You are not logged in.

#1 2004-12-05 14:16:56

hugelmopf
Member
Registered: 2004-08-06
Posts: 71

Repositories Management Suggestion

Arch has quickly become my (favorite) distribution, but I had not noticed until yesterday, that there are quite a few easily usable repositories besides the 2/3 official ones: "Trusted User Repos" as well as privately hosted repos of not (yet) trusted users.
I like this idea a lot and am amazed, how Pacman allows such flexibility. And as I consider Arch as a distribution with a lot of potential, I have thought about optimizing this (already great) repo system with the following goals:

· increase the number of packages available to Pacman
· encourage users to contribute to the community by providing packages instead of just "configure, make, make install"ing.
· reducing the administrational work for the user submission of packages (kind of automation of the user submitted packages, enhanced TUR system) and thus give the main developers more time for important things
· still providing a good quality assurance of the packages in the TURs and of course in the official repos
Thus I suggest the following enhancements:

· There should be three quality levels: Official Repos, TUR (Trusted User Repos), OUR (Open User Repos)  -> nothing new
· Everybody who wants should be able to sign up (e.g. with his forum login) for an OUR at some central package management interface (like an enhanced packages.php on archlinux.org). She/He would have to provide own hosting. His repo (repo.db.tar.gz) gets scanned regularly to be included in the packages.php interface and a package voting facility is added to packages.php, so that all registered users (e.g. of the forum) can vote about this OUR.
· As somebody has votes above a certain number and quality level, he gets promoted (fairly automatically) to the TUR level and gets hosting on the official server. Setting it up like this takes stability of the packages into account as well as demand for them.
· With every new Pacman release the following repo lists will download: current, extra, release, unstable, TUR, OUR. But in pacman.conf only the official ones are enabled by default. This gives every user the stability and security of the current Pacman plus the possibility to easily use either the TUR-quality packages or even the OUR-quality packages.

If these suggestions sound good to the Arch community, I would offer to work on the necessary php/sql (?), of course closely cooperating with the devs. If you want this to be done in any other programming/scripting language, I am sorry that I can't help because of too little experience.

Your thoughts?

Edit: I just (grr... now that I have written this already) found a post saying that Eric (?) is working on a new repository management. So that's great news... is there any more information available? Maybe he can use one of my ideas as well.

Offline

#2 2004-12-05 19:15:53

contrasutra
Member
From: New Jersey
Registered: 2003-07-26
Posts: 507

Re: Repositories Management Suggestion

Why does every new user have a plan for completely changing the repository system?

This has been discussed to death. STAGING and TURs are being replaced with AUR. Extra/Current are staying the way they are, but may adopt the AUR if it works well.

Search the forums for AUR, STAGING, INCOMING, etc. You can also read the TUR mailing list or talk to Eric (the dev) about helping code the AUR.


"Contrary to popular belief, penguins are not the salvation of modern technology.  Neither do they throw parties for the urban proletariat."

Offline

#3 2004-12-05 21:41:45

hugelmopf
Member
Registered: 2004-08-06
Posts: 71

Re: Repositories Management Suggestion

Thanks for the warm welcome to the "new user".

As you might have seen (if you read my Edit), I realized that there already is such an effort and said, this is great.

Sorry again for being a little too quick this time, but I hope that not all user contributions/ideas are treated this way.

Offline

#4 2004-12-05 21:59:05

contrasutra
Member
From: New Jersey
Registered: 2003-07-26
Posts: 507

Re: Repositories Management Suggestion

hugelmopf wrote:

Thanks for the warm welcome to the "new user".

As you might have seen (if you read my Edit), I realized that there already is such an effort and said, this is great.

Sorry again for being a little too quick this time, but I hope that not all user contributions/ideas are treated this way.

I was not upset at you. I am just kind of sick of arguing about the repo system. It's way too much talk for so little action.

The plan/code for the AUR is here:
http://xentac.net/websvn/filedetails.ph … rev=0&sc=1

If the AUR isn't ready relatively soon, we will instead go with a backup plan the TUs have been working on. It's not as nice as the AUR, but much easier to implement.


