[kwlug-disc] What's the best desktop distribution?

Thu Feb 4 16:31:40 EST 2010

> Not to be harsh, and maybe you don't realize it, but you're asking
> for the Windows world here.
>
> Do you trust every random site you pull a Drupal module from?

I don't think Paul was saying he would pull Drupal/Gem/CPAN/PECL/...etc
stuff from any random site. He would be getting them from the authoritative
repository (e.g. drupal.org, cpan.org, php.net, ...etc.)

So the security risk here is minimal.

Obviously
> yes, since you run the code, but so does everyone who installs
> the latest whizbang EXE on their Windows box, and then hopes for
> security updates from all those random sites.
>
> Making 'apt-get update ; apt-get upgrade' work properly means that there
> is someone behind the scenes doing the work for us.
>

Yes, but Paul's point is that we have a myriad of them for each language.
Even though it is fairly easy to pull stuff from the respective repository
for
that language, it bypasses APT's dependency checking mechanism.

In a previous email I attempted to make the point that he is right where
languages/libraries are concerned. For Drupal, it is not much of an issue
since we don't have anything other than Drupal web sites being impacted
by upgrading Drupal.

So Lori is right.  The problem is that people aren't using apt enough.
>
> If you go to the trouble of making your own repository, might
> as well put it on the net, and share it.

That is exactly what CPAN/PECL/Drupal do ...

> And if you're going to
> share it, you might as well get in touch with a Debian developer
> so that everyone benefits, and you don't have to pay for the bandwidth
> yourself.
>

The issue here is release cycles. Debian is very slow to come with
stable releases compared ot other stuff. For example, Drupal used
to have a 6-8 month release cycle for core, and several hundred
modules. Now the cycle is more like 2 years for core, but there
are 3,000 or more modules out there, with various maintainers.
They tend to move at their own pace, often very quick, and hence
does not fit into the Debian repositories. We had really old stuff
in Debian as far as Drupal is concerned.

I hear your point that someone can setup a separate repo for
Drupal in .deb format. It is noarch, so it is easy (no need to
have a version for ARM, PA-RISC or what have you), but the
pace issue will still be there.

> And if that sounds like too much work, then you're still left with
> maintaining your systems manually like you've always done.
>
> It's a balance... and I've compiled my own programs enough to know that
> sometimes it's not worth it to make a full package.  But packaging is
> not rocket science either.  It's more like accounting... a little bit
> time consuming, and a little bit boring. :-)
>

You are right.
-- 
Khalid M. Baheyeldin
2bits.com, Inc.
http://2bits.com
Drupal optimization, development, customization and consulting.
Simplicity is prerequisite for reliability. --  Edsger W.Dijkstra
Simplicity is the ultimate sophistication. --   Leonardo da Vinci
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://kwlug.org/pipermail/kwlug-disc_kwlug.org/attachments/20100204/9a8b61b1/attachment.htm>