On 09/11/2015 06:11 PM, Stephen John Smoogen wrote:
On 11 September 2015 at 16:41, Jóhann B. Guðmundsson <johannbg@xxxxxxxxx> wrote:
On 09/11/2015 09:09 PM, Orion Poplawski wrote:
What does Fedora users gain with "dnf
install rails" or "dnf install ipython" versus "gem install rails" and
"pip
install ipython"?
This indeed is very good question.
I'm not sure how things are elsewhere in the world but in the case of gem's
on a rock in the middle of the north atlantic ocean , everybody is using
bundler with nobody wanting to go back to non existing or not current gem's
in distributions and or having to manually chase down components and resolve
their dependency's.
They prefer spending that time actually hacking or drinking beer or both.
Depending on what the system is being used for the gain in having one
package system is usually in "inventory control". RPM allows me to
prove that the packages from it are installed and match the checksums
(or when they don't if they are config files or not). Every out of
band packaging requires me to figure out if that system has a
signature tree and how to know if the python-gumdrop is the one I got
from the original source or not.
While most of this is important at say a bank, military, etc.. I have
had to do this in the University system where a machine was broken
into and we needed to make sure that other systems were not broken
into. The reason being that the experiments would have to be started
over from scratch and they would have probably lost their grant. The
grad students in the lab would have probably also had major problems
with their finalized thesis as it would have added years to getting it
final. The chem lab project was ok because we could check that the php
on the webserver hadn't been tampered with and the perl on the systems
either.
I believe that some of the ecosystem packagers have this ability and
others do not. I expect that for most people the problems above aren't
really a concern.. but then again most of them set their root password
to 123456 if they can.
Thanks, that's a good point, and perhaps something to bring up with the
pip/gem/etc folks. There are also other tools to checksum an installed
system so I don't think it's insurmountable to work around.
--
Orion Poplawski
Technical Manager 303-415-9701 x222
NWRA/CoRA Division FAX: 303-415-9702
3380 Mitchell Lane orion@xxxxxxxxxxxxx
Boulder, CO 80301 http://www.cora.nwra.com
--
devel mailing list
devel@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/devel
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
