On Tue, Jun 15, 2010 at 5:48 PM, Steven Peck <[email protected]> wrote:
> You are essentially relying on 'some' <random maintainer>
> to be doing something 'right' or at least agreed on and that their
> choices will not nuke your existing configuration.
Well, unless you write all software you use yourself, you're always
relying on someone else to do it right. :)
It's certainly true that package maintainers can make mistakes. (As
you may have noticed, proprietary software companies aren't perfect
either. <grin>) However, one nice thing about strong package
management is that it's very easy to automate things like integrity
checking to detect mistakes -- often even preventing them from causing
damage.
For example, on our Linux boxes, every program file is "owned" by a
particular package. If another package tries to install another copy
of some library, RPM will detect that during pre-install and abort,
saying the new package has a file which conflicts with an
already-installed package.
The tools used to build RPM packages include things which
automatically detect the libraries needed by an executable and note
them as dependencies.
And assuming the packages contain correct information (the same way
we assume Microsoft builds their MSIs correctly), there's all sorts of
good things you get.
Say I want to uninstall foo, but something else depends on it. RPM
will refuse the uninstall, telling my exactly what "foo" depends on.
Or say I'm looking at a strange file, and I'm wondering what it's
for. For example:
/usr/lib/libpanel_g.a
I have no idea what that library is for. But I can do this:
$ rpm --query --file /usr/lib/libpanel_g.a
ncurses-devel-5.5-24.20060715
So now I know it's from the "ncurses" development package. If I
didn't know what ncurses was, I can do:
$ rpm --query --info ncurses
and read a description.
Take a look at C:\WINDOWS\SYSTEM32\ on a Windows box near you. Can
you tell me what every file is for? Can you easily find out?
Or let's say you want to make sure Exchange has all the right
versions of all the right libraries installed. At *best*, you're
running a purpose-built tool which checks that. It's quite possible
you're going to end up searching the hard disk for particular .DLL
files and manually checking version numbers.
With RPM, I can do "rpm --verify --all". That will check every file
in every package, and tell me if it has been changed improperly (and
if so, what changed); it will also report any broken dependencies.
Certainly, MSI has made things better, and Microsoft keeps improving
it, so I have hope that we'll be able to do things like this on
Windows some day. But it's still years off, at best, I think, before
the Windows ecosystem will really catch up on this front. First
Microsoft has to build the tools, and then the rest of the industry
has to adopt them.
I'm not saying this is a sufficient condition to abandon Windows for
Linux. I'm just saying this is something Linux does better today, and
that it's a model I hope the Microsoft world learns from and adopts.
-- Ben
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
