-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Alberto Passalacqua wrote: [...]
Repositories are too difficult to add to suse. Mostly because finding them in the first place takes too long for a non-techie, partly because it's too slow. And too damn buggy - repos which were configured before just pop off the list (but are still being refreshed, creating a "what the hell is this *&@#$&@( box downloading for the next 15 minutes?). A non-techie wouldn't know any of this.
The biggest problem is to find them and to understand what repository contains what you need. Webbin is of great help in this however.
Definitely. Webpin is a great tool, but there is an issue with it: hosting. We definitely need a more reliable hosting solution for it (and Benjamin would be the first one to agree, he already wrote an email about that): http://lists.opensuse.org/opensuse-project/2007-04/msg00128.html The legal aspects are biting us again. Because it also indexes and references packages that are on Packman and Guru, it may not be hosted by Novell. OTOH, not indexing Packman and Guru would make the tool only half as useful. I really think that at some point, we should find a reliable hosting solution (not in the USA because of its legislation) for community projects like that, funded by donations (PayPal).
The speed of zypp and friends should improve in 10.3, so we'll see.
Yes, that would be good. And then, IMO the focus should be put on usability of the package manager (adding/removing/refreshing repositories, finding/installing packages, installing patches/online updates, upgrading packages (including from 3rd party repos), etc...). But frankly, instead of always blaming Novell/SUSE and the developers, we should come up with some discussion and brainstorming on what we would like to see and what we think would be a good solution both for beginners and for advanced users. And then send a proposal to the developers (or possibly do some implementation work ourselves).
What would be nice is a tabular list of repos, their short info, and their state with tick boxes, not this drop-down box in the corner.
Yes this would be a lot better, but it seems it's not so easy to do according to Pascal.
It seems easy to implement, but getting a list of those repositories is problematic for legal reasons. Yet, maybe having a "meta-repository" (sort of a "repository of repositories") hosted elsewhere (e.g. opensuse-community.org) could be a solution. Have the right tool support out-of-the-box in YaST2, but just add a single meta-repository URL and also have the 3rd party repositories in the list. Again, hosting, see above.
Another possible solution would be to make it possible to click on the webpin link and install the package you need. But it doesn't sound that easy to me too, because of the dependencies issues.
Precisely. But Benjamin is also working on that: having files that not
only have a list of packages to install with a single click (more or
less), but also dependent repositories that are added if not already
present.
You definitely need the repositories as well, to be able to resolve the
dependencies. Also, there are cross-repository dependencies in some.
Packman has a policy of only depending on packages available either in
Packman itself, or in the stock openSUSE distribution.
But in my repository, some packages (e.g. amarok) have dependencies
towards packages that come not only from the distribution, but also from
Packman.
Which means that a single-click Amarok installation from a web page
could mean:
1) add the Packman repository (and choose a mirror near you) if you
don't already have it in your list of "installation sources" + download
the repository metadata
2) add the Guru repository (and choose a mirror near you) if you don't
already have it in your list of "installation sources" + download the
repository metadata
3) install the "amarok" and "amarok-xine" RPMs, using a package manager
(YaST2/zypp, zypper, smart, ...) to be able to resolve the dependencies
But the most difficult part with such an approach is certainly the
browser, much more than the package manager side of things:
1) associating a MIME type in Konqueror+Firefox+Seamonkey with an
application that handles parses the file, adds missing repositories,
passes the package installation to sw_single or zypper (or smart)
2) security... with a tool like that, you definitely have to think about
security:
* setup+use sudo or replicate user delegation (as in ZMD) or prompt for
the root password to add repositories and packages
* always prompt the user for confirmation before doing anything
* package signatures, RPM keyring (is mostly already handled by YaST2
though, when adding a signed repository)
* put some thoughts into malicious misuse of that technology to sneak in
rootkit packages and how to circumvent it
To summarize, it may sound easy at first, but there is a lot of work
behind it.
cheers
- --
-o) Pascal Bleser http://linux01.gwdg.de/~pbleser/
/\\