Peter Tribble wrote: > On Wed, 2006-05-31 at 23:56, Dave Miner wrote: >> First, I'll acknowledge that the outline as written certainly >> accomplishes the basic requirement of providing a replacement for usage >> of tarballs or other relatively unstructured software distribution >> mechanisms. > > What have we got against tarballs? I would regard that (or maybe > in fact a zip or jar archive as that's more portable and has an > established scheme for supplying metadata) as perfectly adequate - > in fact, I would much rather have an archive I can simply extract. > > What problems are there with simple extraction of files that are > seen to be in need of a solution? >
I don't have a problem with tarballs, James or someone else can explain why they don't meet the requirements they've identified. >> For example, I think it's necessary to provide a registry of the >> "software domains" on the system, so that the system administrator will >> have the knowledge of where package installation has been done available >> to leverage, and so that tools can be provided to take advantage of that >> knowledge. > > I'm not sure it's necessary or desirable to register all software > in a central repository. As a system administator, if someone has > installed some software without involving me first, then that's > their problem and I don't want to be involved. From the other side, > if as a developer or aplication person I install a piece of software > then I would go after a system administrator who fiddled with it > with an axe. > You, as an administrator, would regard it as not your concern if some end user has installed Sun Java System Web Server (that would be one of the products taking advantage of this, by the way) and we've issued a security alert for a gaping root exploit on it? I think the average SOX auditor would be concerned by that attitude, because it's your system that's at risk. > One thought is this area is that it might be handy to clone an > installed application (the zone analogy comes to mind - so you get > a private copy of configuration files but a [possibly read-only] > shared copy of the binaries). Then I would expect that the software > management tools would know about the clone copy and manage it > properly. > Yeah, I actually like that idea somewhat. Dave
