[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]
On Fri, 11 Dec 2009 20:36:28 +0000 Rob Beard <rob@xxxxxxxxxxxxx> wrote: > Neil Williams wrote: > > On Fri, 11 Dec 2009 20:17:26 +0000 > > Rob Beard <rob@xxxxxxxxxxxxx> wrote: > > > > > >> Okay, what you need to do is go to the Grism web site, select the > >> Download option and then click on: > >> > >> grism_0.9.0-1_all.deb > >> > > > > Please don't do that. > > > > Random .debs from random websites are as dangerous as any virus in > > windows and will likely cause long term havoc in your wider > > installation, including blocking future updates and upgrades, even > > security ones. > > > > > The other option I guess is he could compile from source. It doesn't > appear to be in the Ubuntu repositories, at least not in the main > repositories. Yes, that's true. It also means that should the package start to get in the way, you can rebuild the package. Hopefully, updating the build-deps will allow the package to be updated and installed, freeing the rest of the upgrade to proceed. Building from source isn't trivial but, once again, security is the enemy of convenience. It is convenient to download a pre-built .deb but it is not only insecure, it is a positive hindrance to normal upgrade behaviour across the rest of the distribution. The only real answer is to get someone to package it properly for Debian and therefore Ubuntu. If upstream don't have time to fully engage with Debian (and many don't), then they should be persuaded not to add to user's problems by offering a poor quality hack posing as a .deb file. The same goes for RPM's - a while ago I investigated offering .rpm for packages that I maintain upstream (because I upload the .deb to Debian directly). After conversations with actual Fedora users, I was persuaded that this was a VERY bad idea, extremely unhelpful to potential users and an invitation to make a lot of unnecessary work for myself. Packaging is not trivial - it can be a lot of work. This has several consequences: 1. Distributions work and can be fixed 2. Packaging for a distribution means keeping up to date with that distro 3. Packaging requires work and commitment 4. Any method that circumvents that work means that your distribution can fail to work and cannot be fixed. (There have been instances where downloaded .debs cannot be removed, cannot be purged, cannot be reinstalled, cannot be configured, cannot be fixed without extreme amounts of hassle.) -- Neil Williams ============= http://www.data-freedom.org/ http://www.linux.codehelp.co.uk/ http://e-mail.is-not-s.ms/
Attachment:
pgpdfqnXoVVJq.pgp
Description: PGP signature
-- The Mailing List for the Devon & Cornwall LUG http://mailman.dclug.org.uk/listinfo/list FAQ: http://www.dcglug.org.uk/linux_adm/list-faq.html