Ok, how bout SuSE 9.0?

Fairlight fairlite at fairlite.com
Mon May 24 00:46:44 PDT 2004 

On Sun, May 23, 2004 at 10:42:19PM -0400, after drawing runes in goat's blood,
Bill Vermillion cast forth these immortal, mystical words:
> So you are dragging me into this discussion huh?

Nah.  Not really.

> In FreeBSD it's called ports in the XXXX Linux [I'm going to let
> you search for that one ;-)] it's called 'portage'.

*ponder*  Hmmm.

Well, at this point, I'm so used to RPM that it doesn't bother me to use it
at all after all these years.  It hasn't for years.  At least for the core
system.  It's the versioning practices of the vendors that's evil, not the
rpm software itself.  As with any technology, one can use it wisely or
really bloody half-arsedly.  Guess which everyone seems to be doing.  :(

> Thought it borrows ideas from FreeBSD in some ways it's a bit
> different as it will support more than one version of a package,
> while the ports supports only one.  That can be an advantage as I
> have 'portaudit' installed in my nightly security tasks and it dl's
> a comlete list of ports that have vulnerabilties, checks the
> installed packages, and notifies me if any of the installed
> packages have vulnerabilites.  I got the rsync notice the date they
> found the buffer overflow in it.  And then a quick 'portupgrade
> rsync' quickly fixed that.

Yes, but OTOH, I -like- to install side-by-side versions of multiple
kernels and alter the bootloader so that I always have a failsafe.  I do
believe that most of the people doing automatic overwrites of the existing
kernel are asking for trouble if something goes wrong.

> Having multiple versions would make checking like that a bit more
> difficult.  

Only things I keep multiple versions of are kernels.  Well, I tell a lie.
Just this weekend I was updating something to use gtk+ v1 instead of v2.
The v2 is more robust, but is a LOT slower and the application I'm using
becomes pretty much non-responsive under gtk+2 after about 20hrs or a day
and a half...depends.  But when I was building it, it wanted glib 1.2.8 or
higher.  I tried installig 1.2.10 but it conflicted with the installed
1.2.7.  Then I wiped 1.2.7 and it nuked some other software because that
depended on ONE symbol that was in .7 and not .10.  I could have strangled
someone about then.  I put 1.2.7 back in from the vendor dist, compiled
1.2.10 and installed it privately, and compiled the application strictly
against the private library.  What a PITA.

> If you need hints about the name of the distribution I'll post it
> if no one else comes up with it.

Well if you don't see anything by Wednesday, post it.  I'm curious.

> But try not to drag me into the "My OS is better than you OS
> discussions".  They don't do much but annoy the pig.

Nothing of the sort.  I'm just saying I wholly despise the versioning that
vendors are using for packages, and figured you would probably drag
yourself into it by citing that the beastie world has no such issues, and I
know exactly why after talking with you at length about it privately.  The
fact remains that it's perfectly feasible to use RPM and sanely version
things.  But vendors just -don't-.  They like to stick to a base version and
back patches in from official, unofficial, and in-house sources, and then
call it something arbitrary.  By that point, you have to use --changelog to
see what the hell they've done and about what it's equal to in stability,
security, and functionality.  It defeats the entire purpose of having a
-package- version number at all.  At that point, they may as well rely
soley on the rpm revision number and have done, as it's about as useful.
My favourite was kernel-2.4.9-37, which was really -roughly- 2.4.18, with
some exceptions--like a vast, gaping difference in aic7xxx drivers that
they'd never updated.  (This was RH 7.2.)  That's exactly the kind of
scenario I'm talking about.  "Almost, but -not quite- equivalent."

Ports isn't needed to make things sane.  It's one alternative.  The other
is called discipline, and I wish some vendors would learn the meaning of it.
I wasn't trying to draw you out.  You've just brought it up enough before
that I anticipated a response that I guess wasn't going to come after all.

I don't care -how- they do it.  Version things truthfully and I'll be 
happy.  :)

mark->
-- 
Bring the web-enabling power of OneGate to -your- filePro applications today!

Try the live filePro-based, OneGate-enabled demo at the following URL:
               http://www2.onnik.com/~fairlite/flfssindex.html

More information about the Filepro-list mailing list