The Package Manager – A Love/Hate Relationship

Out of every piece of software in Ubuntu, the package manager is the single most monumental and unique piece in the Operating System. I can tell you about Evolution (Ubuntu’s email client), or Totem (Ubuntu’s media player) and even if you’ve never used these programs, it would be easy to relate them to other things you likely have used. However trying to relate a package manager is a bit harder. The use of a package manager, and going further than that by completely relying on one, changes the OS experience entirely. Some of these changes are good and some are bad, driving what has become a love/hate relationship with apt, Ubuntu’s package manager.

Rather than trying to explain what a package manager is, it would be easier to explain what is a package manager. Package mangers are more common than most people would think, as there are several systems that use package managers without it manifesting itself in an obvious way. My iPhone runs a package manager – two in fact – one being the iTunes App Store and the other being apt (the same as Ubuntu) sitting underneath Cydia. Steam is also a package manager, taking care of its own little microcosm of games, mods, and SDKs. Most people have used a package manager without realizing it.

But none of them take it as far as Ubuntu. Steam only uses package management to install games, the iPhone via apt takes it a little bit further to install a wider base of applications and frameworks, but none of them integrate package management in to the OS like Ubuntu does. Everything in Ubuntu is a package, starting with the kernel and moving to drivers and applications. And the ramifications of this are huge.

When you go to install an Ubuntu application, there is no need to track down an installer for an application, make sure it’s the latest version, make sure it’s not really a Trojan or virus-infected, etc. All of the applications bundled with an Ubuntu release sit on Ubuntu’s servers as a package. Finding software to install (if it didn’t already come on the CD) is as easy as firing up the Add/Remove Applications application, and looking for the application you’d like to install. And if you don’t know what you want to install? Ubuntu will tell you all about whatever application you’re looking at.

Once an application is installed, the package manager will keep track of that application. It can uninstall the application if you need to remove it, or make sure it’s up to date if at some point a newer version (such as a bug fix) is published. The package manager brings everything together.

From an application perspective it’s little different than the iTunes App Store, but compared to what other OSs do it’s a big deal. How many different applications install their own updater service? Even though Microsoft and Apple consolidate updating their software in to their own software update systems, they can’t do that for everyone else’s applications. Chrome, Flash, Java, etc all have updaters running in the background just to keep their respective applications up to date. And while these updater applications are small compared to what they’re tasked to monitor, it’s none the less a waste of resources. Why do you need many applications to do the same job? On Ubuntu, you don’t.

On Ubuntu, the package manager is also in charge of keeping the OS itself updated, which is where we see it significant diverge from our earlier example of the iTunes App Store. Mixed in with application updates are updates to various system components, each one dutifully made in to their own package. This makes it very easy for Ubuntu to distribute component updates as needed (rather than bundling them together as larger updates) but it’s also a bit daunting – there are a lot of updates even when starting from Ubuntu 8.04.3. Nevertheless, for the curious types, this allows you to see exactly what’s being updated, and usually there’s a note attached with a meaningful explanation as to why.

Ubuntu’s package manager is the most foolproof way to install and maintain software I’ve ever used, on a computer. And that’s why I love it.

The package manager is also the outlet of my frustrations with Ubuntu, for many of the same reasons. Everything in Ubuntu is a package. There are no drag-and-drop installs like in Mac OS X, and there are no MSI/NSIS/InstallShield installs like Windows, there is only the package. The problem is that the package manager is an extremely self-limiting device when combined with Ubuntu’s software distribution philosophy as we mentioned earlier. Ubuntu isn’t just distributing an OS on which you run programs, but they’re distributing the programs themselves, and it’s all one stable platform.

You’ll first discover how frustrating this can be when you decide that you would like a newer version of some piece of software than what Ubuntu offers. We’ll take Wine for example, which develops at a rapid pace. If you want to be able to install the latest version of Wine, rather than version 1.0.1 that comes with Ubuntu, you’ll need to follow these instructions, which are composed of adding new repository entries to apt, followed by downloading and importing an authentication key in to apt so that it will trust the packages. Only then can you go back in to the package manager and tell it to install the latest version of Wine.

The Ubuntu project does offer a slightly simpler alternative through the Personal Package Archives, which are packages uploaded by users and hosted by the project. PPA repositories are a bit easier to install than the standard DEB repository, but the primary focus on PPAs is that there’s additional software available as a package for easier upgrading and maintenance. However since PPAs are maintained entirely by users, they’re unreliable as a source of updates, and not everything is made available for Hardy.

As a result of all of this, the package manager has just made software installation on Ubuntu a good deal harder than it is on Mac OS X or Windows if we wanted to do the same thing. And if you want a piece of software that’s not either the default Ubuntu version or the latest version from another repository, good luck, the package manager is designed to make upgrading easy, not necessarily downgrading.

The package manager exists to the detriment of any other way to install software. Technically software packages can be distributed outside of a repository, but in my own experience that seems very uncommon. Followed by that you have the shell script containing a binary blob (which may or may not be recognized and open correctly) and the more bearable-but-rare compressed folder. You are, for better or worse, stuck with the package manager in most cases.

