OK, so after going through comments on my previous post about Apt URL it has become obvious to me. Apt URL is a band aid more than it is a way for people to easily distribute software. Is this a bad thing? No, not in my personal opinion. It seems the main arguments I received in the post, and especially on IRC (thanks to all of you who messaged me bitching me out, that rocks!) as as follows:
- Once Ubuntu is released, we aren’t getting new updates.
- Package so-and-so hasn’t been updated in 2 years
- This will allow software developers to get their software out to more people.
OK, so it is obvious why I call Apt URL a band aid, and points #1 and #2 show this. For point #1 it is obvious that Backports aren’t getting utilized as they probably should. Point #2 shows us that there are more merges on MoM than there are developers to handle that, and that there is a ton of software we aren’t paying attention to. This is something that has to be fixed, but has proven difficult for the past few years.
That brings me to point #3. In a comment in my last post, Skype was brought up, and how it isn’t in the Ubuntu repositories. Is there a reason that Skype can’t go into Multiverse or the Canonical repositories? Is there something I am missing when it comes to the non-free repositories? I will admit I do not follow them since I attempt to keep my system RMS happy :p
OK, so here is my other question, slash, problem. Security! I keep hearing about this “whitelist.” Am I to expect that people are going to go through the Core Developer process in order to get on this so-called whitelist? If you don’t do a process like this, well you just flat out disrespected every MOTU and Core Developer in our community. If you make them go through a process like this, then why can’t they be a MOTU or Core Developer in Ubuntu? This is my big issue really. If you don’t make them go through the process that every MOTU and Core Developer has done then you might as well spit in those people’s faces who have put their blood, sweat, and tears into gaining a certain level of trust. And if you do make them go through the same process, then what the heck, it makes no sense.
I am still looking for solid information on why this is good, and how it can be utilized for something other than a band aid. Martin Owens had my favorite comment on the previous post, about what kind of society do I think we live in and what not. Martin, we live in a society right now where people need protection more than anything. I am not talking about the old G-Dub terrorist protection plan, I am talking about those evil little kids in mommy and daddy’s basement using other people’s scripts to do damage. Linux, just like Windows and Mac, is as secure as its user. I think it is in Ubuntu’s best interest to protect the users as much as possible, but not to the point where we cut off their freedoms. If people want Apt URL, give it to them, but I think Ubuntu should make the same statement it did about Automatix years back.
If we want to make it easy for people to get the latest and greatest software, then we need to start working on fixing our infrastructure so we can do it correctly and safely. Since there is no single package manager to rule them all, Linux software distribution will continue to be a pain in the ass. Here is an idea. How about a mailing list or such, where upstream developers can announce new software, updated software, and what not? Everyone who wants to be a packager, look there and get to work? There has to be a way to have solid upstream <—> downstream communications, it is sounding like it isn’t happening to me.