Sabayon Community

[wolfden]

When I started using GNU/Linux eight years ago, I was dumbfounded to encounter Debian users who started their day by upgrading their entire system. Yet now, with the updaters that sit in the notification trays of recent GNOME and KDE-based distributions, I realize that these daily upgraders were not daredevils, but pioneers in the idea that all upgrades are desirable. Never mind that this idea is an nuisance and an unwarranted assumption -- let alone that constant upgrades are unsuitable to many styles of computing and contrary to responsible system maintenance.

I don't know about anyone else, but my usual reaction to an updater is irritation. Admittedly, GNU/Linux updaters are not as bad as Windows'. In that operating system, a popup notification about updates seems to ambush you every 30 seconds, and you are constantly warned that your system is at risk if you turn off automatic updates. So far, updaters in GNU/Linux are more restrained, distracting you with a popup about the number of available updates only when you login, or placing an icon in the system tray. Moreover, only one updater exists for the whole system in GNU/Linux, while in Windows Vista you can have as many as three or four. And at least a GNU/Linux updater can be turned off.

However, the tendency toward nagware is still there, distracting you from whatever you are doing with a notice that you probably don't care about at the moment. Give me a log file that I can view at my leisure any day.

But updaters are more than just a nuisance. They're an active hazard. Presumably the assumption behind updaters is that the newest version of a software package is more secure and less buggy. But that, as anyone who explores his system soon finds out, is an unwarranted assumption.

Conflicts between programs, unresolved dependencies, and broken systems all await those who avail themselves of over-ambitious upgrades. The mailing lists of just about every distribution are full of the lamentations of the reckless who have trashed their systems through unwary upgrades. The truth is, except for security updates and fixes for specific problems, the average desktop user is likely to have fewer difficulties with an "if it ain't broke, don't fix it" philosophy.

Yet updaters make their functions all too easy to use carelessly. Right-click on any of them, and you have an option to install all updates without looking at them. They also give you the option to view and select updates, but, in Fedora 7, you are hardly better off than updating blindly, because all you get is a single sentence description of the package. From that description -- or possibly the package name -- you might be able to tell how important a particular piece of software is to the smooth running of your system. But what you can't tell is what changes have been made in the update, and whether the update is useful to you.

The Debian updater at least gives you a list of changes in an update. Yet even this list is concealed until you click the Show Details button. In all the updaters, the design encourages blind acceptance of all updates. Contrary to the assumption that updating is responsible, they encourage updating in the most irresponsible way possible.

This behavior is bad enough when you stick to the standard repositories. If you stray further afield, updaters can potentially create even greater problems. For instance, add the experimental repository to Debian, and, the next time you log in, you may be informed of dozens or hundreds of new updates of questionable quality. There is no mechanism to exclude individual repositories or packages from updaters, though most of the time, users go to nonstandard repositories for specific packages, looking for solutions to specific problems. They have no interest in most of the repositories' contents, which were never intended for everyday use anyway. Yet, with an updater, one careless choice made after adding such repositories, and suddenly you are invited to gamble with your system.

Of course, you might say that users should know better than to be so careless. But the fact is that it's easy to make mistakes when you are distracted or careless (and if you don't believe that, then you are a prime candidate for disaster; the point of making things idiotproof is that we can all be idiots sometimes).

Anyway, many desktop users don't know better. Why should they, when the automatic installation of the updater and its menu items encourage them to think that adding every new update to their system is standard procedure? They don't know enough to read the bug lists for every package on their system, and most of them wouldn't take the time to do so anyway.

A list of updates is useful for system maintenance. Yet it needs to separate out security fixes from bug repairs and added functionality, and it needs to give enough information for users -- especially new ones -- to make informed choices. Otherwise, you may as well be in Windows, where users are discouraged from a hands-on approach to their systems.
Bruce Byfield is a computer journalist who writes regularly for Linux.com and IT Manager's Journal.

Source http://www.linux.com/feature/119162

People need to pay heed to this. People want some thing they don't fully understand.

[dunsurfin]

Very good advice. I've had to learn through bitter experience to curb my desire to have the latest and newest of everything. I'm very happy with 3.4e (64 bit) and, although I downloaded 3.4f (the distro addict in me is still active), have stuck with that. It's the first distro that I've felt happy enough with to make my default OS and I stay firmly away from anything that might upset it. A quick look through these forums (including some of my own posts) shows the problems that can occur.

[koch]

I'm very happy with 3.4e (64 bit) and, although I downloaded 3.4f (the distro addict in me is still active), have stuck with that. It's the first distro that I've felt happy enough with to make my default OS and I stay firmly away from anything that might upset it.

same thing here...
i will try the mini edition but if i don't like it 3.4e will stay for a while

[joost]

didn't i preach this on IRC over and over?

