Talk:RPM Package Manager

From Wikipedia, the free encyclopedia

Contents

[edit] Alien

Shouldn't this article mention alien? Debian-based distros use alien to install rpms.

[edit] Naming

According to rpm.org, the name is "RPM Package Manager". For more discussion, see: http://www.wikipedia.org/wiki/Talk%3ARed_Hat_Package_Manager --Tero 20030806t1415 EET

[edit] Porting

Which other OSes has rpm been ported to? BL 14:07, May 2, 2004 (UTC)

I added a link to the page at RPM.org that lists the various operating systems to which it has been ported. Better this way than to have to continually update it whenever a new port is made. Avalyn 10:05, 6 May 2005 (UTC)

[edit] MD5

Use of the (now seriously broken) MD5 algorithm is listed as an advantage. Is this still true (in which case it should surely be listed as a disadvantage!), or has RPM transitioned to a more secure method already (in which case that should be mentioned in the article)? --62.173.111.114 12:26, 14 November 2005 (UTC)

Since rpm-4.1, rpm metadata content (like the MD5 file digest) usually comes from a signed header.

So the issue of whether MD5 is "broken" or not is moot, one has to break the digital signature on the header in order to change the file MD5 digest, and that requires breaking DSA or RSA, not MD5.

Furthermore, rpm-4.4.6 permits replacing the file MD5 with any modern digest up to and including SHA-512.

The "advantage" comes from verifying a digest while installing, and verifying the signature (if present) on the header (where the file digest tag resides) whenever desired, not just when the package is installed. This is a (at least) reasonably secure persistent verification mechanism when used correctly.

[edit] Redundancy

Isn't the "Package Manager" in "RPM Package Manager" redundant?

That's the idea of recursive initialisms. Chris Cunningham 14:15, 31 August 2006 (UTC)

[edit] Update

Can someone with the expert knowledge please update the description for rpm naming format for the release naming convention. The description is lacking for the .rf and .at, they seem to indicate packagers but i'm not certain enough make an update to the article. Thank you.

<release>.<distribution>.rf.<arch> <release>.<distribution>.at.<arch>

There are many release naming conventions that are currently deployed. No one scheme is dominant or accepted sufficiently widely that it needs documenting.

[edit] Recursive abbreviation

RPM is not a "recursive acronym". It is a "recursive abbreviation".

To be precise, it's a recursive initialism. I've edited the article appropriately. Chris Cunningham 14:15, 31 August 2006 (UTC)

Not sure where this came from. RPM means Red Hat Package Manager . That's not recursive at all. Deleted. —Preceding unsigned comment added by 72.37.252.50 (talk) 17:56, 2 May 2008 (UTC)

No it doesn't. Oh, and please get an account, and sign your posts. EdC (talk) 13:13, 3 May 2008 (UTC)

[edit] types of RPM's

I don't mean to bother anyone, but shouldn't it be prudent to make seperate sections for the existing types of RPM's:

  • Normal RPMs
  • Source RPMs
  • Delta RPMs

Any ideas?

Binary (not "normal") and source RPM's have a handful of explicit differences, the most important of which is that binary *.rpm's have ptr's to the source rpm from which they were built, and *.src.rpm payloads do not specify any hierarchical directory structure.

Patch RPM's were an an interesting patch from SuSE that is largely historical. The idea behind patch RPM's was a delivery mechanism for partial packages that would be merged, rather than installed, with whatever content had previously been installed. The changes to the rpm install state machine, and the difficulty of creating patch packages (i.e. patches for all possible released software need to be produced) have made the idea of patch packages unworkable outside of a narrow vendor-specific distribution context.

SuSE today prefers Delta RPM's instead of Patch RPM's afaik.

There are also ""Repackaged RPM's" that can be produced before erasing the older package when upgrading to a newer package. Repackaged RPM's are a best effort (i.e. content on the file system may have been modified or deleted) attempt to recreate the original package from what had been installed on the file system.

Well, I fixed something that was inaccurate as I can understand , i.e. that RPMs have sources, only SRPMs have source.

Sebelk 17:26, 23 January 2007 (UTC)

[edit] Please review and delete the external link to "Who Maintains RPM?"

[edit] =============================

(apologies for being a wikipaedia idiot, I don't know the correct way to make this request)

While overall the RPM page is quite objective and sufficiently complete, I am personally concerned by the external link to "Who Maintains RPM?" since it mentions me by name. I have gone to great lengths to preserve my privacy and anonymity (most of RPM was written by me) Much of the content about RPM has been supplied by me, e.g. to "The Red Hat RPM Guide" by Eric Foster-Johnson, and to LSB only under conditions of "anonymous contribution".

