[tclug-list] Still Active?

Thu Aug 13 17:05:25 CDT 2009

-----Original Message-----
From: tclug-list-bounces at mn-linux.org [mailto:tclug-list-bounces at mn-linux.org] On Behalf Of Carl Wilhelm Soderstrom
Sent: Tuesday, August 11, 2009 3:15 PM
To: tclug-list at mn-linux.org
Subject: Re: [tclug-list] Still Active?

On 08/11 02:03 , Bob De Mars wrote:
>> Slackware is exempt from this, and this is a big reason I only use
>> Slackware on my production boxes.  If a package is not available, it's as
>> easy as 1-2-3 to roll your own from source. No biggie.

> My problem with Slackware and Gentoo (and to a certain extent, the *BSDs) is
> that it encourages compiliation of software on every machine. The downsides
> of this are numerous:
>

I am only speaking for Slackware here as I havn't touched a *BSD in over 10 years, and all I ever used Gentoo (cd or dvd) for was a nice coaster for my coffee cup.

It seems Slack gets a bad rep. when it comes to package management.  Slackware does have package management.  By default it doesn't do dependency checking like others, but how hard is it really to see if you have required things installed or not.  If this is an important issue to you, then there are a couple good .deb like/apt get package managers for Slack that do check the dependencies.  Slackware doesn't have packages for every program under the sun to be sure (like Debain & crew, and others), but ships with just about everything you need.  If it is something not provided by the Slack mothership, Slack ships with several tools that make the package creation process easy (and easy to maintain those packages going forward).

> -- without package management, it's difficult to know what software needs to
> be updated

It's not difficult.

> -- compiling on every machine takes a lot of time and human handwork. Even
> if you're just updating one machine, it's a lot of additional work compared
> to just installing packages from somewhere

True compiling can take time.  However you do not need to compile on every machine.  Just on the machine that is rolling the package.

> -- you can't guarantee consistent builds between different machines.
> different options, different environments, cause different compiled results,
> which leads to confusion when trying to sort out why one machine works and
> another doesn't.

Not True. Build one good package, and there is no confusion.

> -- a compiler provides attackers with a tool they can use against you
> (compiling a version of their software that will run on your machine).
>

Public boxes don't need compilers if the packages are being made behind the scenes or if simply upgrading or installing a package provided by Slack.

> Even if just installing one piece of software on one machine, it's worth
> building a package for it if at all possible. Some software is easier to
> package than others tho. Unfortunately there are all too many software
> developers who never look at their software from the sysadmin side and see
> how much trouble it is to package & install.

I agree with this.

Bob

GlobeRunners, Inc.
IT Manager
600 Inwood Ave. N., Suite 160  |  Oakdale, MN 55128  |  Direct (651) 925-1500  |  Cell: (612) 850-6940  |  Fax: (651) 925-1560  |  Email: bob at grunners.com