View from the Trenches: Alternative Package Sources

If you know where to look (or if someone tells you where), you can find all the packages you want and need.
______________________

Comments

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

Re: View from the Trenches: Alternative Package Sources

Anonymous's picture

And lets not forget Backports.org for all your Debian stable backport needs :-)

Re: View from the Trenches: Alternative Package Sources

Anonymous's picture

If you are running Mandrake on the other hand, you have a wider array of options.

- Texstar's RPMs can be found in many servers.
- Penguin Liberation Front has all the things that can't make it in the distro because of law enforcement (DeCSS, etc)
- Mandrake Users Forum (the free one) has a nice FTP that mirrors a lot of packages
- All of Mandrake FTP sites have a directory called contrib, where contributions from users are stored. Hundreds of packages there.

Of course, the problem with these is that they mostly apply to Mandrake, but you can get the source rpms and build for your system most of the times.

One extra note... If you add those sites to urpmi (the great Mandrake tool that resembles apt-get), it will automatically install all requirements (dependencies) for your application and install them for you. Long live Mandrake!

Re: View from the Trenches: Alternative Package Sources

Anonymous's picture

Agreed. Urpmi, Mandrake's tool, is the most mature of the rpm tools simply because it has been around the longest.

Re: View from the Trenches: Alternative Package Sources

Anonymous's picture

Umm... well if you're after APT-RPM, I wonder why ALT Linux wasn't mentioned. It's quite capable repository and a special distro, very popular in xUSSR altogether.

Here are Freshmeat and DistroWatch project pages, and pbone knows about it too.

--
Michael `gvy` Shigorin
ALT Linux Team
mike osdn org ua

Re: View from the Trenches: Alternative Package Sources

Anonymous's picture

Compiling from source is certainly a more mindful process than simply clicking to install software over the net. However, it's also more secure, not to mention more customizable.

Of course, most people will not inspect the source code prior to compiling it, but the point is that you can whenever you want to. We all benefit when people do in significant numbers.

If instead you install a precompiled package, you give up that power of inspection, and you take on the risk that the software you've installed is not what you think it is, even if you later go to inspect what you may believe to be its source code. This is the situation which Microsoft users face all the time, and to my mind it's not enviable to be that na

Re: View from the Trenches: Alternative Package Sources

Anonymous's picture

I do agree with you partly. I sometimes prefer compiling, i have done LFS many times. But i do not enjoy compiling kde for 6 hours(on an xp1800+). As for your security concerns. Thats why we have md5sums. To verify file integrity. As well as someplaces use gpg and ssl to verify links securely.

Re: View from the Trenches: Alternative Package Sources

Anonymous's picture

And there are also scripts you have to run, when you compile yourself (./configure, makefile targets), that could contain nasty things.
So signatures and trusted source of packages is much more important IMHO.
You can hardly check every line in those files (at least not always, if you compile a lot).

Yuri

Re: View from the Trenches: Alternative Package Sources

Anonymous's picture

Unfortunately, signatures are usually used in very insecure ways on net.

For example, a web site will often have the source package and signature available from the same location. Anyone who could have compromised one can easily compromise the other. So that signature is absolutely worthless as far as security goes.

What people should really do is make signatures and files available from seperate servers (on seperate physical and logical networks, from different ISPs, preferably running different OS' secured differently, and perhaps one being an ftp server and the other a web server), that way there'll be less chance of both being compromised.

Another step forward would be to integrate the signatures with a web of trust, like gpg. But that really hasn't caught on nearly as much as simple md5s.

::pattern::

Re: View from the Trenches: Alternative Package Sources

Anonymous's picture

rpmfind.net is not as usable as
http://www.rpmseek.com/ is.

And despite the domain, .deb were also indexed.

Re: View from the Trenches: Alternative Package Sources

Anonymous's picture

As well there is www.linuxpackages.net for slackware pkg's
You can get Mplayer and packages that dont come with the basic install.

Re: View from the Trenches: Alternative Package Sources

Anonymous's picture

Good article!

But you seem to have missed out on one on the most useful apt-rpm, yum repositories out there for Redhat distributions:

http://freshrpms.net

Webinar
One Click, Universal Protection: Implementing Centralized Security Policies on Linux Systems

As Linux continues to play an ever increasing role in corporate data centers and institutions, ensuring the integrity and protection of these systems must be a priority. With 60% of the world's websites and an increasing share of organization's mission-critical workloads running on Linux, failing to stop malware and other advanced threats on Linux can increasingly impact an organization's reputation and bottom line.

Learn More

Sponsored by Bit9

Webinar
Linux Backup and Recovery Webinar

Most companies incorporate backup procedures for critical data, which can be restored quickly if a loss occurs. However, fewer companies are prepared for catastrophic system failures, in which they lose all data, the entire operating system, applications, settings, patches and more, reducing their system(s) to “bare metal.” After all, before data can be restored to a system, there must be a system to restore it to.

In this one hour webinar, learn how to enhance your existing backup strategies for better disaster recovery preparedness using Storix System Backup Administrator (SBAdmin), a highly flexible bare-metal recovery solution for UNIX and Linux systems.

Learn More

Sponsored by Storix