[lsb-discuss] Re: There is no good package management for LSB packages

Klaus Singvogel kssingvo at suse.de
Mon Feb 11 05:07:49 PST 2008

Till Kamppeter wrote:
> The distributions provide these features by their package managers, like 
> YaST, yum, urpmi, apt-get, ... Unfortunately, every distro has its own 
> tool here. We will need some mechanism to do this in a 
> distribution-independent way, for LSB packages.

I think this idea should be discussed.

In my point of view the main reasons why distributions will not
be happy with your proposal are:

1. Trusts

In your scenario you expect that the distributions accept packages
from the LSB group as if they were made in-house. But distributions
spend a lot of time and effort to the quality of their packages.

The trust to the signing key. I can speak of SUSE here. We did a
lot of efforts so that access to our package signing key(s) got only
restricted to one person (by hardware and software mechanism). It's
hard for us to believe that the LSB group will be spending the same
time and money for having similar strong mechanism.

So, its getting hard to trust that the LSB keys and mechanism will be
made as strong as those at the distributors.

2. Infrastructure

Are the LSB servers ready to handle several thousands of requests per
SUSE for example, has to distribute onto their mirrors to load balance
the incoming requests, and the download of update packages. But LSB
means more than one distribution, they include RedHat, Debian, Ubuntu
and many others too. How can these multiple higher load be handled?

3. EAL certifications

Some distributions are EAL certified. If the LSB group is using the
infrastructure of EAL certified Linux distributions and replacing or
adding additional software into their distribution. I think the
distribution fear that the LSB package, which are not made of same
level of EAL certificates, revoke the EAL levels.

In my point of view the solution should be: if there is the intention
of adding and maintenance of software by the LSB group, then it is
easier if this processes is handled independent by software made from
the LSB group.

Klaus Singvogel
SUSE LINUX Products GmbH
Maxfeldstr. 5                     E-Mail: Klaus.Singvogel at SuSE.de
90409 Nuernberg                   Phone: +49 (0) 911 740530
Germany                           GnuPG-Key-ID: 1024R/5068792D  1994-06-27

SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG Nuernberg)

More information about the lsb-discuss mailing list