From rick Tue Jun 25 00:41:07 2002
Date: Tue, 25 Jun 2002 00:41:07 -0700
Subject: Re: apt-like package management on rpm based systems Was: [vox] boy, was that fast!

Quoting Ryan (

> Mandrake's apt workalike, urpm (does dependency resolution, package
> databases for removable, local, and net, etc), acutaly works pretty
> well.

It does, but....

Please pardon my indulging a hobbyhorse, here. Not intending to detract from what you said which is perfectly true and useful.

The magic isn't — and never was — in the apt tool itself, but rather in Debian's enforcement of distribution/packaging policy. Nathan Myers did as good a job of explaining this as anyone:

Claudio Matsuoka and Alfredo Kojima at Conectiva confirm this in describing the obstacles they found in implementing the apt system on their Brazilian distribution after porting the utility to RPM:

Linux-Mandrake, Red Hat, SuSE, TurboLinux, and a whole bunch of others cannot[1] be as incrementally maintainable as Debian (and Libranet) is. It's not the fact that they use RPM: RPM is a perfectly fine package format. It's pretty much all in the policy.

Conectiva comes close, because they went through the hard work of implementing such a policy.

Date: Mon, 20 May 2002 18:50:23 -0700
To: sulug-discuss@lists.Stanford.EDU
Subject: Re: Announcing the release of SULinux 7.3
From: Rick Moen (

Quoting Joe Little (

[Snipping a very great deal of helpful and informative information about the new version, plus wise observations on system maintenance.]

> People argue that Debian is the way to go. We provide with apt-get a lot
> of what most end users demand by way of Debian.

At the risk of sounding much more critical than I intend to, I'd like to mildly object to the notion that apt-get is the important part of Debian. It's not: Policy is.

Claudio Matsuoka, Alfredo K. Kojima, and others at Conectiva, as you are no doubt aware, are the ones who front-ended the apt suite (apt-get, apt-cdrom, apt-zip) to the RPM package format. They did this in small part as a benevolent gesture to the RPM-package-using community, and in greater part to benefit their own RPM-based distribution, created in Brazil.

And it was a good deed, well done — making it possible to use apt-get as a package-acquisition tool in front of rpm analogously to the way it front-ends the dpkg tool on Debian. But they found out the hard way that it necessitated bigger tasks elsewhere in their distribution. That is, they found that the dependency relationships weren't very orderly or compact (in part because there isn't a set of rpms marked "Essential"), that the pre- and post-install and pre- and post-removal scripts weren't properly written to support live upgrades, that there was no provision for interactive configuration, that there were no equivalents to Debian's alternatives, equivs, and diversions mechanisms, and that rpms' file dependencies add immensely to the required processing (if it's to work properly).

But overall and most important, they found that there was no coherent package policy, such as Debian makes mandatory: As Matsuoka commented: "Conectiva had to improve its policy and fix many small packaging problems to have apt working flawlessly. As a result, the overall quality level was raised, by bringing up more consistent and cleaner packages."

And the point is that Conectiva's staff have to keep re-fighting that battle all the time, because they have to keep retrofitting these subtler requirements for incremental maintainability that have not sunk it, elsewhere in the RPM-oriented world. I can only imagine what happens with apt-get usage on other RPM-based distributions, such as Red Hat. Where, of course, there is nothing like Debian Policy.

Useful articles on the packaging problem, and on apt-get for RPM:

Cheers,     "Learning Java has been a slow and tortuous process for me.  Every 
Rick Moen   few minutes, I start screaming 'No, you fools!' and have to go       read something from _Structure and Interpretation of
            Computer Programs_ to de-stress."   -- The Cube,

[1] [RM adds: More recently than the time of the above message threads, various distributions have crafted package acquisition and dependency resolution tools similar to apt-get, such as Yellow Dog Linux (and other) distributions' "yum" updater, SUSE's "SUSE Update", and so on. Proponents will invariably claim that these have given the host distributions dependency-resolution equivalent to Debian's — but that's a non-sequitur conclusion.

To the extent that dependency-resolution and smooth incremental upgrading now works better (than previously) on those distributions, it's fundamentally because the distros implemented rough equivalents of Debian policy, not because of improvements to the toolchains.

(I've heard people object that, contrary to this page's claims, their various favourite distributions actually do have policies. This is missing the point: I nowhere said that other distributions don't have documents or procedures that they, or others, dub "policies". The point is that vanishingly few have, and strictly enforce as Debian does, anything remotely as comprehensive and effective as the Debian Policy Manual, in regulating standards packages must meet in order to keep the system smoothly and incrementally upgradeable over time. Interested parties should read that, if they want to see how to do it right.)