You CAN update, but you don't need to, really. Ask yourself if you really need to.

Sabayon releases very often with an updated DVD. So why bother going through the world updating "hell", your distro maintainer does that for you.
Now the beauty of it all is, you CAN do it all, you are totally free to recompile and delete packages.

I notice allot of people coming from Fedora/Ubuntu asking "where is my update program". Put it this way. When Ubuntu/Fedora releases it's already old comparing to sabayon's bleeding edge packages/kernel tweaks.

So do you really need to update? Or wait for the next DVD and then simply upgrade it all.

My 2 cents.

[Fitzcarraldo]

When I started using GNU/Linux eight years ago, ...etc.

Source http://www.linux.com/feature/119162

People need to pay heed to this. People want some thing they don't fully understand.

Whilst I agree with the sentiment of the article, it could be argued that 'emerge world' is, in essence, tantamount. It seems that some people feel an "emerge world" is the Holy Grail and needs to be achieved otherwise something is lacking. One could equally argue that, "if it ain't broke, don't emerge world".

As for the general idea of automatic updating, I know lots of people who, if automatic updating did not exist, would never, ever update their system to fix anything related to security or known bugs (and Linux is just as prone to security vulnerabilities and other bugs as any other OS, as the security advisories published for Linux distros attest). I have Automatic Update enabled on the Windows PCs used by my family simply because I know my family would never check the Windows Update site for security fixes and bug fixes. Actually, in all the time I've used it, Windows Update has never broken anything on the various Windows PCs I use regularly. And come to that, in the year I've been using Ubuntu 6.06, the automatic updater on that PC has never broken anything either, and has given me peace of mind that security vulnerabilities have been patched.

Updating for the sake of updating is one thing, but I don't think this means automatic updating per se is necessarily a bad thing.

[FullMoon]

There needs to be a magic update button for Critical System updates in sabayon
Critical bug fixes and security updates. That kind of thing.
Then a list of new functionality type things. Select from the list and fire away!
Then a list of things you try at your own risk.

Sounds good to me.

[stevencomerthornley]

Since 1995 one Windows update made my analytical systems not work (at work in my production Environmental Laboratory), but the manufacturer had a patch in 4-6 hours so, that's good--alls well that ends well

I want to have a secure system, I now know I don't know enough to recover from any broken packages that may result from a world update, but then I don't really know how to use glsa utilities either......

so much to learn, so much to read

[Fitzcarraldo]

Just thought I'd resurrect this thread for further discussion, because it seems to me that there are quite a few posts these days along the lines of "I did an 'update world' and it broke my system".

It seems that blindly allowing/initiating an automatic update simply for the sake of updating can cause more problems than it solves (in the case of FOSS and/or a distribution in the Testing/Unstable branch, anyway). I stopped doing it a while back, actually, on my 'production machine'. I look at any security advisories for packages that are installed on my 'production machine' and install those upgrades, and only bother to upgrade other packages if the current version I'm using is deficient in some way or if I want new functionality that can only be found in the new version. But to regularly perform a blanket global update in the case of a distribution in the Testing/Unstable branch with a very small development and maintenance team (and therefore no chance to perform rigorous QA checks for the many updates and large variety of hardware) is perhaps something that should not be actively encouraged (whatever Ubuntu does).

The thing is, the Gentoo concept of 'world' and the Entropy concept of 'world' are two different things: in Gentoo's case the world file can be as big or as small as the user wants, only containing packages that the user wants to be kept up to date (along with dependencies).

I know that Entropy world updates do not cause breakages in the majority of cases; I know that the Entropy notification applet Magneto is just that, namely a notification applet, but it does convey the message "Boy, you're out of date; just look at how many packages need upgrading! It's 589 packages. You must be waaaay out of date. C'mon, do a world update, you know you want to."

My current opinion, for what it's worth.

[joost]

This is why I wanted to have the "world" renamed to "upgrade" because entropy world has nothing todo with Gentoo world.

It got renamed some months ago, but the "world" command yet still works.

[Fitzcarraldo]

Whether it's called 'world' or 'upgrade', it's still a shotgun approach, though, which is the main thrust of my argument. I suppose the term 'upgrade' might make the user slightly more cautious or aware or the implications of what (s)he is about to do. Or perhaps not.

In the case of software in the unstable/testing branch, 'latest' does not always mean 'best'. I think that it would be better if newcomers were not enticed to blindly 'equo update world' ('equo upgrade', or whatever the new syntax is). Human nature being what it is, though, most users seem to have an almost irresistible (pathological?) desire to have the latest version of every single package. That's probably fine/tolerable in the case of a distribution in the stable branch, but not a particularly good idea in the case of a distribution in the unstable/testing branch (especially if resources are not available to QA thoroughly the upgrades prior to release). But I suppose it's very difficult to fight against human nature.