Software Packaging (was Re: Scope?)
zarin at dscn.net
Tue Dec 30 10:42:51 PST 2003
On Tue, 2003-12-30 at 12:47, Bennett Todd wrote:
> 2003-12-30T11:50:38 Archaic:
> > All the above and then some. Wanna help? :)
> We'll see. I'll lurk, and lurch in if I think I've got something
> real to contribute:-).
> One contribution I'd make up front: a big ball of goo you can't get
> a grip on is difficult to robustly secure, and maintain. A
> significant aspect of security maintenance is aggressive patching to
> track security bugfixes.
> I think HLFS will be a lot more credible if it's based on an ALFS
> that uses very strong software packaging --- rpm is a current
> technology leader, although it's getting a little long in the tooth.
> Building systems LFS-style, tar xzf / ./configure / make / make
> install, is wonderfully educational, and the detail documentation
> LFS maintains on precisely how to work out a dependancy-satisfied
> toolchain is priceless for distro developers. But for various jobs,
> including automated building of vast numbers of machines, automated
> upgrading from release to release, and (here's HLFS's hook)
> automated patch deployment, a strong software packaging tool is
> really important.
I do not agree here. A Package tool takes away from the educational
value (which is the main focus here) We don't wanna make just another
distro that relies on us to release the patches and updates for version
upon version - then we have to worry about package maintenance back 2 or
three releases and upgrades from one version to another etc. etc.
No, we have to deal with packages in their native format and allow
people to handle package upgrades and patches and security fixes on
their own after the install.. We want to give them the insight and
toosl they need to do this on their own, not just hand them packages on
Rob Day (BOFH)
More information about the hlfs-dev