getdeb-collaboration team mailing list archive

[Peter van der Does <peter@xxxxxxxxxxxxxxxx>]

On Tue, 03 Mar 2009 21:38:03 +0000
João Luís Marques Pinto <joao.pinto@xxxxxxxxxx> wrote:

> Hello all,
> 
> One of the most frequently requested features for getdeb.net is the
> ability to install the packages from a repository. Despite the clear
> advantages of using a repository there were some issues that made it
> unsuitable for us.
> 
> On the last couple of months most of those issues have been resolved
> with changes/improvements that will be available on Ubuntu 9.04. With
> 2 months left for its release this is the right time to reevaluate
> the change to an APT repository distribution method.
> 
> Advantages
> - Security / integrity verification for packages (GPG signed
> repository)
> - Automatic updates
> - Install multi-package applications with a single click
> - Provide packages with additional dependencies not available on the
> official repositories
> 
> Disadvantages
> - Updates will be recommended for all packages making hard to apply
> only specific packages updates
> - Faulty packages will have a wider impact
> - Installing a package forces a repositories info update (to ensure
> you will get the latest version installed)
> - Reverting to a previous installed version is harder (requires an
> unusual force version command or Synaptic)
> 
> Implementation
> The implementation will require some technical changes that will need
> to be implemented on the next 2 months:
> - Database model needs to be simplified (instead of listing files we
> only need to list package names and provide APT urls)
> - A server side mirror selection script must be implemented to
> redirect APT file requests to available/updated mirrors
> - A debian package must be provided to setup the repository, add
> custom APT config and install the GPG keyring
> 
> The decision to change to a repository or keep with the current
> (.deb) system must be taken, as providing both methods is not an
> option (release management would be much harder, not enough human
> resources to handle it).
> 
> I would like to see your opinions/suggestions.
> 

I don't know what the improvements/changes are that are coming in 9.04
that will make it possible to have a repository, so I will look at the
questions in a way as the setup of the repository is the same as it
now.

Of course all the advantages are good things, that's why they are called
advantages. I'll focus a bit more on the Disadvantages.

1. Updates will be recommended for all packages making hard to apply
only specific packages updates.
Yes this is true. It's a choice you make as a user for adding our
repository.


2. Faulty packages will have a wider impact.
I would like to expand this one which makes it even "scarier". Updated
packages will have a wider impact. Uhhh what you mean by that. If a
GetDeb package requires an updated library of some sort, it could
impact packages from the official repository.
Let's say package GetDeb package X requires an updated library and we
are able to provide this package.
The library is also used by other packages we don't provide and some of
them could fail with the updated library.


3. Installing a package forces a repositories info update (to ensure
you will get the latest version installed)
That's just the way it works. People don't always get latest software
from the official repository either when do an install. We can educate people on the site about
this.


4. Reverting to a previous installed version is harder (requires an
unusual force version command or Synaptic)
Why would you want to revert to an older version? If it's broken file a
bug and we need to fix it. This can be prevented by better testing,
which unfortunately we can't do due to the lack of resources.

I would like to add a 5th disadvantage of moving to a repository.
5. Monetary loss.
Although this is not a disadvantage for a user it's surely is a
disadvantage for the project. Currently the project receives income
from the advertisements displayed on the site, not just from people
clicking on the advertisements but also the amount of impressions an
advertisement gets. This money is used for paying the hosting provider.
By using a repository you will not get as many returning visitors
which means less impressions resulting in less income. They will add the
repository and probably never visit the site again. I have the PPA of
claws-mail added and I can't for the life of me remember when the last
time I visited their site.


-- 
Peter van der Does

GPG key: E77E8E98

WordPress Plugin Developer
http://blog.avirtualhome.com

GetDeb Package Builder/GetDeb Site Coder
http://www.getdeb.net - Software you want for Ubuntu

Attachment: signature.asc
Description: PGP signature