[KLUG Members] Package Manager Problems

Jamie McCarthy members@kalamazoolinux.org
Thu, 28 Nov 2002 13:07:50 -0500 

Happy Thanksgiving!  Today I'm thankful for Debian's "apt" :)

"apt" is a gorgeous tool that makes two things trivial for any
internet-connected machine:  installation of any supported package,
and updates of all installed packages.  Dependencies are handled
extremely well.

To install a supported package named "foo":

    apt-get install foo

To do a system-wide update of all installed packages (notably, to
catch up with all security updates):

    apt-get dist-upgrade

The security benefit is huge.  I no longer have to hang out on
listservs and watch webpages to notice security updates for the
flavor of Linux that I happen to be running.  I just trust that the
package maintenance folks will be quick about getting security fixes
into the apt database.  All I have to do is "apt-get dist-upgrade"
a couple of times a week and any security fixes are automatically
installed.

Not only does this save me *tons* of time in worrying about security,
it makes my systems more secure, because this is easy enough that I
actually *do* apply fixes on a regular basis.  I installed OpenBSD
a few years back and while it was really secure at the time, I never
was sure if I was installing patches properly and soon enough, so
after a year I no longer had confidence that it was still secure.

With apt, dependencies are automatically handled.  Installation will
often install a bunch of other stuff on your system, and while it
will tell you about it you don't have to care.  Very few packages
require configuration at install time.  On updates, any changes
you've made to config files are presented to you and you can diff
the conflicts, pick old or new, or edit the file right there.

You decide how cutting-edge you feel at install time (and can change
it later, with only a bit of difficulty).  My DNS server and backup
server is on "stable" because it doesn't need features and security
is most important to me.  The rest of my systems are all on
"testing," which is a good compromise between stability and the
cutting edge.

There's also "unstable" for those who want the very latest versions
of everything, but it sometimes does break, and a couple times a
year it will break badly enough to require some manual poking around
by someone who knows what they're doing, to get apt back on its
feet.

Since switching to Debian a couple of years ago, I haven't ever
looked back.  At this point, for any machine that I want to get work
done on, I would never consider using a unix that doesn't have
one-line internet-savvy installation and maintenance of packages,
supported over the whole distribution from the kernel up.