriously, centos is completely out of date. For instance Firefox 3.0 was included in centos with the 5.3 revision which was released in april 2009, a year after the upstream release.
4. Re:No centos? by cenc · 2009-07-20 14:42 · Score: 1
  
  CentOS / RH is a server distro. For the most part it is not intended for desktop surfing, or at least it is a really really low priority. It is built for long term stability, and also not breaking things with bleeding edge stuff. Server distros by nature are designed and maintained to grow long in the tooth so that hardware compatibility can be maintained. Server hardware is more expensive, thus why clients of companies like RH want to stretch the most life they can. Basically they are out of date by design.
  Anyone that has run a mission critical server has come to appreciates the first rule is "don't fuck with it unless you have to". If you running anything mission critical, chances are you are compiling those core apps yourself for whatever reason, and the guys at RH selected those apps because they have been kicked around for a long time in the more bleeding edge distros. Thus, the reason RH split from Fedora way back before the ubuntu generation was born.
  I bet most of the CentOS running in the World is just headless servers (likly virtuel machine servers now) with no desktop of any sort. At least my couple copies run that way. The xwindows environment is not installed on at least one, and the other one is only fired up in an emergencies or maintained through ssh shell. MC is likly the most gui like app on it. The one copy of firefox on the one server, was only there sufficently long to surf out and pick up some packages I needed. It has never been started again.
  
  --
  Living in Chile
gentoo by Anonymous Coward · 2009-07-20 09:38 · Score: 4, Informative

I think labeling gentoo at 75% obsolete is rather crazy. gentoo gives you the choice between the stable, and the latest and greatest, and they can be mixed too. I got the newest kernel just days after it was released, no problem at all.
1. Re:gentoo by lannocc · 2009-07-20 11:44 · Score: 1
  
  If I had points I would mod you informative. I use Gentoo as well, and it is very quick getting upstream changes into the system. The benefit of Gentoo is the packages go through a sort of "testing" period before they get marked stable (e.g. ~x86 to x86), you can always pull packages marked as testing if you want. Not to mention that there is a version for many packages that will pull straight off the upstream version control system and compile the latest, and greatest, anytime you want, all managed with a sophisticated package manager!
  
  --
  -IOVAR Web Dev Platform
2. Re:gentoo by TanNewt · 2009-07-20 16:05 · Score: 2, Informative
  
  Scott here. You are right but I consider unstable keyworded packages as the "future" version of Gentoo. See the website again for the metrics on it.
Similar with Ubuntu LTS by Burz · 2009-07-20 10:12 · Score: 1

But Ubuntu doesn't offer many recent app versions (like Firefox 3.5) for an OS that is merely 18 months old. You have to be fairly expert to do the upgrades yourself, downloading and resolving dependencies or finding a source for backports... and both options are often pretty unsatisfactory even to those of us with the know-how (lack of proper testing, subtly botched compiler and integration options, packages that cause headaches on subsequent system updates, etc.).
In the case of upgrading Firefox, you must untar the binaries to somewhere in /bin and then properly re-integrate the plugin directories and other details like DE integration (way, way beyond what an earnest novice will put up with). If you do this for someone else, you'll be left with an app that needs frequent security updates but no way to do them without your personal intervention.
Acknowledging this, the way that 'Linux' has evolved is pretty hostile to desktop applications, even an app as commonly 'tied' to the OS as the web browser.
1. Re:Similar with Ubuntu LTS by jedidiah · 2009-07-20 10:24 · Score: 2, Insightful
  
  Are you kidding? Are you confusing Debian and Ubuntu?
  Installing the newer Firefox (3.5) from repositories was not a problem.
  Installing the newer Firefox was also not a problem from the tarball (just untar and run).
  Stuff like "backports" are a part of the standard set of repositories.
  Using discrete packages is also pretty easy (skype) as are discrete installers (penumbra,vmware,oracle,word perfect).
  The WHOLE POINT of debian (and children) is the fact that dependencies are automatically dealt with.
  apt-get even makes resolving dependencies at compile time fairly trivial. Nevermind binary packages.
  
  --
  A Pirate and a Puritan look the same on a balance sheet.
Firefox 3.5.1 is still not in the repos by Anonymous Coward · 2009-07-20 10:58 · Score: 0

As I write this, Fedora 11 still does not include Firefox 3.5.1.
Yes, it's in Koji, but grabbing the rpm from Koji goes against the security infrastructure of the Repos.
Yes you can "rpm -Kv " to check the hash against the Firefox from Koji, but I digress.
The fact is, "Average Fedora Users" ( That's another argument for another day ), are still running a version of Firefox with a known security vulnerabilities.
You want AbsolutelyNotBleedingEdge? by Anonymous Coward · 2009-07-20 11:23 · Score: 0

Try ftp://nic.funet.fi/pub/Linux/historical/kernel
Stable does not mean "obsolete" by bender647 · 2009-07-20 11:38 · Score: 1

Slackware has the slackware-current branch, where everything is upgraded very often and bug reports are accepted in order to vet the next stable release. If there is a security problem, it will be corrected in the stable releases. I'm sure all the other distros have something similar.
Do you really want to go to DLL hell? [YES] [NO] by Anonymous Coward · 2009-07-20 16:34 · Score: 0

Come on. Your proposal leads exactly to the situation in windows, where each app carries with itself a whole little DLL ecosystem around. Sometimes they even tread o one another.
Should be known by now.
Ugh.
Python representation is misguided. by imbaczek · 2009-07-20 22:18 · Score: 1

There's a problem with Python in there. You shouldn't consider Python 3 as a newer version of Python 2, as it was in LAMPPP. If anything, you should consider Python 2 and Python 3 as separate projects, making it LAMPPPP.
!Obsolete by Chris+Pimlott · 2009-07-21 01:31 · Score: 1

I agree, using "obsolete" is bordering on flamebait. And the meaning of these figures are unclear; at a first guess, I'd think "% obsolete" meant "percentage of programs with a newer upstream version", but then how a figure of 78.94% come about when the sample size is 20 packages? I can't figure out what "Avg # New Rels" means at all, or over what sort of time period.
Get your head out of that dark, wet place! by Burz · 2009-07-22 13:34 · Score: 1

Installing the newer Firefox (3.5) from repositories was not a problem.
Excuse you, but:
* Renaming the browser to "Shiretoko" is a problem
* Nor is the icon recognizable to a Firefox user
* Not having it replace 3.0 (and having it run in tandem with 3.0) is a problem
* Pulling in most of the Gnome desktop on a KDE system is a problem
* If you're on a netbook or similarly space-constrained system, having the whole .mozilla folder duplicated might not be the best idea, depending on what extensions are being used. Likewise, a user that is uncertain about the tandem Firefoxes might lose data by saving new info in the Firefox profile that doesn't get carried forward.

Installing the newer Firefox was also not a problem from the tarball (just untar and run).
Did you even stop to think about what condition that will leave the browser plugins and file associations?
And what is the user supposed to click on when they untar the upgrade? Who is going to tell them what it is and explain why they lost their icon??
Just stop and look at the broken-ness I've outlined above. These problems are the result of not having a feature-stable platform and I didn't encounter anything like them when upgrading Firefox on Windows and OS X.
Even worse, there is everyone like you in your tiny Linux corner steadfastly glossing over each and every user-hostile pothole on this lovely road that only sysadmins and their grannies ever seem to enjoy.
I might fork it by Anonymous Coward · 2009-07-31 16:08 · Score: 0

I might fork OSWS and see what metrics I can add myself. Of course, I only have used ubuntu (couldn't install debian), so I don't know much about how other distros release and stuff... but I have a lot of free time :)