However, as the subject of the published article, I'm clearly biased. I will leave it to someone else to make the call whether an external link to "Who Maintains RPM?" is relevant or not. I am personally threatened by an ongoing and organized campaign (there is a slander of me at kuro5hin published in May 2006, and these people have appeared multiple times on mailing lists with aggresssive and hostile attacks that are coupled to my name) that has continued over several years that is ultimately based on a bugzilla report #119185 from the year 2004.

Meanwhile, I'll be happy to supply any information regarding RPM that you want (as long as my name is "anonymous")

Jeff Johnson <n3npq@mac.com>

[edit] Disadvantages

Someone has removed this section. If they have a valid reason and read this, could they explain why? I feel that this section should remain, any one else agree? 87.102.23.39 05:24, 15 December 2006 (UTC)

[edit] When was first released

When was first released rpm package Manager?. —The preceding unsigned comment was added by 89.22.70.236 (talk) 16:26, 28 December 2006 (UTC).

I am missing a version history as well.--85.180.234.215 (talk) 21:42, 5 January 2008 (UTC)

[edit] On Portal:Free software, RPM is currently the selected article

(2007-01-23) Just to let you know. The purpose of selecting an article is both to point readers to the article and to highlight it to potential contributors. It will remain on the portal for a week or so. The previous selected article was Advanced Packaging Tool. Gronky 14:50, 23 January 2007 (UTC)

The selected article has moved on and is now GIMP. Gronky 14:19, 29 January 2007 (UTC)

[edit] Supported Linux distributions??

Just a minor niggle, but the section titled "Supported Linux distributions" seems to imply that RPM would have to explicitly support a distribution. I believe the intent of the section is something more like "Linux Distributions with RPM support". —Preceding unsigned comment added by 12.146.232.2 (talk) 17:22, 12 December 2007 (UTC)

[edit] Controversy section

I've tried cleaning up the controversy section slightly. Aside from the added reference to the LWN article http://lwn.net/Articles/196523/, one might want to link to the rpm.org FAQ entry at http://wiki.rpm.org/Docs/RpmOrgFAQ#head-bfc9aeacc86d4eec06dc6f559f4881d7428ca24b. This seems to paint a slightly more balanced picture: rpm.org acknowledges that rpm development languished after Jeff Johnson left Redhat, and that the rpm5.org fork actually started before Redhat launched rpm.org. The FAQ page is an immutable wiki page, so should be suitable as a reference.

If someone feels up to it, I think the article would benefit from a short note on the differing versions in the intro. 78.52.194.212 (talk) 09:30, 10 January 2008 (UTC)

Sorry for talking to myself. I just found Jeff Johnson's request to not link to the LWN article above. I'm unsure what should be done here -- if you read about the fork and want to find out what it's about, you'll inevitably find the LWN article and also the controversial bug report in the end. I'm not sure there's any benefit to making everybody do the research on his own. Maybe somebody could rewrite the section to be less blunt (Johnson left Redhat instead of terminated) and balance the controversy with the fact that the parties involved seem to be on good terms (witness the rpm.org FAQ)? I don't feel up to the task. 78.52.194.212 (talk) 09:42, 10 January 2008 (UTC)
Another good reference for a rewrite: http://trainofthoughts.org/blog/2008/01/06/rpm5-vs-rpm/. 78.52.194.212 (talk) 09:50, 10 January 2008 (UTC)
The section was less blunt up until 4 days ago when someone, apparently with an IP address registered to Red Hat, edited the page to read that Jeff had been "fired", and deleting other content from the section with no explanation in the edit summary or here on Talk. I reverted this edit a few hours later, noting the potential conflict of interest.
Today, someone with an IP address in Raleigh, NC (home town of Red Hat) re-did the previous edits, again deleting links to rpm5.org and oldrpm.org, but this time claiming that Jeff had been "terminated", which sounds pretty harsh even for Red Hat. Could all this courageously anonymous mudslinging possibly have anything to do with Jeff and the rpm5 team releasing the new RPM 5.0.0 stable on 5 Jan, the day before the allegations starting being posted here?
Thanks for re-writing that last part. Red Hat people, give the personal attacks a rest, please. Technobadger (talk) 10:55, 10 January 2008 (UTC)
I've arrived on this article like probably many people looking for information about RPM. But after reading and rereading the controversy section, and this relevant discussion, I still find the section very hard to understand. Which is the "official" RPM page, and which is the fork? Thanks! --Vlad|-> 17:21, 29 January 2008 (UTC)
They're essentially competing versions at the moment, so which one is "official" depends on who you ask. :-) You're right though: the controversy section is badly worded, following the recent skirmish. I'll give it a re-write. Technobadger (talk) 18:10, 29 January 2008 (UTC)