Research on decentralized package management

Katherine Cox cox.katherine.e at
Wed Mar 10 05:18:13 GMT 2010


I really appreciate the response! This is exactly the type of discussion I
was hoping for :) I am going to counter some of the points you've made, but
please don't mistake that for me being argumentative. It is just my
personality type to gather a bunch of opinions and then come to a
conclusion. Right now I'm just trying to uncover my blind-spots :)

You bring up some interesting points regarding accountability, and some
things I hadn't considered; however, I am wondering if the current model is
the best way of solving this? When I download software from an ISV's site,
isn't it implied that the ISV is responsible for supporting it? And to
further that point, won't the ISV be better *able* to support their own
software? Also, I am not sure I understand your point about knowing where
your software came from. Maybe it's because of the idea I have in my head of
users going to like or something and downloading a package. I know
sometimes users are their own worst enemy, but do you think they wouldn't
know where applications came from?

In regards to step 4, rather than implement an "ideal standard" and demand
that everyone conform it - which I believe is the downfall of a lot of
things Linux - I was thinking of taking a more bottom-up approach. Standards
are important for sure, but when we're talking about something so
fundamental, I think it's better to lead than push :)

I am really trying to learn from the mistakes of others and talk to smart
people (hi!). Maybe this issue is insurmountable, but I'd like to know that
before I start development, not after! So really, thanks for the discussion


On Tue, Mar 9, 2010 at 10:33 PM, Bdale Garbee <bdale at> wrote:

> On Tue, 9 Mar 2010 19:40:05 -0600, Katherine Cox <
> cox.katherine.e at> wrote:
> >    4. Foo resolves dependancies and installs the software.
> >
> > I am intentionally being vague with step 4. Rather than biasing everyone
> > with my ideas, I'd like to first see if people even think this usage case
> is
> > a *good* idea and if so, see if anyone had ideas on how to implement
> > it? What does the everyone think?
> Ok, I'll bite.
> There are a range of opinions about how important it is to understand
> explicitly where the software running on your system came from, who is
> going to support it when something doesn't work as expected, and who
> should be responsible for keeping track of that.  I would suggest that
> you think hard about this and understand what subset of the potential
> users of Linux would consider this sort of decentralized approach a
> feature, and then build out from there.
> From a technical standpoint, the challenge you face is precisely in
> turning step 4 from something vague into specific details of a proposed
> implementation.  For this to work the way you imply, I think you will at
> least need to regularize the way dependencies are expressed, comprehend
> the rich set of sources from which dependencies might come, get *everyone*
> to agree on a common meta-data standard... and then you need to
> completely re-factor the way people think about and approach getting
> support for their software.
> I suspect that as you learn more about the LSB and the challenges it has
> faced, you'll come to understand that solving every challenge it ever
> aspired to overcome is but the first step in the technical side of this
> particular journey...  Perhaps not insurmountable, but an *intense*
> challenge!
> Bdale
-------------- next part --------------
An HTML attachment was scrubbed...

More information about the technical-board mailing list