Debian user, seeking advice about Fedora's package management, options

[Erik Hemdal]

>1 - Of the package tools that are now offered for Fedora (rpm, yum, 
>up2date, apt?, red-carpet, others?), which ones are able to 
>automatically get the package from the net? Which ones automatically 
>also get the dependencies? Which ones who me a list of all of the ones 
>that are available (like Debian's aptitude or the dreaded dselect)?
>

up2date will give you a nice list of updated packages that are available.  Yum can do the same thing (try yum check_update).  I know that yum will follow and install dependencies; not as sure about up2date because I don't use it too often.  There are options to show you *all* packages available.


>2 - I tried up2date once. It seemed like it was headed down the right 
>track of addressing the issues that I had with RedHat in the past, 
>regarding automatic downloads from a central source. However, it 
>*seemed* as though it was merely getting security-patched releases of 
>selected packages. For example, if I had installed Foo 1.0 and Bar 1.0 
>with the release CD, and then a new version of Foo (1.1) comes out and a 
>security-patch for Bar (1.0.1) comes out... it seemed that up2date would 
>only get the Bar 1.0.1. In short, you're still stuck with the old 

I haven't seen this, so I can't comment.  If new versions appear, I seem to get them without any effort.


>versions and their old capabilities, unless there is a security issue or 
>serious bug that needs fixing. Contrast this with Debian, where I can 
>point my apt sources.list file to the "unstable" store and I've always 

You can use yum to obtain the latest packages, although this is not always for the faint-of-heart.  By default, I don't think any of the tools are configured to apply test patches.

>got the latest releases of everything (except major version-number 
>changes. For example, I had to delibrately de-select Apache and select 
>Apache2 to move from Apache 1.x to Apache 2.x. But, up to that point, 
>merely selecting Apache had moved me through Apache 1.1, 1.2, and 1.3 as 
>they were released).

If a package called apache-.... is on your system, then yum/up2date will consider apache2-.... to be different softwawre.  As I remember, there was a desire to keep Apache 1.x available for those who needed to stick with it.  So I don't take this as a deficiency in package management tools.


>I guess another way to put it is that... if you had installed RedHat 8, 
>then running up2date would only ensure that you had a fairly secure 
>version of the packages (and versions thereof) that originally came with 
>RH8. 

I take this to be Red Hat policy.  If I want to encourage you to buy my RH8 boxed set, and then my RH9 boxed set, I don't want to give you RH9 for free in dribs and drabs.  Debian's approach is necessarily different.

>On the other hand, with Debian, if I install Debian 2 and run apt 
>regularly, as Debian 3 is nearing release, my machine would gradually be 
>picking up the new Debian 3 versions of packages as they passed testing. 
>On the day Debian 3 was released, the versions of all of the packages on 
>my machine would, essentially, match those on the release CD of Debian 3
>Was I just imagining that, or is that how up2date really works? Do the 
>other Fedora management tools work differently? It would be a pain to 
>have to manually select newer minor version numbers of hundreds of packages

I think this is a matter of policy and not a tool limitation.  In many cases, FC(n+1) is very different from FC(n).  If I am on a particular version of Fedora Core, I don't want to mix versions.  I might not want to switch from devfs to udev, or adopt X0rg vs. XFree86.  Simply continuing to update would take me in directions I might not want to go.

So our repositories allow me to either continue to receive backported fixes for older versions, or I can upgrade versions by migrating to a new release.  Given the high rate of change in Fedora, I would have it no other way.


3 - With Debian, there are oodles of packages available on the official 

>site and mirrors. Of the several hundred packages I have installed on 
>our server, I think I've got one or two that come from third-party 
>"average Joe" sources. On the other hand, from what little I've read 
>about configuring apt for RedHat thus far (which isn't much, I'll 
>admit), it seems that there's a much higher occurence of third-party 
>sources in the apt sources.list files. For those using any of the 
>automatic-package-and-dependency-download-and-install tools, 
>approximately what percentage of your packages (especially new versions 
>of packages) come from NON-official RedHat sources?

For me, zero.  I either get "genuine Fedora" software, or I build my own.  Doing otherwise is too much work. :-)

Hope this helps.    Erik


>Regards,
>
>- Joe