On Tuesday 29 July 2008 18:12:59 Archie Cobbs wrote:
On Tue, Jul 29, 2008 at 10:09 AM, Adrian Schröter
wrote: However, what is needed is IMHO a discussion and policy what the openSUSE distribution should be.
a) A relative small distribution with best possible quality, trust and maintenance
b) A as large as possible distro with the price of lower quality/trustable and more often changing content.
c) something in the middle ;)
Whatever you select, you will have a price to pay. But this is IMHO something what should be discussed on -factory or -project. Or even better, someone can come up with a proposal how a package can qualify for the distribution in future.
Some thoughts on this discussion from one end-user's perspective...
Long ago I used FreeBSD heavily and one thing I very much appreciated was having "one stop shopping" for 3rd party software, i.e., there was a single project-monitored and blessed place to go to find 3rd party software (the FreeBSD ports/packages system).
On the other hand, Linux always seemed to have more software available than FreeBSD.... BUT it was a lot harder to find/access, came from "random" places (e.g., searching pbone.net), and often didn't work because it wasn't well integrated, or you had to build it yourself (so no RPM database tracking), etc.
The OBS is a great unifying technology that solves part of that second Linux-specific problem set: (a) I can find almost all software for SUSE in one place, http://software.opensuse.org/search (b) software on OBS is built under clean-room conditions for each distribution (c) all software is RPM packages with consistent inter-package dependencies.
However, there still remains one problem with OBS: there are so many separate repositories. I don't have a problem with home:foobar projects, it's clear what they are about, and they should remain separate. However, why do I have to end up adding twenty different repositories to zypper (which dramatically slows it down by the way)
this should be really fixed with 11.0
just because what I want to do doesn't fit neatly into a single category?
So here's my suggestion. First, keep the three "levels of trust" we have now: 1 = factory, 2 = established category projects like network:telephony, Apache, etc., 3 = home:user projects.
Next, with each release of SUSE, create the normal SUSE distribution using level 1 stuff, but also create a new "3rd party distribution" containing the union of all level 2 projects, taken as a snapshot at release time. The "3rd party distribution" could be shipped as a separate set of ISO images and would also be hosted in a *single* online repository (called e.g., "openSUSE 10.3 3rdParty").
This would have basically two effects: 1) The repository would cause plenty of conflicts, because we allow by intention that packagers replace/update packages. It would cause a real dependency hell when installing any package in YaST. 2) everybody would be able to inject evil code to everybodys system. (you do not even need to install a specific package, you would always get the package with %post script sending your credit card credentials to someone else). So no one should ever add this repo ever, simply because it is a soo easy target that for sure plenty people will do it. Seriously, I saw often enough code in configure scripts talk with online server and sending private data that I will never install software which is not trustable to some degree (or I have reviewed myself). bye adrian -- Adrian Schroeter SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG Nürnberg) email: adrian@suse.de --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-buildservice+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-buildservice+help@opensuse.org