A follow up on why RPM, deb, Fedora, Debian and all classic packaging systems are doomed.

by davidnielsen

This is a follow up to the post I did a while back on why RPM and especially Fedora does everything in their power to make maintainers jobs time consuming, error prone and confusing. I will stress Fedora (and probably others) do this with the best of intentions, namely increasing the overall quality of the distro packages. However the implementation is all wrong. Read it here.

It is no so much about striving for perfection, it’s that a lot of the work is pointless. E.g. why doesn’t RPM have one policy that is easy to override that does the right thing in 90% of cases. You can see this with libtool linking files, .la. These are required to be removed, in all cases but a few. So one would suppose the correct thing is to have the default be nuking them and then for the cases where they need to be there, have there be work. It is however the exact opposite that is the case in current implementation. Every single time there is such an issue, the default is picked for the most amount of work for the most amount of people and the highest chance of causing an error.. every d..m time.

This problem is most elegantly explained in this talk from FOSDEM 2008 on the Conary packaging system. This is how all packaging should work from a maintainers point of view.

It is all about reducing the amount of work you need to do, the amount of things that can go wrong and the burden of maintaining the package – by picking good defaults and policy. RPM and especially Fedora has horrible policy (well it’s good in the sense that it is comprehensive and well thought out but horrible in the way that the guidelines are designed towards the exact opposite of good defaults, instead of applying them to the default they are applied to every single maintainer- namely making the maintainer do the most amount of work possible with the lowest amount of automated help).

This is only getting worse and worse as more packaging policies are written, RPM is not making the right decisions here and allowing powerful policy making. To you a Fedora user it will mean software will be updated less frequently, as it gets harder and harder to master all the policy manually fewer people will become maintainers. Reviews of new packages will either stall for a long time, require a masterful packager for the review (these are rare, looking at our review stats I would wager we have maybe 5-10 who truly master every aspect of packaging well enough to ensure every review is done by the book) or let packages in with lots of mistakes. Overall a poorer and poorer product ensues over time.

To me the maintainer it means more dull work, time which I could have spend interacting with users on bugs is spend in the jungle we call the packaging guidelines. Unless this changes and fast, Fedora is doomed. The sad thing is that openSUSE, Debian and Ubuntu are pretty much on the same train. Their defaults aren’t selected with this in mind either there. The existing package managers are just not designed with making complex packaging easy, and keeping work maintainable over time, in mind.

The only two ways to fix this is keeping the guidelines and keep throwing increasing amount of maintainers at your package database hoping their skill level is equal to or above that required to follow all the guidelines, even as they change. Or you can do what Conary does and just do the right thing by default.

I would like to stress that it is not that RPM (and I am sure this goes for dpkg as well but I have no intimate knowledge of how it is to work with) is inherently a bad product, it is in fact a very powerful tool. RPM and yum get far more flak than they deserve, their developers are very nice people who care deeply about making good tools, for the most part the manage to do this. This aspect of it though needs serious consideration, I personally doubt that what we are currently doing is in anyones best interest.

Again I urge that you watch the video linked above.