Been thinking quite a bit lately about package management in Linux. The term itself is ambiguous and is often used to refer to two different functions. Slackware, for example uses packages and has a “package manager” that is used to install them, even though most people disparage this distribution because it supposedly lacks one. What Slackware does lack (at least in its official form) is a program which purports to manage all of your installed packages, check for updates and check for dependencies. I’m not sure exactly what we should call these programs but they are more than just package managers. Red Hat-based distributions use a package manager called rpm and Debian-based distributions use one called dpkg but users rarely use those package managers directly. They use what I guess I will call “meta-package managers” like apt-get or yum which, in turn, call the package managers to perform the actual installations. Increasingly they use a graphical front-end that runs on top of apt-get (Synaptic) or yum (Pup) to confuse the matter even further.

That being said, I’ve used most of these different package management systems and others and thought I would share my thoughts.

The Good

The Debian family (apt-get, aptitude, synaptic)-The most tested and best loved package management family out there. Debian did it first and does it best. Apt-get does such a nice job that it has been ported over to other distributions that aren’t even Debian-based. PCLinuxOS used its own version even though it is an rpm-based distro. Blag uses it even though it is based on Fedora. Interestingly enough, it isn’t even the recommended updating program for Debian proper. Aptitude is a more sophisticated version of apt-get that more closely analyzes your system and flags packages that might cause problems if they are upgraded without some additional analysis. It is particularly useful if one is mixing repositories, using backports or non-official Debian repositories, or running the “testing” or “Sid” flavors of Debian which are more prone to breakage. Synaptic is simply a graphical front end for apt-get. Whatever version you use, you will generally find it to be faster than most any other package management system and one that doesn’t bog down the entire computer while you are using it.

Arch Linux uses Pacman which, while less-known than apt-get is a very promising manager. It is fast, maybe faster than apt-get. It uses few system resources, maybe fewer than apt-get. It is just as simple. Typing “pacman -Syu” and then replying “yes” when it asks if you want to install the updates is all you have to do and your system will be fresh and new. On the other hand, pacman isn’t as well-tested and doesn’t really have any tools that will flag packages that might break the system. As bleeding edge as Arch is, that would be a very useful tool. That being said, pacman works and it works well.

The Bad

Red Hat has gotten a (somewhat) bad rap through the years for its package management and some of that criticism is still valid. Yum is a reasonably good tool for command line updates and it runs a bit faster and with fewer system resources than it used to do. If you are using Fedora or CentOS or a derivative thereof, do yourself a favor and use it. The alternative is using one of the graphical front ends, whichever one Red Hat is trying out this year. To be fair, the latest version is not terrible. Pup won’t completely bog your system down and it won’t take an hour to do its work but it isn’t as good as it should be. That being said, it is a whole lot better than up2date and yumex which were just awful when they worked at all.

It is almost unfair to include Red Hat in the same category as Suse because, frankly, Suse makes Red Hat look like geniuses. I don’t know why a company which can create arguably the most attractive and professional looking distribution available in the Linux world has such a godawful package manager. Suse also uses rpm’s but has a different front end, whatever they might be calling it this week. Unless you disable it, every time you log in to your Suse desktop, the system will check for updates and it will take forever to do it. (Granted, most modern desktops–Ubuntu, Fedora, Debian–have some kind of alert when updates are available but you never notice them working.) God forbid you actually click on the update and let it do its work. This will take forever…and a day. Worse yet, it doesn’t even tell you what it’s doing while it is doing it, just warning you not to stop it or something awful will happen. If you disable this feature and manage to get into Yast which you’ll find somewhere in that massive SLED menu, it will run a little better and a little faster but it is still just terrible and Novell should be able to do a whole lot better.

The Ugly

Gentoo is one of my favorite distributions. It isn’t exactly easy to get set up and running the way you want but, once you do, it runs about as smooth and fast as any other distro. That being said, its “package manager” is just one scary beast. As a source-based distribution, it compiles every new package from the original source code. It uses a kind of packaging called ebuilds which gives the system information about what options to use in compiling the code although many of those can be overridden by the user by changing your use-flags. It also uses something called portage to fetch and install all of these updates and this, in turn, also is almost endlessly configurable and breakable. If you truly want to update everything in your system, you can pretty much just type “emerge -avUD world,” hit enter and pray everything works. To be fair, it usually does. To be fair, it is hard to criticize portage for being slow when it is compiling everything from source but it can take an awfully long time if you are unfortunate enough to have a lot of updates. And it breaks. There is usually always a way to fix it and, once you get used it using it, you pretty much know what to do. Still, it is messy and more confusing than it needs to be. In other words, it is ugly and not for the faint of heart.

Linspire (and Freespire) are about as beloved by Linux enthusiasts as Windows. It isn’t just because they tried to be a commercial distribution and sell you a cute little package at CompUSA. One of their mistakes (though one they are still trying to sell) is their “Click ‘n Run” package manager. On the surface, it looks like a good idea. You just navigate to a web page, do a quick search, find your favorite package, and “click and run.” Reminds me of that infomercial, “you just set it and forget it!” Also reminds me of Windows. I like to see what it is the package manager is doing and CNR isn’t very transparent. It uses apt-get somewhere in the bowels of what it is doing so it should be good. You might think it is but I don’t like it.

So there, that’s my thoughts. I welcome your comments.

If you liked it digg it