On Fri, Jan 18, 2008 at 01:06:27PM +0000, Sam Lewis wrote: > Sven Hoexter <[EMAIL PROTECTED]> writes:
Hi Sam, I'll keep it on list because some of the topics might help people eventually creating Ubuntu backports to do it right. > > And then there is the user who doesn't remember what he did in good > > faith to his system. A year later he upgrades to the next stable > > releases und this fscking update broke his nice LyX installation > > working for fine for the last year. So who's responsible for the non > [...] > > What kind of LyX user (who opts for the latest version of LyX) do you > envisage? All the packages clearly state in the README file that they > are checkinstall. How many users who possibly find the package via google or on the ftp site know what that means? I doubt that many know or even care. I even doubt that everyone can follow what we're discussing here and they should not need to understand it. > > The toolchain with dpkg and apt were build to resolve the > > dependencies for you and you're ignoring that part completly. > > Installing the checkinstall package you can even remove latex (maybe > > some clean up mechanism even suggest to remove them because they look > > unused now) without anything complaining. > > That's what I was trying to say. You might be surprised I've seen > people running LyX on a tiny system without any latex for the purpose of > writing and managing lyx files. I personally have used TexLive for years > and was precisely only able to do this as I complied source myself > rather than using an "official" LyX version linked to tetex in some > distro. Those people wouldn't install the distribution packages anyway. Regarding the tex version thingy etch is the last Debian stable release with tetex and texlive. So in a perfect world everyone would switch to texlive now. Since nobody should be forced to replace his tetex installation now a backport should readd the tetex alternative for texlive. I did this in my own backport proposed for backports.org already but that's not so important here. > Again, what kind of LyX users are there? Why link LyX to a specific > latex? Would there be anyone who does not know the relationship between > LyX and latex, I wonder? I should know that I need libc to use some software or shouldn't I? If you question the need of explicit dependencies you can question the whole model of creating ready to intall system distributions. > Btw, you might like to read the following discussion on checkinstall > stating that some consider the absence of dependencies in checkinstall > packages as *either a bug or a feature* ! > > http://www.debian-administration.org/articles/147 I would formulate it a bit different. Depending on your own skills and intention you can in some cases consider it as feature. In the case of distributing such packages on the internet to an unknown mass of people with a very different level of knowledge it's IMO a disavantage. > > What I don't get is why you waste your time with this broken > > checkinstall crap? It's only a very small step you've to make to get > > the source package and create a backport. The Debian source packages > > are free for everyone to use (that's essentialy what Ubuntu and other > > distributions are based upon). > > I thought I was saving time, by just typing checkinstall rather make > install. It's more about dpkg-buildpackage then checkinstall vs. make install. Of course you might save some time but you pay for that with the risc of some more or less subtle problems. > > So please use the source packages and build proper backports instead > > of punching your package management system right in the face! > > One and a half thing: > > Backporting always presents a slight security issues, which can be > minimised by backporting as few as possible decencies, if understand > this correctly (see > http://debian.ethz.ch/pub/debian-backports/utils/Backport-HOWTO.html ). Of course you've to support your backports in case of security problems in the version you've backported. It's the same for the checkinstall stuff. You're pulling in a second, isolated, version of boost btw that needs to be patched as well in case of problems with boost. That's a very bad thing and I'm happy that we can use with the external boost packages provide within Debian with the next stable release. For a current backport you've to backport libboost aswell. IMHO it's easier to notice a DSA for boost and check if your boost backport is affected as well then searching in all your packages which libs they ship. > Main point how, much time and effort does this really take? Perhaps you > can send me some relevant links off list about the issue. That depends on the package and your own skill level and how much you know about the package you're backporting. In most cases it's just recompiling in a stable chroot. In case of LyX you've to recompile boost first with a proper version number so that it will be replaced with the next stable release that ships the same version. Then you've to install this new boost version in a chroot and modify the LyX source package a bit. You might want to interdiff the .diff.gz from sid against Emilios .diff.gz. It's actually rolling back two versioned dependencies, removing a dh_icons call which would require a new version of debhelper scripts and at least lenny to be usefull at all. If you like you'll pull in the tetex stuff as alternative to texlive and then you only need to build the package. If you know what to do it's about 5min plus compile time. There are some hints on http://debian.ethz.ch/pub/debian-backports/utils/Backport-HOWTO.html Cheers, Sven -- If God passed a mic to me to speak I'd say stay in bed, world Sleep in peace [The Cardigans - 03:45: No sleep]
