Thursday, July 22, 2010

POLL: Best Linux packaging strategy?

Whenever Linux weak spots are up for discussion, the current packaging strategy is one of the star topics. Not surprisingly, the lack of a widely accepted standard has many significant consequences, ranging from hardware support to application scarcity. Before I continue, let me back track a bit and cover the foundations of this concept for those not familiar with it.

According to the Wikipedia definition, Linux packaging formats "are the different file formats used to package software for various Linux distributions". There are two main categories: binary and source, but I will concentrate on binary packages for this discussion. To make an analogy (and I am aware this is a long shot) with the Windows world, Linux binary packages play a loosely similar role to Windows MSI files.

Binary formats include several variations, DEB and RPM being the most popular, but there are others like PISI (used by Pardus), PUP and PET (used by Puppy Linux), etc. DEB packages are used by Debian and its many derivatives, Ubuntu among them. RPM packages are used by Red Hat, Fedora, Mandriva, PCLinuxOS, etc.

The lack of a widely accepted standard means that anybody wanting to release software for Linux will need to package it in a big array of variations. In other words, If a hardware manufacturer wants to release a video card and make it compatible with Linux, they will need to sit down and package it in several formats (four or five at the very least). That effort obviously implies an investment of both time and money, which could only pay off if aimed at the major distros. This guarantees many "not so popular" ones will not be supported out of the box. As you can imagine, the situation is technically complicated and not clearly financially viable, which results in many companies not even bothering. The same applies to software companies releasing applications. They many times stick to their Windows versions only, but if they decide to support Linux, the support is incomplete at best.

Skype is offered for a few popular distros, but the complexity is already there.

On the other hand, some claim the fragmentation in packaging formats in Linux provides a nice collateral effect: Security. Rightly so, as it is difficult for companies to support Linux, it is also difficult for those with more obscure intentions to attack it. In other words, packaging a piece of malware so that it has a significant impact on the Linux community is almost impossible.


With all the above in mind, what do you think is the best strategy moving forward? Should Linux have a single packaging format? If so, which one? Should the situation stay as is?

Go ahead and vote on the poll applet on the right!



  1. All very good points (As usual with your blog).

    But what about the source code? compiling some c# or ruby isn't the most complicated bit of work. sure its not like a .exe or .MSI in windows but who would want to use windows in the first place :P

    The counter argument for security isn't the best outcome!

    Keep up the good work with the blog

  2. @Alien: Hey! Glad to see a comment from Mr. Alien! ;-)

    I see what you are saying about code, but I think you are looking at it from an expert point of view.

    How would you manage repositories if all there is is code fragments? How would you automate working around dependencies? No doubt it is probably doable, but packaging is there for a reason, it clearly makes life a lot easier! ;-)

    Glad you like the blog, mate!

    Take care, Bro