Hi, I understand Aoki-san's concern. There's no easy way to find out whether a package can be trusted or not.
I'd use stow for the moment. It would work for my purpose in most cases. Someday I might like them to be packaged to deploy them in easy way. Even in that case, I'd still keep those things away from official system to avoid them overwriting *stable* software. (/usr/local or the like) Thank you On Thu, Jul 9, 2009 at 11:48 PM, Osamu Aoki<os...@debian.org> wrote: > Hi, > > I appreciate Boyd's enthusiasm but I hope he will be a bit careful > checking facts and learn best practices. > > On Wed, Jul 08, 2009 at 01:45:56PM -0500, Boyd Stephen Smith Jr. wrote: >> In <20090708155214.ga5...@osamu.debian.net>, Osamu Aoki wrote: >> >On Wed, Jul 08, 2009 at 10:41:44AM -0500, Boyd Stephen Smith Jr. wrote: >> >> In <90bb445a0907071607k26d7720fwf19c65e91c501...@mail.gmail.com>, Akira >> >> Kitada wrote: >> >> >So here's my question. How can you manage new softwares while keeping >> >> >the system stable? >> >> >Using packages from backports.org or Sid? Do you build .deb packages >> >> > yourself? Can you keep the Lenny's intact? > ... >> >> You can choose the version from backports, testing, sid, or experimental >> >> through the aptitude curses interface, or by using 'aptitude install -t >> >> $release $packages' or 'aptitude install $package=$version'. >> > >> >"You can install a package" is different from "you can get reliable >> >system". This type of reckless comment is dangerous as advise to >> >general public. (Boyd knowing well, he may be OK) I was once reminded >> >by other DD when I made similar remarks... >> >> It's true that a mixed system isn't completely supported. > > This is important and there is reason for this :-) > >> However, ... > > I know it works mostly ... but this is not something novice user should > be casually advised to do without knowing how to judge when to do it. > >> The main difficulty I've encountered when running a mixed system is that >> 'aptitude safe-upgrade' and 'aptitude full-upgrade' often need more advice >> as to what to install. I found the aptitude curses UI quite valuable when >> resolving those issues. If you throw up your hands and mail the list as >> soon as aptitude can't auto-resolve an installation/upgrade to your >> satisfaction, a mixed system isn't for you. > > sigh ... > >> >> If Sid/experimental doesn't contain a new enough package for you, find >> >> it is some other signed repository, add it to your sources.list, set a >> >> priority (200 maybe?) for it, and add the signing key to your apt >> >> keychain. >> >> >> >> If it isn't in any signed repository, just install a .deb using dpkg, or >> >> an .rpm via alien. If you *have* to compile to software yourself, roll >> >> your own .deb; it's not that hard to make a minimal one so that the >> >> software can be easily uninstalled and file conflicts can be detected. >> > >> >Oh.... you are going too far. >> >> The supported options are (a) don't install that software or (b) get that >> software into Debian by becoming a Debian maintainer. Some people >> can't/won't take either of those options. > > I do not share your idea .... there is many things you can do as non-DD > such as making private backports. This is elaborated in my "Debian > Reference" if you ever cared to read. > >> My advice is a third option. It is not supported, but it works quite a bit >> better than doing all the work of a package manager yourself. Stow, >> mentioned elsewhere in the thread, is also a great tool if there is no .deb >> available, but it still leaves you having to fight with the ./configure && >> make process which is not *always* trivial. > > I encourage much more careful approach to your system maintenance and > advise to others. > > Osamu > > PS: Boyd seemed to suggest any signed archive can be used. I hope he > will not find a malicious archive with a signature .... I know > installing malicious package can easily erase his system. > > > -- > To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org > with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org > > -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
