Package Management Systems Mess
The focus of this post is on “universal” package management systems. There are a lot of these. Some make sense but a lot of them are very flawed and just makes package management more difficult on a system.
Learning Normal Package Managers
Normal package managers like apt and pacman can sometimes be annoying too. It means that if you use various different distributions that are designed to work well with a specific package manager and are different from each other, it means you end up having to read the manual of all of them and having to remember more crap to do the same thing. Some are very different like emerge which I can respect but it can still be annoying.
Releases
Devs end up developing their programs and releasing in one of these “universal” package management systems like snap or flatpak and not providing install methods through the standard way for your distribution which means you have to go through the process of setting up a huge package manager to be able to install a program. Some devs also don’t always time their releases very well if they support many package management systems and some installs from some package management systems are left to wait around on the devs.
Security Claims
Some like flatpak even try to claim that their system is good for security because they use sandboxing or some other dumb statement. flatkill shows that’s a bunch of crap.
Due to the way in which some of these package managers work, they can come and run with incredibly outdated dependencies that are known to have serious security vulnerabilities and if the devs of the main program take long to update or stop developing on the program, you the user are left vulnerable even if the devs of the dependencies have addressed the vulnerabilities. It wouldn’t be as bad if the user could choose to update the dependencies easily to something safer and if the program still works with the newer version of dependencies, can keep it that way instead of reverting back.
Proprietary
Some package managers like snap are amazingly not really even free software. I think there is a place for proprietary software but it feels really stupid for someone to come to a linux distro for all the free software and have to install some program with snap which is free software but runs in a proprietary server model.
Where Is All Of My Secondary Storage Space!?
If you install a lot of your programs in these universal package management systems, you will notice all of your storage be consumed. Each app has their own dependencies in different versions or even the same version of a dependency multiple times over different apps on the same system. That is where all your secondary storage went. This is what comes in the new world where where we will have apps instead of normal programs.
Solution To A Problem
The problem they are trying to address is that some repos on systems may have much more outdated packages than others and if the program needs a newer version that isn’t available in the repos, the person managing that system cannot install the program easily. This is half true. There are work arounds to make it work anyways but it isn’t always perfect.
The big selling point of some of these universal package management systems are that if installed in different places, they will work everywhere because they are packaged with the dependencies that devs know work with the program. In reality, from my own experience, this is not true. There have been many times where I’ve installing and running a program packaged like this and it doesn’t even work anywhere or doesn’t work on some systems.
Another thing is that as there are so many package managers across different distributions, lets make one universal one that works across all of them so the person only has to deal with learning one instead of multiple if they use multiple distributions. This universal package manager only really works if everyone is using it though. Because there are many devs not packaging in all of these “universal” package managers, the package managers aren’t really universal then.
Standardized And Universal
These people keep coming up with new “standardized universal” package management systems. If almost everyone isn’t using just one of them, it isn’t a universal standard! Stop saying it is. There are so many of them and there are more that will be invented and the people that suffer from this are the devs and the users. It would be nice to have one package manager in the world that does everything and does it will so it’s easier on users but that isn’t possible and wouldn’t really be following the UNIX philosophy anyways. By creating another package manager, you are only adding to the problem instead of really addressing it. A user of a linux distro may have to think about dnf but now they need to think about dnf and a hundred other package managers too even though they only use one distro.