this post was submitted on 28 Sep 2024
145 points (89.2% liked)
Linux
48329 readers
1164 users here now
From Wikipedia, the free encyclopedia
Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).
Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word "Linux" in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.
Rules
- Posts must be relevant to operating systems running the Linux kernel. GNU/Linux or otherwise.
- No misinformation
- No NSFW content
- No hate speech, bigotry, etc
Related Communities
Community icon by Alpár-Etele Méder, licensed under CC BY 3.0
founded 5 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
I'm not sure how that would help. First of all, it would still end up blocking proper updates. Secondly, it's hard to figure out what exactly you're supposed to pin.
It does not block proper updates. You might be thinking of held packages that's not the same thing at all. It isn't hard to figure out what you want to pin, you can just pin a hole third party repository at -1 except the specific package(s) you want to install and then there's no chance of that repository overriding a package from the distro's repository.
https://douglasrumbaugh.com/post/apt-pinning/
https://rmmmax.com/apt-get-pinning/
https://wiki.debian.org/AptConfiguration#Prevent.2Fselective_installation_from_a_third-party_repository
Interesting, I'll keep it in mind.
Still not sure it would help in all cases. Particularly when 3rd party repos have to override core packages because they need to be patched to support whatever they're installing. Which is another very bad practice in the Ubuntu/Debian world, granted.
You can still select just those packages out of their repos. Obviously that can get tedious if there are a lot of them. But that's pretty rare and at that point it's worth asking, is that software really worth it? Is there a better installation method? Could it live in a cheoot/container?
But that's not just in the Apt world, any system wide install would behave like that.
It's not an issue on Arch & derivates, due to the simple fact I mentioned above: third-party (AUR) packages are never allowed to use the name of an official package.
If a third-party package was already using a name that a new official package wishes to use, users are required to willingly uninstall the third-party package in order to be allowed to install the official one, and can never re-install the third-party package unless it changes its name.
It also helps that there's only one third-party repo (the AUR) so it prevents name overlaps among third-party packages. Although that's of secondary importance since it can be bypassed by crafting custom packages locally.
I appreciate the difficulty of enacting such a rule on Debian or Ubuntu now, considering the vast amount of already existing, widely established third-party repos, and also the fact that Debian official repos contain 3-4 times as many packages as Arch official repos. Which is why I think there's no way to fix this aspect of Debian/Ubuntu anymore.
I'm not saying that makes them unusable... but I believe that anybody who uses them should be [made] aware of this caveat. It's not readily apparent and by the time it bites a new user she's probably already invested a couple of years in them.