[conspire] Other notes from the Debian 5.0.1/Lenny to 6.0/Squeeze upgrade

Rick Moen rick at linuxmafia.com
Tue Aug 24 20:48:04 PDT 2010

Quoting Ruben Safir (ruben at mrbrklyn.com):

> I have weird problems with bind9 all the time and always eventually end
> up downloading the source, compiling by hand and rewriting the init
> script for my own purposes.

Me, I've sworn off locally compiled software in general.  Or at least,
if I did feel compelled to compile locally, I'd use debhelper and make a
package, and 'dpkg -i' that.

Build from tarballs, you bear by yourself the onus of maintenace,
security monitoring, ensuring that the software complies with your
software's policy about where things go and how they interact with the
rest of the system, verifying gpg signatures on tarball-contents hashes
to make sure you didn't download a trojaned forgery, ensuring that
dependencies on and by other software don't break as the system is
upgraded, and the thorny issue of how to remove all of the thing if you
need to.  (Let's say you decide to yank out all of BIND9 and switch to
NSD.  Except, oops, where _are_ all of the pieces of BIND9 hiding?  You
don't know.  If you'd installed a package, including a locally built
one, the package system would take care of all that automatically.)

If you use a package maintained by a qualified package maintainer for
your distro, you get all of the above done for you for free, plus
semi-automated package updates indefinitely.

Basically, compiling from an upstream source tarball, especially without
even making a local package, is how we _had_ to do things in the bad old
days:  Each sysadmin was obliged to be a software maintainer for his/her
own system only.  These days, one guy doing the work, and thousands of
sysadmins getting the benefits, is simply a better way -- absent
_really_ compelling reasons to go local.

More information about the conspire mailing list