"Contrary to popular belief, penguins are not the salvation of modern technology.  Neither do they throw parties for the urban proletariat."

Offline

#5 2004-12-05 22:27:19

hugelmopf
Member
Registered: 2004-08-06
Posts: 71

Re: Repositories Management Suggestion

Of course I know it's useless to have lots of threads/ideas about package submission. But I am reading the Arch mailing list and never heard of AUR (until I searched this forum... a bit too late). So this as an excuse.

contrasutra wrote:

Why does every new user have a plan for completely changing the repository system?

It's probably because new users aren't experienced enough to tackle the initscripts, kernel or whatever. Still some of them (shame on them) would like to contribute, so when they find the first package, that is not available in Pacman, they think about packaging and submitting it. You can figure the rest...

I am excited to see what the new AUR is going to bring and might submit some package to it one day.

Offline

#6 2004-12-06 03:13:39

Dusty
Schwag Merchant
From: Medicine Hat, Alberta, Canada
Registered: 2004-01-18
Posts: 5,986
Website

Re: Repositories Management Suggestion

contrasutra wrote:

I am just kind of sick of arguing about the repo system. It's way too much talk for so little action.

Contrasutra's been one of the biggest arguers too....  8)

Seriously the matter has been discussed so much, and as contrasutra says, not much has been happening... at least, what has been happening has not been too visible.  In fact, the only thing that will tell us what's happening is if farphel posts a response to this topic... but maybe he's too busy coding on AUR (catch 22), or maybe he's not bothering to code OR respond to forum messages these days. lol

Dusty

Offline

#7 2004-12-06 07:25:53

sarah31
Member
From: Middle of Canada
Registered: 2002-08-20
Posts: 2,975
Website

Re: Repositories Management Suggestion

just a couple of observations:

hugelmopf wrote:

I have thought about optimizing this (already great) repo system with the following goals:

· increase the number of packages available to Pacman
· encourage users to contribute to the community by providing packages instead of just "configure, make, make install"ing.
· reducing the administrational work for the user submission of packages (kind of automation of the user submitted packages, enhanced TUR system) and thus give the main developers more time for important things
· still providing a good quality assurance of the packages in the TURs and of course in the official repos

to the first point ..... i have never thought that there were too few packages.  Whe i installed arch there were only about 300 packages and never found that limiting. I look at something like Debian and think that there is a distro that has become burdened with too many packages and "flexibility" of the developers to offer not only so many packages but variations of packages. Think of how long it takes Debian to release a new version and you get the idea.

You also need more developers and it is REALLY HARD to find good developers Arch has had too many "developers" with "eyes bigger than their stomachs".

to point two .... when i read that people are not using ABS to build their own packages i get frustrated. the whole reason of having a good package management system is to have user use it for making packages and not just for installing/uninstalling packages.

to point three .... i think having easy and not well monitored access to user contributed packages is stupid an dangerous. sorry to be harsh but for every tom dick and harry to have access to the package repos is signing a death warrant for arch. it is an incredible security risk.

to point four ... worrying about TURs when there are not even a public statement on what one needs to be a TUR or even an Arch developer is a liitle silly i think.

hugelmopf wrote:

Thus I suggest the following enhancements:

· There should be three quality levels: Official Repos, TUR (Trusted User Repos), OUR (Open User Repos)  -> nothing new
· Everybody who wants should be able to sign up (e.g. with his forum login) for an OUR at some central package management interface (like an enhanced packages.php on archlinux.org). She/He would have to provide own hosting. His repo (repo.db.tar.gz) gets scanned regularly to be included in the packages.php interface and a package voting facility is added to packages.php, so that all registered users (e.g. of the forum) can vote about this OUR.
· As somebody has votes above a certain number and quality level, he gets promoted (fairly automatically) to the TUR level and gets hosting on the official server. Setting it up like this takes stability of the packages into account as well as demand for them.
· With every new Pacman release the following repo lists will download: current, extra, release, unstable, TUR, OUR. But in pacman.conf only the official ones are enabled by default. This gives every user the stability and security of the current Pacman plus the possibility to easily use either the TUR-quality packages or even the OUR-quality packages.

