[lsb-discuss] LSB half walk between distro and not distro.

Peter Dolding oiaohm at gmail.com
Thu Mar 13 02:40:28 PDT 2008


Currently LSB covered libs are far to limited for a lot of
applications.   Yet not all lib's are going to be needed by all
applications.

I do support for the www.winehq.org project.  It would be a great
break threw if the project could stop making packages for every distro
out there.

Now many things are going to get in way.

Common security information descriptions.  There are no common formats
to application developers to write what there application uses and the
security it needs or to control user access to application based on
role.  Users of X role only need this amount of system access..  Linux
standard base does not have a security section I can find.  Please
don't say the kernel guys can sort it out we have already been waiting
5 to 7 years for them to get it sorted out.  It need to be sorted out
from a ISV point of view.  If the kernel developers want to keep on
fighting over how its done in kernel fine.  KDE and Gnome are even
making it worse having two different systems for define user profile
limitations.

Lack of libs and parts needed by wine.   Wine is a massively multi
fanged beast.  Connects to all over the place.  Samba above particular
versions for some feature.  Non tampered with freetype cause major
trouble opensuse at one point.  Now of course shipping wine with all
the third party parts it uses is going to be kinda huge.

Lack of functional upgrade system in LSB design.  Major issue thinking
that wine releases a new version every two weeks.

Security update of all the wine third party parts.

In one way wine would be one of the best project to pick as a test of
LSB packaging.   I would say take the most complex hardest to package
applications from open source and use them as the benchmark.  Security
update and so on must work.  Distro security must not be made weaker
by correctly designed LSB packages.

Could this see something the size of a distro independent to all
distros it could.  Really hours and hours of computer time is wasted
on each linux release and updates building the same packages over and
over again.  Lot of distros claim the right to tweak packages.   True
they have the right to do that.   But they should not be breaking
other applications.

For LSB to work it has to be end of Distros as we know it.   Currently
each distro trys to package with ever application on earth.   This
needs to move to Distros are a core set of applications and sections
altered by Distro with a common shared source of applications that
were not tampered with by the distribution.   This will lead to cost
savings.  There is no reason for 1000 copies of gzip to be build if
they are all the same.  Common shared source of applications would
allow users getting the wrong distro of a magagine or other sources to
at least update some of the Linux they are using from it.  Doing this
move is hard Distros must not weaking secuirty threw using common
packages.  Must still have the power to fix defective packages.

One saving grace is there are not that many packaging formats.

RPM good for install and configure latter setups.
DEB good for configure on install.   Avoiding weak default settings.
Portage and other source systems.   Good for customising.
TGZ of slack no real useful feature other than no size usage on dependancys.

Current package format in LSB is not perfect.   Developers coming from
windows are use to the Configure on install of deb.  But with the
means to bundle packages.

All the way along creating a new package standard from nothing taking
the best of the existing packaging systems has been avoid.  Having deb
and rpm packages does not really solve all the issues.   Package
dependancys cannot be declared on a distro by distro base in either
rpm or deb.  So if you know a distro has the packages your application
needs you don't have to install the ones you shipped with instead ask
distro to install its own.

LSB packaging looks to head the way of windows.  LSB applications
having to run there own different installers grilling the package
manager for information.  What is really no better than what we have
now.  Particularly from a secuirty point of view its always better
having a approved applications writing to the core of the OS.   We
don't need windows like rootkit adware/spyware installing into core of
Linux Distros.   Most of this can be cut off by fixing the issues now.

Peter Dolding



More information about the lsb-discuss mailing list