I’m greedy when it comes to software: I like having code that works, but I also want the very latest stable versions of my applications. Ubuntu does a good job satisfying the former demand, but it lags behind other distributions when it comes to keeping its repositories up-to-date. Fortunately, this issue has caught the attention of Ubuntu developers as of late, who have been discussing changes to the backports system. Here are the details.
Before going further, I should acknowledge that Ubuntu’s policy on software packages–which is to keep versions the same for the lifetime of each release–is well reasoned and deliberate. It helps ensure consistency across different iterations of Ubuntu and protects unwitting users from bleeding-edge, unstable code.
On the other hand, the packaging policy means that Ubuntu’s application stack quickly grows outdated after each release. Unless users seek software outside the official channels, they don’t get any version updates for Firefox, OpenOffice, Gnome or other applications until the next Ubuntu release–and in the free-software world, Ubuntu’s six-month development cycles (or longer for users sticking with LTS releases) can be a long time to wait.
Backports and PPAs
The one vehicle for addressing this issue is backports, which provide version updates of select packages when developers think there’s a good reason to do so. In theory, this should provide a healthy balance between stability and the need for up-to-date software. As Iain Lane recently pointed out on the Ubuntu developers’ mailing list, however, “getting stuff backported is too hard,” and in practice, very few packages tend to be updated via the backports system.
Lane also noted that the lack of backports has led to a proliferation of unofficial Personal Package Archives, or PPAs, that provide more recent builds of applications. Based on personal experience, I’d say he’s right: a quick look at my apt sources.list shows that I’m currently using third-party PPAs in order to maintain more up-to-date versions of browsers, firewall tools and torrent clients than those available in the official repositories.
The popularity of PPAs should come as no surprise: Launchpad has 17,203 of them, of which nearly 6,000 are active. And since Ubuntu 9.10, adding PPAs has been a one-liner, thanks to the apt-add-repository tool.
Rethinking Backports
Unofficial PPAs aren’t necessarily a bad thing–although they do theoretically pose security and stability risks to people who use them without caution–and none of the Ubuntu developers are condemning them. But Ubuntu contributors are recognizing that the ubiquity of third-party PPAs underlines the ineffectiveness of the current backports infrastructure, and they’re discussing ways to fix it.
One suggestion is to streamline the process required for uploading a backport, eliminating much of the bureaucracy that currently slows things down. Another idea is the creation of official backports PPAs, which would exist alongside the current -backports repository.
So far, no consensus has been reached. Nonetheless, it’s encouraging to see this issue acknowledged and discussed before it gets out of hand, and we look forward to seeing how the backports system might be revamped in response.
Don't miss Charlene O'Hanlon's weekly columns...
I believe this is one of the biggest hurdles facing Ubuntu adoption. I want a stable, well supported operating system so this means LTS releases. It is hard to do when key application fall so far behind (i.e. Firefox, Transmission, OpenOffice). It would be great if these packages could be kept up to date by Canonical without upgrading your whole OS.
“It helps ensure consistency across different iterations of Ubuntu and protects unwitting users from bleeding-edge, unstable code.”
I’ve never understood this objection. The latest code has MORE bugfixes and less problems than the obsolete version packaged with Ubuntu. How is it “dangerous” to use an up-to-date version of something? Isn’t open source supposed to be great because of how quickly things are patched? But then we have to wait 4 or 5 months for the update…
@Hmm, part of the stability issue is resolving dependencies, when you want the latest OpenOffice you’ll also need newer releases of libraries it depends on. You can’t just throw those in willy-nilly because other apps may rely on the same libraries and not work with the newer versions, etc.
Having said that it would be great to find a nicer middle ground, a step up from the base release but a step down from “unstable and untested”. Would be nice if backports could fill that niche.
@Brad:
The middle ground is to define a sharp line between operating system and addon-space. On one side of the line you guarantee ABI/API stability for the life of the release. On the other side of the the line you guarantee nothing in terms of interdependency or library stability.
In addon-space packages can either depend on libraries provided on the OS-space or they bundle libraries as part of a single package…. no multi-package dependencies chains _in_ addon-space and no replacement of OS-space libraries or components.
Applications in addon-space are taught to LD_LIBRARY_PATH (or equivalent) require the alternatives library versions they need on a per application basis without disrupting applications which require older system versions of the same library.
The trade-off is duplication of libraries on disk in proportion to the number of addon packages the user wants to install.
However, packaging policy for leading linux distributions don’t allow for this sort of separation. I’m pretty sure both dpkg and rpm tools would allow this arrangement..but packaging policy on how packages are constructed would have to diverge significantly from established policy to make this possible.
-jef
I think the simplest way around this is to provide back-ports for professionally developed applications like Firefox and OpenOffice to name only a few. That way Canonical gets the stability and consistency it’s looking for while giving most of it’s users what they need in terms of up to date applications without compromising on security.
aikiwolfie: I agree 100% i would be much more likely to stick with the LTS and I think much happier if what you proposed was the case.
Updating software has to be addressed, and it should through the normal update and the Software Centre. I also have many PPA’s for keeping software updated, and thanks to everyone who makes this available.
Also, through the Software Centre, make it simple for commercial software to be available, and to keep them updated and even the ability to downgrade.