If these suggestions sound good to the Arch community, I would offer to work on the necessary php/sql (?), of course closely cooperating with the devs. If you want this to be done in any other programming/scripting language, I am sorry that I can't help because of too little experience.

Your thoughts?

Edit: I just (grr... now that I have written this already) found a post saying that Eric (?) is working on a new repository management. So that's great news... is there any more information available? Maybe he can use one of my ideas as well.


well as you know AUR is being worked on. As I mentione dabove i think even AURs will require constant monitoring and administrating because a freely accessable system is just too dangerous. I think that having user contributions is extremely important but all contributions HAVE to be secure and only monitoring such submissions is very very important.

personally I do not use unstable, TURs or Staging and will not use any similar repos. I only use current and extra because i "expect" that those packages have been scrutinised enough (though this is not always true). as well, i don't like all sorts of extra crud in my files. i like arch because it's conf. files are not cluttered up with a bunch of stuff i don't want and having several repos i have no interest in falls in the cruft catagory for me. I am sure others have that view.

voting .... i don't agree with voting to include packages in official repos or URs if a package is built and contributed then SOMEBODY thinks it is necessary and as such every effort should be made to include it, eventually, in the official repos. there are alot of excellent applications out there that are not well used but every bit as good as popular counterparts. In fact when i was a package maintainer i added a bunch of packages that alot of people probably would not have even have thought of building or using but like. They may not be wildly popular but in the end they helped draw people or keep people with arch.

i hope i did not come off too harsh. i think most of your ideas are already planned to be a part of the new AUR. i just wanted to offer some concerns that you may not have considered. as you will notice many people will question qulity control throughout the year (me included) and having a loose user contribution system certainly does not help to dispell such complaints.


AKA uknowme

I am not your friend

Offline

#8 2004-12-06 10:23:39

hugelmopf
Member
Registered: 2004-08-06
Posts: 71

Re: Repositories Management Suggestion

Thanks for your comments and ideas (to this maybe superfluous thread).

sarah31 wrote:

to point three .... i think having easy and not well monitored access to user contributed packages is stupid an dangerous. sorry to be harsh but for every tom dick and harry to have access to the package repos is signing a death warrant for arch. it is an incredible security risk.

You might be right about the security, but my thought was: Right now, everybody can include Untrusted Repositories if he wants (see the Wiki page with a complete list), so my suggestion is not any more insecure than the current status. People can include untrusted repos, but by default they don't.

sarah31 wrote:

i have never thought that there were too few packages... Debian burdened with too many packages

There have been packages that I have missed (especially i18n). ...
Exactly! That's why I would expect a lot of automation of a user submission package system.

Offline

#9 2004-12-06 16:22:52

sarah31
Member
From: Middle of Canada
Registered: 2002-08-20
Posts: 2,975
Website

Re: Repositories Management Suggestion

i always thought that the CLC system that Crux has would have been the best. Mind you it sounds like AUR may be a bit like that. The one issue i had with Crux's CLC was that it was a bit too easy to contribute. Then again you are only contributing builds and  most people should have been able to detect any wrongdoing easily enough.

the problem with CLC though was that it was not very well monitoered so there were plenty of duplications of builds. Some CLC people also had "more recent" builds of base packages which i really don't agree with. I don't like to see duplication of any base packages or variants of base packages. (in the case of crux it was okay to some degree because their official repo is very slow to upgrade. i never used those CLC packages though because the member was a dink and i did not trust his packages)


AKA uknowme

I am not your friend

Offline

#10 2004-12-06 16:41:19

Dusty
Schwag Merchant
From: Medicine Hat, Alberta, Canada
Registered: 2004-01-18
Posts: 5,986
Website

Re: Repositories Management Suggestion

Sarah31's been *the* biggest arguer...  lol

Dusty

Offline

Board footer

Powered by FluxBB