Re: discuss debian 's attitude to ppa
Hi, On Sat, May 23, 2015 at 01:58:16PM +0800, mudongliang wrote: > Yesterday I installed the LMDE(Linux Mint based Debian Jessie),which is a > rolling release issued by Linux Mint! LMDE is based on Debian but not exactly a Debian. It's Linux Mint. > The installation is of no question! But when I want to install openyoudao > from ppa , it returns me "not support ppa"! > > So I search it ! Although I don't find some real proof , but I can see one > thing ! Maybe debian will not support ppa , PPA created by Debian and based on Debian will be supported but that still has not been created. Random PPA style archive is not supported although some binaries may work. > because in the talk of Neil McGovern, he says some weakness of ppa! And from > the development of Debian , > ppa's development seems to be not able to ensure its stablity! I do not know what you are talking about, but I thought Neil is pushing to create PPA asa paert of service. Osamu -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20150523124316.GA19222@goofy.local
Re: discuss debian 's attitude to ppa
Hi. On Sat, 23 May 2015 09:28:55 +0200 Petter Adsen wrote: > On Sat, 23 May 2015 15:13:33 +0800 > mudongliang wrote: > > > On 05/23/2015 02:37 PM, Dalios wrote: > > > That said you can try to install the .deb package with other ways > > > (for example using gdebi) but the main drawback (apart from any > > > inconsistencies already mentioned) is that the package won't be > > > updated with the rest of the system because apt/synaptic will not > > > be able to do this. > > At last , I want to talk about the future of ppa in Debian! Even the > > leader has said the weakness of ppa! Maybe Debian will not use ppa! > > Maybe LMDE is just a hint! Isn't it!? > > mudongliang > > The major problem with using a ppa is that the software has not been > vetted by the Debian project. It could contain malware or other > security problems, and the maintainer of the ppa can suddenly decide to > drop support of it, leaving you with a package that does not receive > updates. > > You need to consider whether you trust the person running the ppa to > not introduce weaknesses to your system. With the Debian repositories, > there is a system in place to handle all of this. Adding a foreign > repository _can_ make you vulnerable. You just don't know. > > There is also the matter of dependencies, if the repository you are > using is not intended for your exact distribution. > > It's not a matter of not supporting ppas, it's a matter of not > recommending them. You can always add the repository to sources.list > and add the key manually. I'd like to add something to your excellent points. $ wget http://ppa.launchpad.net/justzx2011/openyoudao-v0.4/ubuntu/pool/main/o/openyoudao/openyoudao_0.4-1_amd64.deb ... $ lintian openyoudao_0.4-1_amd64.deb | wc -l 48 Whoever packaged this software did abysmally bad job. I doubt that this package would be accepted in Debian archive in the current shape. Reco -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20150523150447.b354e66df21b4c91d1d4e...@gmail.com
Re: discuss debian 's attitude to ppa
On Sat, 23 May 2015 16:28:19 +0800 mudongliang wrote: > On 05/23/2015 03:28 PM, Petter Adsen wrote: > > The major problem with using a ppa is that the software has not been > > vetted by the Debian project. It could contain malware or other > > security problems, and the maintainer of the ppa can suddenly > > decide to drop support of it, leaving you with a package that does > > not receive updates. > > > > You need to consider whether you trust the person running the ppa to > > not introduce weaknesses to your system. With the Debian > > repositories, there is a system in place to handle all of this. > > Adding a foreign repository _can_ make you vulnerable. You just > > don't know. > I think Debian is a distribution which focuses security and stablity. > So maybe it should help these interesting ,useful,meaning project > import into Debian project! If you want to get the package adopted by Debian, there is nothing to stop you from offering to maintain it yourself. Somebody needs to take on the responsibility of building the package for Debian, and provide updates and fixes. In the Debian community, this happens within a framework. Everyone is free to contribute and suggest packages for adoption, but it is still dependent on someone actually taking responsibility for the package in question. I have no idea what the package you are talking about is, but if there is a significant need for it, I suggest you go through the appropriate channels to have it adopted. There is probably information on how to do this on the wiki, I'm just too lazy to check. (OK, I checked ;) Read this: https://www.debian.org/doc/manuals/maint-guide/index.en.html That is a guide on building/maintaining Debian packages. You should also take a look at: https://www.debian.org/doc/debian-policy/ch-binary.html And read this if you want the package to actually be adopted: https://wiki.debian.org/SponsorChecklist If there are other things you need to know about, I hope someone else will speak up, as I know little about this. Petter -- "I'm ionized" "Are you sure?" "I'm positive." pgpNthwaDET34.pgp Description: OpenPGP digital signature
Re: discuss debian 's attitude to ppa
On 05/23/2015 03:28 PM, Petter Adsen wrote: On Sat, 23 May 2015 15:13:33 +0800 mudongliang wrote: On 05/23/2015 02:37 PM, Dalios wrote: That said you can try to install the .deb package with other ways (for example using gdebi) but the main drawback (apart from any inconsistencies already mentioned) is that the package won't be updated with the rest of the system because apt/synaptic will not be able to do this. At last , I want to talk about the future of ppa in Debian! Even the leader has said the weakness of ppa! Maybe Debian will not use ppa! Maybe LMDE is just a hint! Isn't it!? mudongliang The major problem with using a ppa is that the software has not been vetted by the Debian project. It could contain malware or other security problems, and the maintainer of the ppa can suddenly decide to drop support of it, leaving you with a package that does not receive updates. You need to consider whether you trust the person running the ppa to not introduce weaknesses to your system. With the Debian repositories, there is a system in place to handle all of this. Adding