Debian user, seeking advice about Fedora's package management, options
Erik Hemdal
ehemdal at townisp.com
Sun Feb 6 15:35:26 UTC 2005
>1 - Of the package tools that are now offered for Fedora (rpm, yum,
>up2date, apt?, red-carpet, others?), which ones are able to
>automatically get the package from the net? Which ones automatically
>also get the dependencies? Which ones who me a list of all of the ones
>that are available (like Debian's aptitude or the dreaded dselect)?
>
up2date will give you a nice list of updated packages that are available. Yum can do the same thing (try yum check_update). I know that yum will follow and install dependencies; not as sure about up2date because I don't use it too often. There are options to show you *all* packages available.
>2 - I tried up2date once. It seemed like it was headed down the right
>track of addressing the issues that I had with RedHat in the past,
>regarding automatic downloads from a central source. However, it
>*seemed* as though it was merely getting security-patched releases of
>selected packages. For example, if I had installed Foo 1.0 and Bar 1.0
>with the release CD, and then a new version of Foo (1.1) comes out and a
>security-patch for Bar (1.0.1) comes out... it seemed that up2date would
>only get the Bar 1.0.1. In short, you're still stuck with the old
I haven't seen this, so I can't comment. If new versions appear, I seem to get them without any effort.
>versions and their old capabilities, unless there is a security issue or
>serious bug that needs fixing. Contrast this with Debian, where I can
>point my apt sources.list file to the "unstable" store and I've always
You can use yum to obtain the latest packages, although this is not always for the faint-of-heart. By default, I don't think any of the tools are configured to apply test patches.
>got the latest releases of everything (except major version-number
>changes. For example, I had to delibrately de-select Apache and select
>Apache2 to move from Apache 1.x to Apache 2.x. But, up to that point,
>merely selecting Apache had moved me through Apache 1.1, 1.2, and 1.3 as
>they were released).
If a package called apache-.... is on your system, then yum/up2date will consider apache2-.... to be different softwawre. As I remember, there was a desire to keep Apache 1.x available for those who needed to stick with it. So I don't take this as a deficiency in package management tools.
>I guess another way to put it is that... if you had installed RedHat 8,
>then running up2date would only ensure that you had a fairly secure
>version of the packages (and versions thereof) that originally came with
>RH8.
I take this to be Red Hat policy. If I want to encourage you to buy my RH8 boxed set, and then my RH9 boxed set, I don't want to give you RH9 for free in dribs and drabs. Debian's approach is necessarily different.
>On the other hand, with Debian, if I install Debian 2 and run apt
>regularly, as Debian 3 is nearing release, my machine would gradually be
>picking up the new Debian 3 versions of packages as they passed testing.
>On the day Debian 3 was released, the versions of all of the packages on
>my machine would, essentially, match those on the release CD of Debian 3
>Was I just imagining that, or is that how up2date really works? Do the
>other Fedora management tools work differently? It would be a pain to
>have to manually select newer minor version numbers of hundreds of packages
I think this is a matter of policy and not a tool limitation. In many cases, FC(n+1) is very different from FC(n). If I am on a particular version of Fedora Core, I don't want to mix versions. I might not want to switch from devfs to udev, or adopt X0rg vs. XFree86. Simply continuing to update would take me in directions I might not want to go.
So our repositories allow me to either continue to receive backported fixes for older versions, or I can upgrade versions by migrating to a new release. Given the high rate of change in Fedora, I would have it no other way.
3 - With Debian, there are oodles of packages available on the official
>site and mirrors. Of the several hundred packages I have installed on
>our server, I think I've got one or two that come from third-party
>"average Joe" sources. On the other hand, from what little I've read
>about configuring apt for RedHat thus far (which isn't much, I'll
>admit), it seems that there's a much higher occurence of third-party
>sources in the apt sources.list files. For those using any of the
>automatic-package-and-dependency-download-and-install tools,
>approximately what percentage of your packages (especially new versions
>of packages) come from NON-official RedHat sources?
For me, zero. I either get "genuine Fedora" software, or I build my own. Doing otherwise is too much work. :-)
Hope this helps. Erik
>Regards,
>
>- Joe
More information about the fedora-list
mailing list