When Ubuntu users discover that unofficial repositories can be harmful

Unofficial APT repositories are a PITA in the Ubuntu community. Most users use stable release (see previous post about that) since Ubuntu development releases tend to be much more bleeding edge than Debian unstable. But users still want the newest software, so they use unofficial repositories. There are lots of posts about private repositories on Planet.ubuntu-fr.org, and it seems to be the same on other local planets.

Recently, somebody posted a sources.list file with a huge list of unofficial repositories. The maintainer of one of these repositories, Jοhan Kiviniemi, was surprised to be in this list without even being contacted first. He chose a good answer: he uploaded a package with cool new default wallpapers. He also wrote a detailed explanation, with which I couldn’t agree more.

But this story raises a question: why do all these people work on their unofficial repositories, instead of filing and fixing bugs, improving the official packages, and getting their packages into Ubuntu ? It’s a shame that so much manpower is lost on such stuff.

PS: Johan Kiviniemi seems to have a lot of good opinions. :-)

11 thoughts on “When Ubuntu users discover that unofficial repositories can be harmful

  1. “why do all these people work on their unofficial repositories, instead of filing and fixing bugs, improving the official packages, and getting their packages into Ubuntu ?”

    Probably because lots of bugreports get ignored, blindly marked as duplicates (and being wrong about that very often). There are bugreports that are half a year old and no developer even touched it since. I lost my willingness to help out with my full power after this happened more often than it should have.

    Ubuntu might need more manpower, but if they ignore the free manpower they get, I’m sorry but it’s gonna be a hard time for them (us). I’m sure though they would like to care about these reports if they had more manpower. Recognize the devils circle here?

  2. > Probably because lots of bugreports get ignored,
    It’s right, there are lots of open bug reports and QA of Ubuntu tries hard to create concepts to bring down the number of bug reports.

    Note that all software in Universe and Multiverse is community maintained. That means that no Canonical employee has to care of it. Instead, you and me and all other community members are asked to fix those.

    > blindly marked as
    > duplicates (and being wrong about that very often).

    Ubuntu consists of humans and humans do make mistakes. If someone marks a bug as duplicate by mistake, you can of course unmark it if it does not look like a bug report to you.

    > There are bugreports that are half a year old and no developer even
    > touched it since.

    Here again, the question is those packages are in Universe/Multiverse or in main!

    Finally, I agree with Lucas – when the packagers of third party repositories would help out in fixing bugs and packaging new applications in Ubuntu, it would be much better.

    Martin
    PS, I am no Canonical employee or something – this is just my opinion as an outstanding person!

  3. Unofficial repositories are not a new phenomenon. Actually, they are quite common for the commercial distributions like Redhat and SuSE. That they are now showing up for Ubuntu does not surprise me.

    In my thesis, unofficial repositories pop up for distributions that make it hard to contribute.

    Good to see that Debian rates good on this metric: Few unofficial repositories are a sign that it is easy to contribute. This is, btw, one of the main reasons I work with Debian.

  4. I do agree with you Lucas, and I support fully Johan Kiviniemi. It does not harm to perform such a trick (changing wallpaper to inform people), and seems to respect the “hacker” code of conduct, which I approve.
    I hope Johan will read your message and see that there are other persons who do not want to blacklist him (child-ish behaviour) and that they think he did a right thing: informing people of the danger of using unofficial repository.
    As usual, Educators are not always rewarded by the purpil, until they finally grew up ;)

    Huygens

  5. One reason I don’t file bug reports into Launchpad is that it requires a login to do so. I can file a bug report in Debian without needing to maintain yet another account and password somewhere I don’t control it.

    Another reason is that Launchpad is non-free software, so I avoid it on that principle also.

  6. Hi… Maybe you know me? :)
    Not so well I think… Btw, first of all I want you show a little answer I made on ubuntoforums about this story: http://www.ubuntuforums.org/showpost.php?p=1751688&postcount=49

    Then, simply to remember that I haven’t forced anyone to use my list, I just posted to give a service to users listing all KNOWN REPOSITORIES… Just I’ve found the majority on UbuntuForums (or other Ubuntu related sites) and on Google as public repositories… I don’t create anything, just reported informations in a single post…

    Btw, I can’t be responsible of what the repositories mantainers’ do! When I say to use a resource at own risk, that’s clear.

  7. I’m maintaining packages in an unofficial repository, because it’s mainly to allow users of “stable” release to get newer versions of various softwares. For example, without unofficial repository, how can a Dapper or Edgy user get a newer version of frozen-bubble or gcompris ?

    Same problem (or even worse because of the release cycle) for Debian Stable.

Comments are closed.