View from the Trenches: Alternative Package Sources

If you know where to look (or if someone tells you where), you can find all the packages you want and need.
______________________

Comments

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

Re: View from the Trenches: Alternative Package Sources

Anonymous's picture

And lets not forget Backports.org for all your Debian stable backport needs :-)

Re: View from the Trenches: Alternative Package Sources

Anonymous's picture

If you are running Mandrake on the other hand, you have a wider array of options.

- Texstar's RPMs can be found in many servers.
- Penguin Liberation Front has all the things that can't make it in the distro because of law enforcement (DeCSS, etc)
- Mandrake Users Forum (the free one) has a nice FTP that mirrors a lot of packages
- All of Mandrake FTP sites have a directory called contrib, where contributions from users are stored. Hundreds of packages there.

Of course, the problem with these is that they mostly apply to Mandrake, but you can get the source rpms and build for your system most of the times.

One extra note... If you add those sites to urpmi (the great Mandrake tool that resembles apt-get), it will automatically install all requirements (dependencies) for your application and install them for you. Long live Mandrake!

Re: View from the Trenches: Alternative Package Sources

Anonymous's picture

Agreed. Urpmi, Mandrake's tool, is the most mature of the rpm tools simply because it has been around the longest.

Re: View from the Trenches: Alternative Package Sources

Anonymous's picture

Umm... well if you're after APT-RPM, I wonder why ALT Linux wasn't mentioned. It's quite capable repository and a special distro, very popular in xUSSR altogether.

Here are Freshmeat and DistroWatch project pages, and pbone knows about it too.

--
Michael `gvy` Shigorin
ALT Linux Team
mike osdn org ua

Re: View from the Trenches: Alternative Package Sources

Anonymous's picture

Compiling from source is certainly a more mindful process than simply clicking to install software over the net. However, it's also more secure, not to mention more customizable.

Of course, most people will not inspect the source code prior to compiling it, but the point is that you can whenever you want to. We all benefit when people do in significant numbers.

If instead you install a precompiled package, you give up that power of inspection, and you take on the risk that the software you've installed is not what you think it is, even if you later go to inspect what you may believe to be its source code. This is the situation which Microsoft users face all the time, and to my mind it's not enviable to be that na

Re: View from the Trenches: Alternative Package Sources

Anonymous's picture

I do agree with you partly. I sometimes prefer compiling, i have done LFS many times. But i do not enjoy compiling kde for 6 hours(on an xp1800+). As for your security concerns. Thats why we have md5sums. To verify file integrity. As well as someplaces use gpg and ssl to verify links securely.

Re: View from the Trenches: Alternative Package Sources

Anonymous's picture

And there are also scripts you have to run, when you compile yourself (./configure, makefile targets), that could contain nasty things.
So signatures and trusted source of packages is much more important IMHO.
You can hardly check every line in those files (at least not always, if you compile a lot).

Yuri

Re: View from the Trenches: Alternative Package Sources

Anonymous's picture

Unfortunately, signatures are usually used in very insecure ways on net.

For example, a web site will often have the source package and signature available from the same location. Anyone who could have compromised one can easily compromise the other. So that signature is absolutely worthless as far as security goes.

What people should really do is make signatures and files available from seperate servers (on seperate physical and logical networks, from different ISPs, preferably running different OS' secured differently, and perhaps one being an ftp server and the other a web server), that way there'll be less chance of both being compromised.

Another step forward would be to integrate the signatures with a web of trust, like gpg. But that really hasn't caught on nearly as much as simple md5s.

::pattern::

Re: View from the Trenches: Alternative Package Sources

Anonymous's picture

rpmfind.net is not as usable as
http://www.rpmseek.com/ is.

And despite the domain, .deb were also indexed.

Re: View from the Trenches: Alternative Package Sources

Anonymous's picture

As well there is www.linuxpackages.net for slackware pkg's
You can get Mplayer and packages that dont come with the basic install.

Re: View from the Trenches: Alternative Package Sources

Anonymous's picture

Good article!

But you seem to have missed out on one on the most useful apt-rpm, yum repositories out there for Redhat distributions:

http://freshrpms.net

White Paper
Linux Management with Red Hat Satellite: Measuring Business Impact and ROI

Linux has become a key foundation for supporting today's rapidly growing IT environments. Linux is being used to deploy business applications and databases, trading on its reputation as a low-cost operating environment. For many IT organizations, Linux is a mainstay for deploying Web servers and has evolved from handling basic file, print, and utility workloads to running mission-critical applications and databases, physically, virtually, and in the cloud. As Linux grows in importance in terms of value to the business, managing Linux environments to high standards of service quality — availability, security, and performance — becomes an essential requirement for business success.

Learn More

Sponsored by Red Hat

White Paper
Private PaaS for the Agile Enterprise

If you already use virtualized infrastructure, you are well on your way to leveraging the power of the cloud. Virtualization offers the promise of limitless resources, but how do you manage that scalability when your DevOps team doesn’t scale? In today’s hypercompetitive markets, fast results can make a difference between leading the pack vs. obsolescence. Organizations need more benefits from cloud computing than just raw resources. They need agility, flexibility, convenience, ROI, and control.

Stackato private Platform-as-a-Service technology from ActiveState extends your private cloud infrastructure by creating a private PaaS to provide on-demand availability, flexibility, control, and ultimately, faster time-to-market for your enterprise.

Learn More

Sponsored by ActiveState