2 reasons why small package repository is better than large

I am in the middle of CentOS and Ubuntu comparison frenzy. It started with an attempt to assert quality of Linux distributions made for busy people. Today I am considering packaging.

When comparing Ubuntu and CentOS packaging systems, first thing that crosses my mind is that, well, size matters. Ubuntu has nearly 70000 packages. CentOS has around 6000.

Obviously, it is very handy to have every possible package just couple of clicks away. Instead of looking for the package, understanding its version system and available architecture. Instead of looking for the vendor’s web-site, seeing all the ads, etc. What you do is just open Synaptic manager, enter the name of the program, or just a couple of keywords describing what you need. Then you do couple of clicks and you’re done.

But when I started using this system I found that there’s something broken in it. There are several things that bother me.

Yes, most of the programs are easy to install, but still, some programs are not in the repository. Others are outdated. Here is one example.

Non mainstream programs – meet EAGLE

I am a BS.c student. Last semester I was studying Digital Design. I do my home assignments on computer. This includes digital designs I have to submit as part of the home assignments. So, naturally I was looking for a program for designing circuits. After trying a couple of programs I found one that did the job for me. The name of the program is EAGLE in case you wonder.

However, note how I found it. First I tried three or four circuit design programs from repository. I didn’t like any of them so I googled for it. I found one program that worked for me.

It appeared that the program is in the repository and I already tried it. Yet the repository version is so outdated that I didn’t like it when I looked at it first time. But when I downloaded the latest version from vendor’s web-site, the program was much better. Eventually I used the latest version.

This is a good example of how centralized repository isn’t perfect. Well… Obviously programs like EAGLE are not mainstream programs. Not to mention this is a commercial program. This can explain why repository version is outdated. But from other point of view, being out of the main stream, means that centralized package repository begins to work against you.

I have no doubt that the most popular programs are uptodate in Ubuntu’s repository. Furthermore, something tells me that there are around 5000-6000 such programs – the number of packages in CentOS’s repository. As for the rest of programs in Ubuntu’s repository, it seems that you’d go to vendor’s web-site and download the latest and the greatest version anyway.

The newest and the hottest – meet Firefox

Another issue is when there is a new version of certain piece of some popular software.

Take Firefox. I’ve been using Firefox 3.5 since it was Firefox 3.1b1. Obviously, when final release version has arrived I was anxious to install it as soon as possible.

Well, you can’t expect new versions of software to land in Ubuntu’s repository instantanoisly. Same happened to Firefox 3.5. As a matter of fact, I think it is still not there – although cannot be absolutely sure about it because I didn’t check.

Luckily, there are some good people on the face of this planet. Someone created a launchpad project with the latest version of Firefox in it. So all I had to do was to install another package source and an appropriate GPG key (or is it PGP?). Obviously it didn’t go as smoothly as I wanted it to go. The launchpad installation didn’t remove older version of Firefox and it was conflicting with the new version. Took me some time to get over it.

When I am thinking about it right now, it seems that it would definitely take less time to install official version, without trying to incorporate Synaptic. I’d probably go on and remove the default version of Firefox because, well, I’d know that nobody will do it for me. Then I’d simply install the official version and add the menu shortcuts manually.

So, here again Synaptics comes as spoiler. It is not its fault really, but Synaptic places the bar very high, perhaps too high, and it is very easy to get disappointed.

So perhaps, many packages can be just too many. What do you think?

Did you know that you can receive periodical updates with the latest articles that I write right into your email box? Alternatively, you subscribe to the RSS feed!

Want to know how? Check out
Subscribe page

26 Comments

  1. I’ve used both Debian, Ubuntu, and Red Hat for
    about 10 years.

    First, apt trumps rpm.

    Size? How many times have I found myself wandering
    around rpmfind.net because it wasn’t in the Red Hat
    repository? Then its up to me to keep abreast of the
    security updates.

    I’ll take a bigger repository any day.

  2. Deryk Barker says:

    What I think – having used linux since summer 1993, SLS “distro” kernel 0.99pl12 – is that you don’t have enough experience of *not* using repositories to realise just how much pain that can cause.

    Also: I’m with Greg. Moving from rpm-based distributions to deb-based ones was the best linux move I’ve made in a long time (I did this about 6 years ago).

    Can’t really see the point of this article.

  3. BiggerIsBetter says:

    Firefox 3.5 is and has been in the Ubuntu Repo’s since it was released by Mozilla. You have to install it seperately from 3.0.11/12. 3.0.11/12 will never be updated .. they are seperate.

    Open Synaptic and search Firefox-3.5 and install.

  4. BiggerIsBetter says:

    First, Firefox 3.5 is and has been in the Ubuntu Repo’s since it was released by Mozilla. You have to install it seperately from 3.0.11/12. 3.0.11/12 will never be updated .. they are seperate.

    Open Synaptic and search Firefox-3.5 and install.

    Second, RPM’s have advance tremendously with the release of Fedora 11. They actually equal Debs right now. As of today, Neither is better nor worse than the other .. it only depends on which system you prefer.

