When Ubuntu users discover that unofficial repositories can be harmful
November 14th, 2006 by lucas
Unofficial APT repositories are a PITA in the Ubuntu community. Most users use stable release (see previous post about that) since Ubuntu development releases tend to be much more bleeding edge than Debian unstable. But users still want the newest software, so they use unofficial repositories. There are lots of posts about private repositories on Planet.ubuntu-fr.org, and it seems to be the same on other local planets.
Recently, somebody posted a sources.list file with a huge list of unofficial repositories. The maintainer of one of these repositories, Jοhan Kiviniemi, was surprised to be in this list without even being contacted first. He chose a good answer: he uploaded a package with cool new default wallpapers. He also wrote a detailed explanation, with which I couldn’t agree more.
But this story raises a question: why do all these people work on their unofficial repositories, instead of filing and fixing bugs, improving the official packages, and getting their packages into Ubuntu ? It’s a shame that so much manpower is lost on such stuff.
PS: Johan Kiviniemi seems to have a lot of good opinions. :-)
O upgrade do Ubuntu falhou? Foi? E repositórios esquisitos? E Automatixs? Pois… at Apenas mais um choque… wrote on 11/14/06 at 4:09 pm :
[...] Lucas Nussbaum do Planet Ubuntu fala duma situação dessas. [...]
userwithskills wrote on 11/14/06 at 4:22 pm :
“why do all these people work on their unofficial repositories, instead of filing and fixing bugs, improving the official packages, and getting their packages into Ubuntu ?”
Probably because lots of bugreports get ignored, blindly marked as duplicates (and being wrong about that very often). There are bugreports that are half a year old and no developer even touched it since. I lost my willingness to help out with my full power after this happened more often than it should have.
Ubuntu might need more manpower, but if they ignore the free manpower they get, I’m sorry but it’s gonna be a hard time for them (us). I’m sure though they would like to care about these reports if they had more manpower. Recognize the devils circle here?
pirast wrote on 11/14/06 at 5:56 pm :
> Probably because lots of bugreports get ignored,
It’s right, there are lots of open bug reports and QA of Ubuntu tries hard to create concepts to bring down the number of bug reports.
Note that all software in Universe and Multiverse is community maintained. That means that no Canonical employee has to care of it. Instead, you and me and all other community members are asked to fix those.
> blindly marked as
> duplicates (and being wrong about that very often).
Ubuntu consists of humans and humans do make mistakes. If someone marks a bug as duplicate by mistake, you can of course unmark it if it does not look like a bug report to you.
> There are bugreports that are half a year old and no developer even
> touched it since.
Here again, the question is those packages are in Universe/Multiverse or in main!
Finally, I agree with Lucas – when the packagers of third party repositories would help out in fixing bugs and packaging new applications in Ubuntu, it would be much better.
Martin
PS, I am no Canonical employee or something – this is just my opinion as an outstanding person!
Marc 'Zugschlus' Haber wrote on 11/14/06 at 5:56 pm :
Unofficial repositories are not a new phenomenon. Actually, they are quite common for the commercial distributions like Redhat and SuSE. That they are now showing up for Ubuntu does not surprise me.
In my thesis, unofficial repositories pop up for distributions that make it hard to contribute.
Good to see that Debian rates good on this metric: Few unofficial repositories are a sign that it is easy to contribute. This is, btw, one of the main reasons I work with Debian.
Huygens wrote on 11/14/06 at 7:04 pm :
I do agree with you Lucas, and I support fully Johan Kiviniemi. It does not harm to perform such a trick (changing wallpaper to inform people), and seems to respect the “hacker” code of conduct, which I approve.
I hope Johan will read your message and see that there are other persons who do not want to blacklist him (child-ish behaviour) and that they think he did a right thing: informing people of the danger of using unofficial repository.
As usual, Educators are not always rewarded by the purpil, until they finally grew up ;)
Huygens
Steady as a rock » Blog Archive » Third party repositories wrote on 11/14/06 at 8:51 pm :
[...] Lucas, [...]
Ben Finney wrote on 11/15/06 at 3:23 am :
One reason I don’t file bug reports into Launchpad is that it requires a login to do so. I can file a bug report in Debian without needing to maintain yet another account and password somewhere I don’t control it.
Another reason is that Launchpad is non-free software, so I avoid it on that principle also.
Treviño wrote on 11/15/06 at 5:25 am :
Hi… Maybe you know me? :)
Not so well I think… Btw, first of all I want you show a little answer I made on ubuntoforums about this story: http://www.ubuntuforums.org/showpost.php?p=1751688&postcount=49
Then, simply to remember that I haven’t forced anyone to use my list, I just posted to give a service to users listing all KNOWN REPOSITORIES… Just I’ve found the majority on UbuntuForums (or other Ubuntu related sites) and on Google as public repositories… I don’t create anything, just reported informations in a single post…
Btw, I can’t be responsible of what the repositories mantainers’ do! When I say to use a resource at own risk, that’s clear.
Thomas Petazzoni wrote on 11/15/06 at 3:29 pm :
I’m maintaining packages in an unofficial repository, because it’s mainly to allow users of “stable” release to get newer versions of various softwares. For example, without unofficial repository, how can a Dapper or Edgy user get a newer version of frozen-bubble or gcompris ?
Same problem (or even worse because of the release cycle) for Debian Stable.
Loic Pefferkorn wrote on 11/23/06 at 8:22 pm :
Thomas : certainly with the only drawback is the software must up to date be in the Ubuntu’s development version.
Loic Pefferkorn wrote on 11/23/06 at 8:25 pm :
Bad href tag use, sorry
I talk about Ubuntu’s backports, which are an officially supported project
http://backports.ubuntuforums.org/wiki/index.php/Requesting_A_Backport