[conspire] marillat.free.fr -> www.debian-multimedia.org

Rick Moen rick at linuxmafia.com
Thu Jun 22 10:42:29 PDT 2006


Quoting Daniel Gimpelevich (daniel at gimpelevich.san-francisco.ca.us):

> On Thu, 22 Jun 2006 01:16:24 -0700, Rick Moen wrote:
> 
> > And yet, I've several times seen credible-seeming people suggest using
> > the debian-marillat "sid" packages on Debian, ...
> 
> By all means, use "sid" packages on Debian.

Huh, I must have been really, really tired!  Of course, what I meant to
type was "using the debian-marillat 'sid' packages on Ubuntu".

> > This is what a truly cautious person would do on i386, too.
> 
> Like I said, it should be "fakeroot" and not "sudo" there, but how many
> people are cautious enough to rebuild every package available through
> apt-get?

[Correction of your command set noted, though that really was beside my
point.]

I personally find it seldom worth the time and trouble.  On the other
hand, I'm seldom motivated to use third-party repositories at all, and
perfectly glad to fix my systems if something goes wrong.

The problem case, really, is naive non-technical users who blithely grab
anything from anywhere and are _not_ prepared to deal with the messes
they create when they blow up (or root-compromise) their systems.
Unfortunately, the same traits that make them poorly equipped to deal
with breakage also incline them to get them into trouble by installing
multimedia warez, using third-party package repositories they have no
reason to trust, and... well... running odd little scripts they don't 
fully understand that delete their sources.list files.  ;->

> And if you mean only the ones from third-party repositories, how is
> that more cautious when the source will come from the same third-party
> repository?

I did not mean as to security; I meant it as to functionality.  E.g.,
Debian "sid" packages and current Ubuntu ones, to the extent they have
occasional dependency clashes (which isn't _very_ much by my standards)
have it only at the binary level.  They're pretty much completely
source-compatible; ergo, you maximise your (already pretty high)
likelihood of being able to use one of those distros' packages on the
other by using the src packages.

Shuttleworth has explained this as well as anyone:
http://www.tectonic.co.za/view.php?id=667&page=1






More information about the conspire mailing list