  5. Nevyn says:

    I think there is a trade off here. Personally I prefer a stable release from people I trust to some extent (package maintainers) rather than the latest and greatest. If that requires some testing before it makes it upstream, then I’m all for it. Simple. If an application doesn’t meet my needs but looks like it’s part way there, then I may go and look for a more recent version.

    Mostly I use Debian in which case, this tradeoff takes an extreme. At the very least, I’m assured a stable environment.

  6. Bob Robertson says:

    70K packages?

    I’m impressed.

    Debian Unstable has 26K. This is from this morning, with Debian-Multimedia thrown in for good measure:

    =====
    Replacing available packages info, using /var/cache/apt/available.
    Information about 26238 package(s) was updated.
    =====

    I wonder how Ubuntu triples the number of packages of the distribution it’s supposedly based upon?

  7. Bob Robertson says:

    Just as an aside, I’ve been using Debian since 1995, usually running Unstable, and have been quite satisfied.

    Stable makes a very, very stable system, that just plain works.

  8. Fred says:

    I too fail to see the point of this article. I’m currently a Ubuntu user, but my first distribution was Mandrake. I enjoyed it, but I also remember all of the dependency hell I had to go through just to install a package I found online. No thanks, I’m sticking with Ubuntu and it’s repository of ~70K packages.

    Besides, I believe that the more the community can make the Linux experience easier for anyone who’s new to Linux (which I was 5 years ago), the better, and hence, the more Linux users there will be.

  9. Karl O. Pin says:

    You seem to have discovered that having the latest version of every package is a reason to roll your own Linux distro. If you actually follow through on having every package up to latest version you will discover why people rely on their Linux distributor to keep everything working smoothly together. I find that having older packages that work together seamlessly is, on the whole, preferable to doing my own system’s integration. YMMV. Fortunately, with Linux you’ve the flexibility to manage your system any way you care to.

  10. @Fred
    @Deryk Barker
    Point of this article is to try to shake common state of mind – bigger is not necessarily better.

  11. Originally Posted By Bob Robertson

    I wonder how Ubuntu triples the number of packages of the distribution it’s supposedly based upon?

    Debian are probably dropping most of the packages as unstable. Otherwise I am wondering the same thing.

  12. @Karl O. Pin
    I am not into doing my own integration. Like you, I prefer to rely on distributor to assemble a stable system. However, in some cases I want to have the latest version immediately. In my case this includes only few packages – Firefox, OpenOffice and perhaps Amarok.

  13. MarkW says:

    @BiggerIsBetter

    “…Second, RPM’s have advance tremendously with the release of Fedora 11. They actually equal Debs right now. ”

    I’d argue that the step forward occured with SuSE 11 (although they did some of the pre-work before that, so may be some discussion about exactly when the step was), but that was substantially before Fedora 11. So I don’t think that Fed11 was when the step forward occured.

    And its not really an rpm step forward; its actually the handling programs and not rpm that is stepping forwards (although there is also a rpm step forward available)…rpm not being a package management system, but a package manager format.

    And I’d still say that that the synaptic/.deb system works a little more smoothly, but with the latest improvements, at least rpm-based distros can be competitive, these days.

  14. Grant Wagner says:

    While I can appreciate the issues the author had, neither of which were based upon the actual size of the repository. In fact, they were both based upon the repository policies instead.

    In response to the first issue, outdate packages, I don’t think a package should ever been removed from a repository. A filter in synaptic (or your tool of choice) might be a good solution thought to filter out the obsolete or unmaintained packages.

    As for the second, I really like the Debian multitiered approach. Stable may be up to 2 years out of date, but you can depend on nothing but the absolute most rock solid system possible. I would use nothing less for a server. They they still do have the security updates, so it’s not completely untouched. As you move up, you get newer, but potentionally more buggy software. For example, Firefox 3.5 was in Debian experimental the week it was released, which I think is pretty good.

  15. Tuqui says:

    You assumption that 6,000 is better than 70,000 could only be supported if nobody or only a few use 64,000 packages, but as the comments to this blog show a lot of people use more packages than the 6,000 in centos. And yes I use Centos and use RPMforge and DAG and other places to get the packages. With Ubuntu is one stop most of the time.

  16. nachokb says:

    In both cases the solution is to make it easy to publish and use small personals repositories. Ubuntu is doing it well with their PPAs, and it even hosts them.

    They are less trusted than an official repo but they bring up-to-the-minute, even beta, or niche packages.

    If only they would simplify browsing them and adding a repository, it would rock. While adding one is fairly simple, it involves opening multiple non intuitive dialogs; maybe a task oriented UI for this use case would be more useful — and installing the key is a PITA, either CLI or saving a file and later opening it…

    nachokb

  17. multiboot says:

    @Grant

    “While I can appreciate the issues the author had, neither of which were based upon the actual size of the repository. In fact, they were both based upon the repository policies instead.”

    I agree that this has do do with policy, but I think that the underlying message being conveyed here is that a larger repo takes more time and resources to keep everything up to date –because maintaining so much is a big, big job– while a smaller one would allow more devotion to bleedingedgeism (can I say that?)

