I wrote a bit on how pip and apt should play at http://notes.pault.ag/debian-python/ On Jan 23, 2015 6:51 AM, "Jonathan McDowell" <[email protected]> wrote:
> On Fri, Jan 23, 2015 at 10:57:55AM +0000, Anthony Towns wrote: > > It takes a couple of minutes to download something using pip or > > npm; how long does it take to get a python or nodejs Debianized and > > installable? (eg: learning that npm2deb exists, how to use it, what else > > you have to do to have a package, building the package, and getting apt > > access to the package -- which in turn presumably includes setting up > > and distributing an archive key) > > > > In an ideal world, users would just be able to say "apt-get install > > lib-whatever-perl" and have it. At worst, they might have to modify > > their apt sources explicitly to say "yes, I know there's a lot of crap > > on CPAN that doesn't necessarily receive good security updates, I know > > what I'm doing". > > > > There's two ways that could be achieved: > > > > - having automated scripts pull everything from CPAN (et al), package > > it as debs, and publish it > > > > - having about 14,000 new DDs each individally maintaining 10-20 > > library packages > > > > But if the answer is "oh, you want to use some random nodejs package? > just > > npm it into /opt. if you want there's some tools to help start you off > > in packaging it too" > > > > (Yes, I really think Debian should have 300k+ packages, including > > If this is being done in an automated fashion is there not a third > option? Teach apt and associated tools about the language specific > repositories. They'd do the download from CPAN or wherever, do the > conversion, and pass to dpkg. On the fly, no need to expand the archive > and no need to wait for the latest and greatest if you're that way > inclined. For extra bonus points teach cpan, gem etc to still work but > register the package + files with dpkg. > > I think there are some issues with automated packaging which would mean > that you'd still want hand crafted bits, and there's the question of how > you pin to a "stable" version (though I think often the reason > people are pulling in from external sources is because the version in > stable simply isn't recent enough, rather than unavailable) but it'd be > kinda cool to have: > > cpan http://cpan.etla.org/ > cran http://mirrors.ebi.ac.uk/CRAN/ > > etc in /etc/apt/sources.list and have it just work. You could probably > treat each different source as a different suite to aid with apt > pinning (and by default preferring the Debian version rather than the > external version). > > J. > > -- > I reckon that me and you should rule the world. >
