| 1 |
On Wed, 14 Mar 2007 13:31:57 -0700 "M. Edward (Ed) Borasky" |
| 2 |
<znmeb@×××××××.net> wrote: |
| 3 |
> 1. As far as I'm concerned, the one thing that absolutely positively |
| 4 |
> should have happened now but hasn't is some scheme where you have |
| 5 |
> something like Red Hat/Fedora's "green checkmark/red bang" indicator |
| 6 |
> on your desk, indicating whether your system is up to date, and a |
| 7 |
> classification of the available updates into security, bug fixes and |
| 8 |
> enhancements. I don't ever remember how long Red Hat has had that, |
| 9 |
> and I know Debian and the other apt-based package managers have |
| 10 |
> something similar, even if it's just a command-line level. On Gentoo, |
| 11 |
> even with the latest Portage, I do "emerge --sync; emerge -puvDN |
| 12 |
> world" and just get a list. There's no way to tell which of those are |
| 13 |
> must-haves for security without reading changelogs. |
| 14 |
|
| 15 |
paludis has a --report that wouldn't be tooooo hard to copy or adapt |
| 16 |
for a graphical environment. The tree doesn't carry information about |
| 17 |
whether an upgrade is important or not, however (security aside), so |
| 18 |
one of the following would have to happen for non-security critical |
| 19 |
updates: |
| 20 |
|
| 21 |
* Affected versions would have to be package.masked |
| 22 |
|
| 23 |
* A GLEP 42 news item would have to be released |
| 24 |
|
| 25 |
* GLSAs would have to be extended to do non-security things. |
| 26 |
|
| 27 |
Personally I'd find the second option most useful, and it wouldn't be |
| 28 |
hard to deliver... |
| 29 |
|
| 30 |
> 2. Just last year, the organization that is developing the LSB (Linux |
| 31 |
> Standard Base) standards got around to forming a working group on |
| 32 |
> package management. Bluntly put, everybody's package management sucks |
| 33 |
> in some way or another, and there are three major Linux package |
| 34 |
> management systems (RPM, apt and Portage) in addition to Perl, |
| 35 |
> Python, Ruby, PHP and R all having their own package management |
| 36 |
> systems. But ... the Red Hat/RPM/yum folks were there ... the |
| 37 |
> Debian/Ubuntu/apt folks were there ... and I think the Perl and |
| 38 |
> Python people were there ... Gentoo wasn't! |
| 39 |
|
| 40 |
The LSB sucks even more than not having a standard at all. This one's |
| 41 |
been discussed at length previously. |
| 42 |
|
| 43 |
> > * Similarly, the belief that Portage defines Gentoo and represents a |
| 44 |
> > lot of work. The tree defines Gentoo, and contains far more code |
| 45 |
> > than a mere package manager. |
| 46 |
> > |
| 47 |
> The tree, like an ordinary tree, is a complex adaptive system, |
| 48 |
> including code, developers and users. I obviously don't have the same |
| 49 |
> insight as a developer, but I think it's in pretty good shape. As |
| 50 |
> near as I can tell, it's second only to Debian in terms of its size. |
| 51 |
> There may be more RPMs world-wide than there are .debs or ebuilds, |
| 52 |
> but they *aren't* all together in one place. |
| 53 |
|
| 54 |
The tree is in better shape than Portage, yes. If you think it's ideal, |
| 55 |
you're probably not asking yourself the right questions... |
| 56 |
|
| 57 |
> > * The wrong idea of what the user base is, and what the target user |
| 58 |
> > base is. Gentoo's direction is too heavily influenced by a small |
| 59 |
> > number of extremely noisy ricer forum users, many of whom don't |
| 60 |
> > even run Gentoo. Unfortunately, this self-perpetuating clique |
| 61 |
> > wields huge amounts of influence. |
| 62 |
> |
| 63 |
> You may not know what the user base is, but you can probably get a |
| 64 |
> pretty good idea of how *large* it is relative to Fedora, Ubuntu, |
| 65 |
> Debian and openSuSE by doing some simple web page hit statistics |
| 66 |
> research using publicly-available tools and data. And I think you'll |
| 67 |
> be amazed at how small that base is. Distrowatch was right about that |
| 68 |
> part -- Gentoo "share of mind" is dropping and dropping rapidly, |
| 69 |
> although I don't think it's because of misbehavior in the community. |
| 70 |
> I think it's because: |
| 71 |
> |
| 72 |
> a. Daniel Robbins left and went to Microsoft, leaving no "Mr. |
| 73 |
> Gentoo", and |
| 74 |
|
| 75 |
Eh, that's not really relevant. You're assuming that Daniel was hugely |
| 76 |
influential right up until he left. That isn't the case. |
| 77 |
|
| 78 |
> b. No effort to seek corporate support, at least none that I'm aware of. |
| 79 |
|
| 80 |
Gentoo can't deliver anything amazingly useful to corporations with |
| 81 |
Portage the way it is. If Gentoo had a package manager that could |
| 82 |
handle managing large numbers of non-identical systems with ease it |
| 83 |
would have a major selling point. |
| 84 |
|
| 85 |
Gentoo doesn't have lots of users because it has nothing to offer most |
| 86 |
people over the competition. What was unique five years ago is now |
| 87 |
largely irrlevant due to improvements in the competition. By not |
| 88 |
keeping up, Gentoo is getting Red Queened. |
| 89 |
|
| 90 |
-- |
| 91 |
Ciaran McCreesh |
| 92 |
Mail : ciaranm at ciaranm.org |
| 93 |
Web : http://ciaranm.org/ |
| 94 |
Paludis, the secure package manager : http://paludis.pioto.org/ |
Archives