    Peace

    -multiboot

  18. multiboot says:

    BTW, I’d rather have a big-bombastic repo any day. If I want something newer than available, I’ll, happily, take the minor job of making one program work every once in a while instead of having to spend extra time repeatedly.

    It’s just so nice to do a random search and find that you have a working install 2 clicks away vs. 2 hrs away.

    <3 synaptic <3

    -multiboot

  19. seeker5528 says:

    It’s not the size it’s how you use it. ;)

    The size of the package repository is only one of many factors to look at for any distribution.

    If a distribution tries to keep more up to date, there is going to be a trade of on the stability side.

    If stability is the goal, then release cycles are longer and software not as up to date.

    Stability in this case meaning minimal updates necessary to fix security issues and important bugs and avoiding as much as possible anything that will change behavior.

    With Ubuntu you have a short list of packages that are supported by Canonical and get priority treatment, outside of that you have to largely rely on the community.

    Then you get into the priorities and capabilities of the individual maintainers or teams of maintainers depending on the packages in question and also how the software is maintained by the upstream and how that fits with the goals of the mainatiners/distribution.

    Later, Seeker

  20. Originally Posted By Grant Wagner

    In response to the first issue, outdate packages, I don’t think a package should ever been removed from a repository. A filter in synaptic (or your tool of choice) might be a good solution thought to filter out the obsolete or unmaintained packages.

    This is impossible from technical reasons. Also, the real issue here is not about packages being removed, but rather when packages are created.

    As for the second, I really like the Debian multitiered approach. Stable may be up to 2 years out of date, but you can depend on nothing but the absolute most rock solid system possible. I would use nothing less for a server. They they still do have the security updates, so it’s not completely untouched. As you move up, you get newer, but potentionally more buggy software. For example, Firefox 3.5 was in Debian experimental the week it was released, which I think is pretty good.

    One distro that I didn’t work with yet is Debian. Perhaps I’ll take this endeavor some time soon.

  21. Alexander Sandler says:

    Originally Posted By Tuqui

    You assumption that 6,000 is better than 70,000 could only be supported if nobody or only a few use 64,000 packages, but as the comments to this blog show a lot of people use more packages than the 6,000 in centos. And yes I use Centos and use RPMforge and DAG and other places to get the packages. With Ubuntu is one stop most of the time.

    I must correct you. I am merely thinking aloud about advantages of smaller repositories.

    I am wondering though, why you are working with CentOS and not with Ubuntu?

  22. Kiki Novak says:

    I’m mainly using CentOS on servers and desktops (professionally), and I’ve given Ubuntu a shot now and then. (Heck, even published a book about it.)

    My main desktop (e. g. the one I’m installing for clients) has been a highly customized mix of CentOS and Fedora since 2006; currently based on the latest 5.3. Sensible differences between the distributions:

    a) quality control
    b) quality control
    c) quality control

    One word concerning the popular urban myth apt-is-better-than-rpm. If you’re really into comparing things, you should compare dpkg and rpm. These handle the packages. Otherwise, be true to the respective tools and compare the dependency resolvers, e. g. Yum and APT. (Or apt and apt, as apt also exists as a frontend for rpm…).

    Been using Debian since Potato and CentOS since 4.2. There’s not a single thing APT does that Yum won’t do. Plus, it does some other things that APT won’t do.

    Oh, as for the repos. I draw all my stuff from the CentOS, Extras and RPMForge repos. The ten or so missing packages (exotic stuff I need for work), I just build them myself and put them in my own private repo.

    Cheers from the sunny South of France.

    Kiki Novak

  23. Andrey says:

    In both distributions I used (Gentoo and Slackware) there is a standard method to recreate any distribution package. So, if you want a newer package than the one in the repository, you just use the method to build it. This may or may not take some thought, but is always doable.

    My quick googling with Bing suggests that Debian, and consequently Ubuntu, should have such a method, while CentOS may have concerns that revealing how they build their packages may harm their user base. If so, this would be the key difference between Ubuntu and CentOS, much more important than the size of the repository.

    Anyway, I cannot understand how that many posts do not contain the word “compile”.

  24. I appreciate you thinking aloud and it is always valid to bring ideas to the table. But in my experience I’ve never found RPM based systems better than DEB based systems. I think centralised system is far easier for everyone involved – it saves time and effort.

    If a package isn’t up to date, why not make one that is up to date?

    You mention that getting the latest version requires you to go to the site and download it. But you can also do this with DEB, there is no need to use the centralised system (apt-get / synapic). dpkg provides all the functionality of rpm. apt-get I believe is also similar to yum, but I’ve never used yum so I couldn’t comment on it.

  25. EAGLE is NOT free software, that’s the point.
    If it was free software, it would surely have better packages.

  26. My brother suggested I might like this blog. He was once entirely right. This submit truly made my day. You can not consider simply how a lot time I had spent for this information! Thanks!friendship sms´s last [type] ..1

Leave a Reply to Kiki Novak

Prove you are not a computer or die *