Re: [MiNT] Software packaging (was: opkg / coldmint)

[Eero Tamminen <oak@helsinkinet.fi>]

Hi,

On sunnuntai 17 helmikuu 2013, Matthias Arndt wrote:
> I'd like to add aheretic point of view, from a normal Atari user.
> 
> Why inists on unixoid packaging at all? We Atarians are used to have
> single contained software distributions since the very start.

IMHO that's mostly because 99% of our software is statically linked.


> Software always came either a floppy disk or could simply be put in one
> folder that could be copied anywhere.
> 
> I know that proper packaging  makes it a lot easier to keep track but on
> an Atari I personally just copy the stuffs. And the RPMs etc are most
> often in the way, I extract what I need for a non-unix setup.
> 
> Thank god, on Atari we hardly have the dependency hell for ordinary
> software, only for kernel stuffs. In contrast to Linux, an RPM with
> networking tools from the 90s still works with my already dated MiNt
> 1.16 while otoh a 90s vintage RPM for Linux would fail to install in 95%
> of all cases.

The point of packaging systems is to keep your system up to date,
not keeping it obsolete.

The (expected) "failure" in Linux case is because all the dependencies
have been updated, mostly due to shared libraries.

There are several points in having shared libraries.  Memory and disk
space saving (in most cases) are one reason, but IMHO most important one
is security / reliability fixes.  With statically linked binaries it's
hard to know even whether some known security vulnerabilities (since 90s
when your binaries were last re-built) apply to your programs or not.
Because with static linking, it's *much* harder to know against which
buggy & vulnerable libraries & their versions your binaries were built
with.

If your machine isn't connected to network, that doesn't matter much,
but if your machine is connected to internet and even runs some
publicly visible services (like Linux machines often do), that's
a completely different matter...


One thing that packaging systems can provide is automatic re-builds
of packages when their dependencies change, this includes also static
libraries and their dependencies.  I.e. one needs to apply security
fix only once, and it gets (mostly) automatically applied to all
binaries it affects.


> How about packaging systems with a more GEM setup without unix
> infrastructure in mind? That would be more useful for actual
> non-developer users. No installer apps necessarily....

More important question is should such a packaging system
distribution (packaging, their updates, security fixes, package
naming, source build split up in binary packages, dependencies
etc) depend on some other platform's distribution?

If yes, that pretty automatically brings in Unix stuff, as
on what else one could base it?

If no, somebody needs to specify such things for completely
MiNT-only distribution, in such a way that it's still fairly
easy to integrate some neceassary Unix software (like GCC and
network services) to it.


	- Eero