[PLUG] On the topic of distributions

AthlonRob athlonrob at axpr.net
Wed Jan 22 21:51:01 UTC 2003 

On Wed, 2003-01-22 at 21:21, Rich Shepard wrote:

>   If I understand the concept of packages (and I don't care whose they are),
> they make installation, upgrade and removal of an application easier and
> quicker by tracking the libraries upon which the application depends and
> notifying the user if those libraries are not present. If my understanding
> is correct, how do users of non-package distributions (e.g., Slackware) cope
> with dependencies when a new application (or an upgraded one) is installed
> from source?

Generally speaking, when you compile things from source they are built
to correspond to the libraries on your system.  You take a tarball,
compile it against glibc 2.2.5, then it works with glibc 2.2.5 and not
2.3.1.

So, compiling things from source gets rid of many of those
specific-version dependencies.  When you do a ./configure, a
well-written program will search out and make sure you meet the
requirements, and if not, it'll give you a report of what you need,
which you can then grab the source for and compile.

It takes more time than using precompiled packages, but I think it is
just as easy most of the time.

>   I get notices from Red Hat when they have a package upgrade available that
> welds shut a security hole in the existing package. This is a rather handy
> tool for a non-SysAdmin like me who can't spend a lot of time each day
> reading bug-tracking mail lists and other such sources to learn of
> vulnerabilities removed. What do folks do to keep their systems secure when
> the distribution they run is Slackware, gentoo, linux-from-scratch or
> something else?

When there's a known exploit of a Slackware package, Pat patches it as
quick as possible and then emails the slackware-security list.  Gentoo
has a similar system which is a bit more robust.  LFS folks are on their
own, I think.

>   In a non-critical way, I'm curious if a lot of the Red Hat x.0 (and
> sometimes, x.1) bugginess is an unintended consequence of complexity from
> wrapping tools in covers that make them easier for us
> less-technically-sophisticated users?

That is surely part of t... but a great part of it, too, is that they
often use unstable development packages of important things in their
system.  8.0, I understand, used a prerelease version of glibc that
causes problems with some things.

7.0, IIRC, shipped with a prerelease version of gcc that didn't compile
things very well, especially c++ code.

Rob

More information about the PLUG mailing list