On Wed, May 14, 2008 at 10:40:30AM -0500, Shawn Walker wrote: > On Wed, May 14, 2008 at 10:22 AM, Alexander Vlasov > > Packaging quality directly benefit users -- or make them cry. > > Having a build system being part of the packaging system is not a > guarantee of the resulting package quality, nor does it in my view, > greatly benefit packaging quality.
In the strictest sense, true. What does happen though is that since is the distribution maintainer's responsibility to ensure quality, and since the only reliable way to ensure quality is to build the packages yourself, maintainers end up building each package themselves. This is where a packaging system which can handle builds really comes into its own. Think of the plight of a distribution maintainer who does not have the QA apparatus of a company like Sun behind him. He would have to struggle with wildly different build setups of different packages just to get the bits in place. Also, having a packaging system support a build system does not mean it has to adapt to every single build setup out there. Alexander already made this point, and it is worth repeating. What is needed is some way of packaging a build recipe so that a package can be rebuilt reliably. In case where the build is too complex to encode the build recipe for, you can always fall back to just delivering pre-built binaries, like all existing package managers do. > It depends on which target audience you are talking about. > > I know *many* individuals (and organisations) that run binaries of > their own, or from the developer, instead of using what their > distribution packaged because it is much older than what is available. They are just working around the limitations of the distribution system. This will happen with any packaging system, including IPS, if they do not keep up with package releases. > >> You will find very few *successful* developers that do not *also* > >> distribute a binary in addition to source code. > >> > > > > Binaries from author are pointless. regular user should use package, > > enthusiast should use source. > > Binaries from the author are not pointless. Especially when you have a > stable, guaranteed environment like what we have with > OpenSolaris/Solaris. But IPS is not just for stable environments like OpenSolaris, is it? > > Who is responsible for security support of > > developer-built binary? Who tested it on particular distribution? > > The developer, if they're providing the packages. Not with distributions, no. Which is one more reason why distributions do not pick up developer-provided binaries. The distribution would be responsible for handling any security issues. Venky. _______________________________________________ pkg-discuss mailing list [email protected] http://mail.opensolaris.org/mailman/listinfo/pkg-discuss
