User: Password:
Subscribe / Log in / New account

Installing packages or updating is not a profession

Installing packages or updating is not a profession

Posted Sep 14, 2009 17:33 UTC (Mon) by NAR (subscriber, #1313)
In reply to: Installing packages or updating is not a profession by man_ls
Parent article: Attacks against WordPress installations

I think you didn't understand the problem. Not the "Updating your machine" is the problem - the problem is that new versions of applications tend to introduce new bugs (or trigger old ones). Just think about the headache pulseaudio caused. The problem of Linux software management is that if I want a new version of e.g. pidgin, because it supports a new protocol, I need to upgrade the whole distribution, which will install pulseaudio (among other stuff), so I won't have sound. This happens even when I had absolutely no intention of going anywhere near pulseaudio.

The hardcore Linux-advocate's answer would be that in this case grab the code, compile and install, but it's definitely not as easy as clicking "Next -> Next -> Finish" and then the advantage of package management is lost (no automatic security fixes, no warning if a used library gets updated with some incomtaible code, etc.). The Windows solution might be uglier on the inside, might contain lots of duplicated libraries installed - but works, and that's what the user cares. Of course, until the FOSS developers treat their users as beta-testers, then noone should care about things like this, but this road doesn't lead to world domination.

(Log in to post comments)

Installing packages or updating is not a profession

Posted Sep 14, 2009 21:08 UTC (Mon) by man_ls (guest, #15091) [Link]

But that's not a problem -- it's a known trade-off, and GNU/Linux distributors have chosen one path. Nobody forces you to use a distributor -- in fact you might just compile everything statically and upgrade each bit independently. But nobody has chosen that path, because of the enormous waste and bloat. And also because, as the number of copies of a library grows, the probability that all of them are upgraded when a security hole is found approaches zero. Especially given that most of those programs cannot be upgraded automatically, and if users had to pay attention to all those upgrades they would do little else in their lives. The result? Tons of malware.

The Windows solution does not work IMHO. World domination yes, but at what price?

Copyright © 2018, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds