Remix.run Logo
Remix clone Hacker News
new | show | ask | jobsGithub
Washuu 4 hours ago

> Most Linux package managers cannot separate user-installed packages from system packages.

And because of pinning versions to LTS releases on certain Linux distributions many times those packages stay out of date for years. Which is quite annoying.

xenophonf 3 hours ago | parent [-]

> quite annoying

It's also quite stable, which you'd think more people would prize given the recent and on-going supply chain attacks.

thewebguyd 3 hours ago | parent | next [-]

Stable as in unchanging, sure.

Stable can also mean "you get to keep all the bugs present in this version for the next 4+ years"

jandrese 2 hours ago | parent [-]

Or worse, the kernel moves beyond the package in the repo so a year and a half later it doesn't even work anymore.

VirtualBox is really bad about this.

happyopossum 3 hours ago | parent | prev [-]

Given the recent dramatic uptick in vulnerability discoveries, it's also prone to being quite insecure...

xmprt 3 hours ago | parent [-]

LTS still typically get security updates. That's what the support in long term support means.

moskimus 2 hours ago | parent [-]

This gets thrown around a lot, but it's not entirely true. Depending on the particular distro, only certain core packages are likely to get updates on LTS releases. Non-core packages may just get left to rot until the next LTS release. Specifically Ubuntu follows this. A lot of their non-core packages just get imported from Debian and then just sit unmaintained until next release (this goes doubly if not using Ubuntu Pro).

thewebguyd an hour ago | parent [-]

Especially frightening when you look at how much everyday stuff is actually in the Universe repo in Ubuntu. Without Ubuntu Pro, your LTS system can sit in a very insecure state for a long time as patching Universe is "best effort" from the community.

Most popular GUI stuff is from universe, as are quite a few dev tools. Some examples: Gimp, Inkscape, pip (and a ton of python packages), most of gnome, a big chunk of KDE, htop, mariadb, etc.

See for yourself grep -h "^Package:" /var/lib/apt/lists/_universe__Packages | awk '{print $2}' | sort -u

Or to see only what you have installed from Universe: comm -12 <(dpkg-query -f '${Package}\n' -W | sort) <(grep -h "^Package:" /var/lib/apt/lists/_universe__Packages | awk '{print $2}' | sort -u)

A big repo isn't always better.