Path: number1.nntp.dca.giganews.com!border1.nntp.dca.giganews.co   
   !nntp.giganews.com!local01.nntp.dca.giganews.com!nntp.sedona.net   
   news.sedona.net.POSTED!not-for-mail   
   NNTP-Posting-Date: Wed, 28 Feb 2007 13:51:44 -0600   
   From: ibuprofin@painkiller.example.tld (Moe Trin)   
   Newsgroups: alt.os.linux.ubuntu   
   Subject: Re: Ubuntu 6.06 v 6.1   
   References:    <7   
   l9u29pu28pqven4s2nn7oqnij1lj8cac@4ax.com> <54k4kiF1vhf0bU1@mid.uni-berlin.de>   
   <25p9u2d68ftdl30jkltok7l61bd0mk3lia@4ax.com>    
   Message-Id:    
   User-Agent: slrn/0.9.5.4 (UNIX)   
   Date: Wed, 28 Feb 2007 13:51:45 -0600   
   Lines: 96   
   NNTP-Posting-Host: 67.136.141.9   
   X-Trace: sv3-spsWmRUcvivFqb3a74AKOzBe4UMqIQB2+2O802o9GoO0DCqIwZG   
   lDlpnwI0Q1kczyOjVHWrAL94v3V!/Z72gMGg5Aij4P6p+2HIX4xxGN6ZJFF86u4h   
   R6Z+jGdQW1Kc5cbig9HhZvxsRFUu4Fnifv9e73v!ttiCXNDPz3w/WlX2UEhGenh142Sxa+gD   
   X-Complaints-To: abuse@sedona.net   
   X-DMCA-Complaints-To: abuse@sedona.net   
   X-Abuse-and-DMCA-Info: Please be sure to forward a copy of ALL headers   
   X-Abuse-and-DMCA-Info: Otherwise we will be unable to process your complaint   
   properly   
   X-Postfilter: 1.3.34   
   Xref: number1.nntp.dca.giganews.com alt.os.linux.ubuntu:11219   
      
   On Tue, 27 Feb 2007, in the Usenet newsgroup alt.os.linux.ubuntu, in article   
   , jellybean stonerfish wrote:   
      
   >Zepos wrote:   
   >   
   >> Christopher Hbner  wrote:   
   >>   
   >>> You are not forced to use the package-system. There exist numerous   
   >>> possibilities to install software. (Get the code from the repository   
   >>> and compile the programs you need.)   
      
   This _is_ true, but   
      
   >> That sounds more like something for experts (dare I say geeks?), not   
   >> for a simple user like myself.   
      
   It is _usually_ preferable to remain within the package management   
   system for several reasons.   
      
     1. "Official" packages from your distribution have had a lot of eyes   
        looking at them - less chance of nasties.   
      
     2. "Official" packages from your distribution have handled all of the   
        dependencies problems. By the same token, _other_ stuff that may   
        depend on (or conflict with) "this" application/version are made   
        aware of this via the package manager.   
      
     3. "Official" packages from your distribution make security updates   
        painless. Someone _else_ is keeping track of any problems. Otherwise,   
        this is totally _your_ job.   
      
   Now, if _you_ want to install the very latest version of $FOO (either   
   because it has a feature/bug-fix you can't live without, or because there   
   is someone who has seen a version with a higher version number and you   
   think numbers are important), then look at those three points above and   
   make your own decision. No one here is going to force you or laugh at you   
   for going either way.   There is also a fourth point:   
      
     4. "Unofficial" packages from third parties are less desirable over-all,   
        but do solve point two (dependencies). The Debian package manager is   
        the oldest one in use (a few months older than 'rpm') and will   
        _usually_ "do the right thing" - warning you of conflicts or the   
        really stupid errors. But it's your responsibility, not the package   
        manager, or the distribution's.   
      
   >It is pretty easy to compile stuff.  Even for simple users.   
   >After using your package manager to install the compiler, linker, etc.   
   >Most packages:   
   >   
   >unpack source code   
   >cd to source directory   
   >type   
   >   
   >./configure PREFIX=/usr   
   >make   
   >make install   
      
      
      
   >Of course, read the INSTALL or README files first.   
      
   Reading the source might also be a good idea. Reading the Makefile before   
   running 'make' certainly is.   
      
   [compton ~]$ grep builder /etc/passwd   
   builder:x:65523:65523:Software Building account:/usr/local/src:/bin/bash   
   [compton ~]$ grep builder /etc/group   
   builder:*:65523:builder   
      
   Those are not distribution or UNIX standard accounts. They are on our   
   systems because a software auditor from corporate recommended them.   
   Neither user or group accounts own ANY other files/directories. The user   
   has permissions of 'others' which is to say they can write to /tmp/ and   
   /usr/tmp (other than their home directory) and that is all.   
      
   Tarballs are unpacked in /usr/local/src/ then audited and built there.   
   If the software does not _require_ root permission to _run_ (for example,   
   it's not opening a network socket), then the software is test run from   
   the source directory by the 'builder' user, so that if something goes   
   horribly wrong, 'builder' is the only user effected. Only when things are   
   correct is root needed to _install_ the software so that regular users   
   can then run it.   
      
   We've been using this method WITHOUT PROBLEMS for over twenty years - yes,   
   that predates Linux.   
      
   >The first time may be tough.  Search google with the text of any errors   
   >you get, and fix them.  After a couple of packages, you will not  be   
   >simple anymore.   
      
   Best advice is to start "small" with relatively simple stuff that isn't   
   critical.  Work your way in gently, and enjoy what you are doing, learning   
   and the results of your labor. It doesn't have to be a frightening or   
   confusing experience.   
      
           Old guy   
   --- Platinum Xpress/Win/WINServer v3.0pr5   
    * Origin: Omicron Theta BBS (1:261/20)