a foreign repository _can_ make you vulnerable. You just don't know. I think Debian is a distribution which focuses security and stablity. So maybe it should help these interesting ,useful,meaning project import into Debian project! Things out of control may be a bomb I think! Sometimes, you should not rely on the users to classify the problem of application in ppa! The users may only know its function ,but not its details ,or dependency! Maybe it has many vulnerablities for attacker to hack! Maybe it is a virus! There is also the matter of dependencies, if the repository you are using is not intended for your exact distribution. It's not a matter of not supporting ppas, it's a matter of not recommending them. You can always add the repository to sources.list and add the key manually. I have to confess what you said! The user who write list file for his/her system may know much about this software or be an experienced user of Debian! mudongliang -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/blu436-smtp226ffc9680d09ccf2eb18f4bc...@phx.gbl
Re: discuss debian 's attitude to ppa
On Sat, 23 May 2015 15:13:33 +0800 mudongliang wrote: > On 05/23/2015 02:37 PM, Dalios wrote: > > That said you can try to install the .deb package with other ways > > (for example using gdebi) but the main drawback (apart from any > > inconsistencies already mentioned) is that the package won't be > > updated with the rest of the system because apt/synaptic will not > > be able to do this. > At last , I want to talk about the future of ppa in Debian! Even the > leader has said the weakness of ppa! Maybe Debian will not use ppa! > Maybe LMDE is just a hint! Isn't it!? > mudongliang The major problem with using a ppa is that the software has not been vetted by the Debian project. It could contain malware or other security problems, and the maintainer of the ppa can suddenly decide to drop support of it, leaving you with a package that does not receive updates. You need to consider whether you trust the person running the ppa to not introduce weaknesses to your system. With the Debian repositories, there is a system in place to handle all of this. Adding a foreign repository _can_ make you vulnerable. You just don't know. There is also the matter of dependencies, if the repository you are using is not intended for your exact distribution. It's not a matter of not supporting ppas, it's a matter of not recommending them. You can always add the repository to sources.list and add the key manually. Petter -- "I'm ionized" "Are you sure?" "I'm positive." pgp_YwpMnryWH.pgp Description: OpenPGP digital signature
Re: discuss debian 's attitude to ppa
On 05/23/2015 02:37 PM, Dalios wrote: On 05/23/2015 08:58 AM, mudongliang wrote: Yesterday I installed the LMDE(Linux Mint based Debian Jessie),which is a rolling release issued by Linux Mint! The installation is of no question! But when I want to install openyoudao from ppa , it returns me "not support ppa"! So I search it ! Although I don't find some real proof , but I can see one thing ! Maybe debian will not support ppa , because in the talk of Neil McGovern, he says some weakness of ppa! And from the development of Debian , ppa's development seems to be not able to ensure its stablity! What's your opinion? mudongliang I don't know what openyoudao is but when running Debian it is highly First , openyoudao is an open source project on the github! The designer says we can use ppa to install it! recommended not to mix repositories with Ubuntu or other linux distributions. In your case you are not even running Debian but only Debian based Mint (as far as I know though LMDE is Debian compatible in the repository level). Second , I run Debian Jessie on my desktop! It can install software from ppa! I forget to note it! I'm sorry! That said you can try to install the .deb package with other ways (for example using gdebi) but the main drawback (apart from any inconsistencies already mentioned) is that the package won't be updated with the rest of the system because apt/synaptic will not be able to do this. At last , I want to talk about the future of ppa in Debian! Even the leader has said the weakness of ppa! Maybe Debian will not use ppa! Maybe LMDE is just a hint! Isn't it!? mudongliang Regards Dalios -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/blu436-smtp1673c3dc5c236cf3f042690bc...@phx.gbl
Re: discuss debian 's attitude to ppa
On 05/23/2015 08:58 AM, mudongliang wrote: > Yesterday I installed the LMDE(Linux Mint based Debian Jessie),which is > a rolling release issued by Linux Mint! > The installation is of no question! But when I want to install > openyoudao from ppa , it returns me "not support ppa"! > > So I search it ! Although I don't find some real proof , but I can see > one thing ! Maybe debian will not support ppa , > because in the talk of Neil McGovern, he says some weakness of ppa! And > from the development of Debian , > ppa's development seems to be not able to ensure its stablity! > > What's your opinion? > mudongliang > > I don't know what openyoudao is but when running Debian it is highly recommended not to mix repositories with Ubuntu or other linux distributions. In your case you are not even running Debian but only Debian based Mint (as far as I know though LMDE is Debian compatible in the repository level). That said you can try to install the .deb package with other ways (for example using gdebi) but the main drawback (apart from any inconsistencies already mentioned) is that the package won't be updated with the rest of the system because apt/synaptic will not be able to do this. Regards Dalios -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/55602015.3030...@eumx.net
discuss debian 's attitude to ppa
Yesterday I installed the LMDE(Linux Mint based Debian Jessie),which is a rolling release issued by Linux Mint! The installation is of no question! But when I want to install openyoudao from ppa , it returns me "not support ppa"! So I search it ! Although I don't find some real proof , but I can see one thing ! Maybe debian will not support ppa , because in the talk of Neil McGovern, he says some weakness of ppa! And from the development of Debian , ppa's development seems to be not able to ensure its stablity! What's your opinion? mudongliang -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/blu436-smtp118a0427f8d8e427d3c4ceebc...@phx.gbl