OT: Whose packages to use?
Bill Campbell
bill at celestial.com
Fri Apr 28 01:32:41 PDT 2006
On Thu, Apr 27, 2006, Jay R. Ashworth wrote:
>On Thu, Apr 27, 2006 at 08:54:35PM -0400, John Esak wrote:
>> From: Bill Campbell [mailto:bill at celestial.com]:
>> > When we made the switch from Caldera, I also made the decision to
>> > build around the OpenPKG.org portable packaging system after
>> > reading an article on this is SysAdmin magazine. This has
>> > enabled me to do minimal changes to the underlying OS. As you
>> > may know, my SCO installations have used a lot of open source
>> > software for well over a decade now, and we did quite a bit of
>> > customization on Caldera Linux as well to get things to my
>> > liking. Unfortuntately, before using OpenPKG, these changes
>> > generally rendered vendor updates useless as I had changed many
>> > things fundamental to their operation. OpenPKG has simplified my
>> > job immensely, and we now can switch Linux OS in about a day, and
>> > use the same sources on Linux, FreeBSD, OS X, and OpenServer.
>
>This does have one disadvantage, though, Bill: as soon as you start
>packaging your own apps, *you* take on the responsibility for tracking
>all those apps for security fixes, and all the testing, etc...
Not so. The OpenPKG project does a far better job of tracking the status
of packages, and keeping them up to date than any vendor I've ever seen
(including myself :-). There are currently more than 650 packages in the
current stable release tree of OpenPKG and 962 packages in the development
tree. Security updates are generally announced on the OpenPKG mailing
lists before the CERT advisories appear.
The OpenPKG foundation maintains a build farm with all the officially
supported operating systems and hardware (plus some that aren't officially
supported such as OS X). They have automated test routines that can build
packages on all systems during the release phases. This insures that the
CORE and PLUS packages build on all platforms (these are the packages that
are included in the stable releases).
>This is one of the reasons I personally prefer to stick with
>the distro's packages (or the app supplier's), whenever possible. The
>tradeoff seems a win to me...
I want the vendor to take care of the kernel and desktop applications while
I'll deal with the server side which is much more critical to our systems
(most of our desktop systems now are moving to OS X and away from Linux).
One of the biggest advantages of OpenPKG is that it doesn't affect things
like the vendor's online updates. A vanilla root login won't even see the
OpenPKG things by default as the PATH doesn't include their programs or
libraries.
Have you ever needed a CPAN package that required more up-to-date versions
of supporting packages than the vendor supplies? Or perhaps needed a more
current version of the dreaded Berkeley database routines (I say dreaded
because the code is truly ugly with the number of #ifn*defs and version
dependencies).
Commercial Linux distributions tend to be out of date they day they're
shipped, and getting fixes into them can be difficult. We won't even get
into the situation on commercial Unix systems.
The OpenPKG bootstrap install adds about five lines to the system's
crontab, and start/stop scripts to the boot and shutdown. About the only
change we make on SuSE Linux systems to the system's rpms is I wrote a
dummy openpkg-postfix /bin/rpm package the provides smtp_sender and
obsoletes their postfix. This is necessary to prevent SuSE from
reinstalling their postfix after we remove it.
Bill
--
INTERNET: bill at Celestial.COM Bill Campbell; Celestial Software LLC
URL: http://www.celestial.com/ PO Box 820; 6641 E. Mercer Way
FAX: (206) 232-9186 Mercer Island, WA 98040-0820; (206) 236-1676
Government is actually the worst failure of civilized man. There has
never been a really good one, and even those that are most tolerable
are arbitrary, cruel, grasping and unintelligent.
-- H. L. Mencken
More information about the Filepro-list
mailing list