This is why I hate the package manager. To the credit of the developers of it, it’s more of a flaw in the philosophy of Ubuntu than the technology, but the package manager in the minion enforcing the harsh realities of that philosophy. It’s here where the wheels start falling off of Ubuntu. It works well when you want to run software that Ubuntu provides in its main repositories, but only when you want to run software that they provide. Installing any other software is at times a nightmare.

I’ll close out this section reflecting on the iTunes App Store one more time. In spite of being a package manager, I have no qualms with it. Apple doesn’t tie app versions with OS versions, so I can always grab the latest version. Meanwhile if I need an older version it’s not easy, but double-clicking on archived IPA files is still less troubling than trying to pull off something similar with Ubuntu.

True nirvana for software installation and updating lies between Ubuntu’s strict package manager, and Windows’ loose environment of installers. Apple found one solution, though certainly not the only one. Ubuntu would do well to find a similar way to meet in the middle. As much as I love a unified installer and updater, as done by Ubuntu it causes me more frustration than enjoyment. I consider the package manager to be the worst regular experience of Ubuntu.

A Word on Drivers and Compatibility UI & Usability
Comments Locked

195 Comments

View All Comments

  • ioannis - Wednesday, August 26, 2009 - link

    ...sorry, I think it's Alt+F2 by default. I'm talking about the 'Run Command' dialog.
  • Eeqmcsq - Wednesday, August 26, 2009 - link

    Oh, yes you're right. I stand corrected.
  • sprockkets - Wednesday, August 26, 2009 - link

    Ubuntu doesn't ship with the firewall on eh? Weird. SuSE's is on, and that has been the default for quite some time. GUI management of it is easy too.
  • clarkn0va - Wednesday, August 26, 2009 - link

    For incoming connections I don't quite grasp what good a firewall will do on a system with no internet-facing services. With no open ports you stand little to gain from adding a firewall, and any internet-facing service you might add, well, you don't want to firewall that anyway.

    I can see two theoretically plausible arguments for a host-based firewall, but even these don't really stand up in real-world use: 1) a machine that has open ports out of the box (I'm looking at you, Windows), and 2) for the folks who want to police outgoing connections.

    In the case of the former, why would we open ports and then block them with a firewall, right out of the box? This makes as much sense to me as MS marketing their own antivirus. Third-party firewalls were rightfully introduced to remedy the silly situation of computers listening on networks where they shouldn't be, but the idea of MS producing a host-based firewall instead of just cleaning up their services profile defies common sense.

    In the case of outbound firewalling, I've yet to meet a home user that understood his/her outbound firewall and managed it half-way effectively. Good in theory, usually worse than useless in practice.

    db
  • VaultDweller - Wednesday, August 26, 2009 - link

    Just because a port/service is open, doesn't mean you want it open to the whole world.

    Examples:
    SMB
    NFS
    VNC
    RDP
    SSH
    Web (intranet sites, for example)

    And the list could go on... and on and on and on, really.

    Also, it's erroneous to assume that only 1st party software will want to open ports.

    And that is to say nothing of the possibility of ports being unintentionally opened by rogue software, poorly documented software, naughty admins, or clumsy admins.

    Host-based firewalls help with all of these situations.
  • clarkn0va - Wednesday, August 26, 2009 - link

    Windows firewall doesn't filter by source. In other words, if you want SMB or any other service open to some peers and not others, Windows firewall can't help you; you'll need a more sophisticated product or a hardware firewall for that.

    I'm not saying there's no case for host-based firewalls, I'm just saying it's pointless for most users out of the box, where Ubuntu doesn't need it and Windows should be looking at fixing the problem of unneeded services running, rather than just bolting on another fix.
  • VaultDweller - Wednesday, August 26, 2009 - link

    "I can see two theoretically plausible arguments for a host-based firewall, but even these don't really stand up in real-world use"

    That sounds to me like a claim that there is little or no case for a host-based firewall; at least, that's how I interpreted it.


    "Windows firewall doesn't filter by source. In other words, if you want SMB or any other service open to some peers and not others, Windows firewall can't help you"

    That is incorrect, and you should check your facts before making such statements. The Windows Firewall can filter by source. Any firewall exception that is created can be made to apply to all sources, to the local subnet only, or to a custom list of IPs and subnets.

    The firewall in Vista and Windows 7 goes a step further, as it is location aware. Different ports and services are opened depending on the network you're plugged into, as exemplified by the default behavior of treating all new networks as "Public" (unknown and untrusted) until instructed otherwise.
  • clarkn0va - Wednesday, August 26, 2009 - link

    "The Windows Firewall can filter by source. Any firewall exception that is created can be made to apply to all sources, to the local subnet only, or to a custom list of IPs and subnets. "

    In that case I retract my assertion that an out-of-the-box firewall makes no sense in the case of Windows.

    As for Ubuntu, or any other desktop OS having no open ports by default, I still see including an enabled firewall by default as superfluous. Meanwhile, firewall GUIs exist for those wishing to add them.
  • Paazel - Wednesday, August 26, 2009 - link

    ...not enough pictures. admittedly my interest additionally waned when i read the newest ubuntu isn't be reviewed.
  • philosofool - Wednesday, August 26, 2009 - link

    I'm not done with this article, which I'm loving. However, there's a grammatical/spelling quibble that's driving me nuts: "nevertheless" is one world.

Log in

Don't have an account? Sign up now