This first rant will be specifically aimed at Fedora, and their update policy.
Here is how I think it should be: Your distribution is released; you support it with updates that either a) fix horrible glaring bugs or b) close security holes. Fedora release a new version of their distribution every six months. Great! That's short enough that users won't get irritated at having to use very out-of-date packages between releases. But wait! What's this I see in my updated packages list? 200 updates, of which most are 'new feature' updates and only 8 security updates?
I have a simple question for the Fedora developers: Why can't those new feature releases wait for the next distribution release? As it is, if I want to let all my Fedora machines use the official update repository, they'll be getting hundreds of updates every month - and some of those updates are broken. Badly broken. I need to be able to test the updates that are applied to my machines, and testing all those updates every month would be a massive time drain. It's simply unfeasible.
My current 'solution' (it's really not much of a solution) is to host a small local repository containing only those official updates that I think are worth using. It contains packages for which regular updates are demanded by users (e.g. Firefox) and packages which fix really horrible security holes. Does it contain all the updates marked as security updates? No, because this information is so hard to find it's like getting blood out of a stone. I know the information is there within the individual packages because the fancy graphical update nagger tells me so, but how can I download only the security updates from the Fedora updates repo? I don't think I can, Fedora!
I certainly don't choose to include packages that mess with the guts of the system, due to Fedora's lamentable record of breaking things in updates. Kernel updates? No way. Certainly nothing to do with sound. kde*? I don't think so. If the Fedora devs are pointing their fingers at the upstream developers, that won't do - you don't need to include broken packages in your updates. Just leave them out. It's easy. Your users will thank you. If the new, broken version of a package fixes an old security issue, patch the old version of the package! It's open source! You can do this!
Well, that's about all I have to say 'bout that. I'll just keep on cherry-picking updates for my local repo. And grumbling, of course.
No comments:
Post a Comment