0install Reaches 2.0 61
tal197 writes "Zero Install, the decentralized cross-platform software installation system, announced 0install 2.0 today after 2 years in development. 0install allows authors to publish directly from their own web-sites, while supporting familiar features such as shared libraries, automatic updates, dependency handling and digital signatures. With more than one thousand packages now available, is this finally a viable platform?"
Re: (Score:2)
Perhaps they mean, as a viable alternative to whatever package management system (or "app store") is unique to your given OS/distro? If that's the case, then my answer would be, no.
Re: (Score:2)
Not being familiar with it - why do you say "no"?
OK - it needs to have sufficient software, but aside form that, an much-platform software package manager sounds rather nice, compared to the usual "this is my playground and my playground ONLY" crap.
Re: (Score:3)
Great Ideas Fail All The Time (Score:2, Informative)
It's similar in concept to a decentralized app store or repository. It sounds like a great idea. It sounds like it free your system from the "clutches" of your distro's repository.
But, like many other great ideas, it fails in the cold daylight of reality.
In order for it to work, the software developer has to not only publish their software on the Zero Install system, they have to publish their software for ALL the distros on it. But, we all know well that most software developers regard this as far too cumb
Re: (Score:2)
In order for it to work, the software developer has to not only publish their software on the Zero Install system, they have to publish their software for ALL the distros on it. But, we all know well that most software developers regard this as far too cumbersome an undertaking and will instead publish only a single or couple of binaries.
Of course, that's not an issue for programs written in Python, Ruby, Java, etc.
For C, you can also publish a source version and let the users compile (with 0install handling the build dependencies). Also, if someone wants to set up a build farm for a particular platform, they can use these source packages to create binaries automatically (e.g. for PPC binaries).
Producing separate binaries for different distributions (e.g. Ubuntu and Fedora) isn't necessary; one binary should work everywhere. The exception w
Re: (Score:3)
You're confused and don't understand what Zero Install is. Maybe the feature list needs to be worded better, but it is infinitely better than "an RPM alternative" because it can run ALONG SIDE an existing package manager. Zero Install can be used on ANY DISTRO and can ADD TO that distro, so it will expand the number of packages that are accessible to users. If I release my software for Zero Install it means any user will be able to install it easily, get automatic updates, uninstall it easily, potentiall
Sounds great to me (Score:2)
Seems to help programmers a lot. They can publish on their own site a single set of files and specifications for all platforms to manage installation and package creation. Packaging teams can use it to make their life easier.
Re: (Score:2)
Re: (Score:2)
For publishing software directly from author's web-sites, while supporting familiar features such as shared libraries, automatic updates, dependency handling and digital signatures.
But you're just a typical naysayer, always naysaying.
Re: (Score:1)
The cross platform part is more a benefit for publishers. So if you're publishing a cross platform application, you can use this system to streamline the distribution process. Not a terrible idea though the majority of applications are not cross platform in the first place, so it's hard to see this system being used.
Re: (Score:2)
Cross platform is also a major benefit to system administrators.
Over 1000?! (Score:5, Funny)
Re: (Score:2)
Sheesh. English is just as precise if you use it correctly. In some particular cases you may need to use a few more words. Words are free; don't be afraid. Anyway, if you want to be absolutely anal about precision, you want German, not French.
For "gratuit", just say "free of cost" or "free of charge".
For "libre" just say "free to inspect and modify the source".
Re: (Score:2)
Aw, your French pride is hurt just because you don't get to say, "Free as in beer".
What a name (Score:1)
Something about calling your installer platform "Zero install" seems disingenuous. :)
Though the summary mentions something I've been thinking a lot about lately, and that's shared libraries. 99.5% of the time when I have trouble getting something to work in linux it comes down to a nasty spaghetti-like mess of libraries and their recursive dependencies. Sometimes some pieces of software have difficulty coexisting because they depend on different versions of supporting libraries.
I understand that a lot of pa
Re: (Score:2)
So apps from the App store don't use the shared libraries provided by the operating system? Which are updated by the operating system's update utility? News to me.
Re:What a name (Score:5, Interesting)
I understand the benefits of shared libraries, but storage space is dirt-cheap today and I think a lot of problems might be solved simply by letting lots of pieces of software bundle their favorite versions of dependent libraries.
Or, how about this: Instead of linking to shared libraries by their filenames, applications specify the shared libraries they'd like to link to via md5 hashes of the libraries' contents. The linker checks its shared-library database-index (which could just be a directory whose directory-entries are md5 hash codes) to see if it has a shared library with that md5 hash installed; if yes, it links the application process to it; if no, it auto-downloads the shared library with that hash from the web repository, installs it, and then links the application process to it.
The advantages would be:
No library collisions, ever (well, to the extent that md5 hashes are unique, anyway).
No version mismatches, ever (each app will always run using the libraries it was built against, and no others).
No mucking about with LD_LIBRARY_PATH (as all shared libraries are auto-stored for you
No manually installed missing libraries (they will instead be installed as necesary, on demand)
No space wasted by multiple copies of the same library present on your disk at once
Some possible disadvantages:
No way to "patch" behavior of multiple applications by upgrading only a shared library they link to (you'd have to upgrade each of the applications instead, so that they reference the new library version's md5 hash)
Possible security issues from auto-installing shared libraries with malicious code (although arguably you either trust a developer enough to install his program, or you don't; the mechanics of how different parts of the program are installed aren't necessarily relevant)
Re: (Score:2)
$ 0install select http://www.serscis.eu/0install/serscis-access-modeller
- URI: http://www.serscis.eu/0install/serscis-access-modeller
Version: 0.16-post
Path:
- URI: http://repo.roscidus.com/java/iris
Version: 0.6.0
Path:
Re: (Score:2)
Re: (Score:2)
This defeats one of the "selling points" of using a dll. When functionality improves, the library is updated and all consumers of that library benefit from it.
Yes, you're quite right, but that's a tradeoff that might be worth making. Upgrading a shared library that an application already is using is a risk, since after the upgrade you are running an application in a configuration that its developer never tested against. Better perhaps to have the developer upgrade his application to the new version of the shared library, let him test it thoroughly, and then when he has released his new app version, download it (at which point it would auto-download the new shar
Re: (Score:2)
Re: (Score:2)
... no security fixes to libraries, ever.
Just read the recent discussion about including golang in Debian. Pretty much just its promoter considered introducing a compiler with no support for proper dynamic libraries to be acceptable, and dynamic libraries accessed via hash are effectively static for all purposes other than disk/memory usage.
If there's a bug in libpng, what do you do? It has thousands of reverse dependencies, many directly and yet more transitively. A good deal of bugs there can be exploi
Re: (Score:2)
Re: (Score:1)
Seems you weren't using your distro's packages. If so, you could have installed the new version of MySQL client and server to another path, /opt perhaps. Or did i miss something?
Slashvertisement? (Score:3, Informative)
As the third of tal197's four slashdot submissions was entitled "Zero Install Project Makes 1.0 Release" [slashdot.org], can I assume this is just an advertisement?
Re: (Score:1)
Not to mention that the hyperlink making up his username in that story leads directly to the Zero Install website...
Plus, isn't Slashdot supposed to be a news *aggregator*? Nothing in this story leads to an article, just the project's homepage.
Re: (Score:2)
No; 0install isn't a commercial project.
Re:Slashvertisement? (Score:4, Insightful)
No; 0install isn't a commercial project.
You know you can advertise a non-commercial project, right?
Re: (Score:2)
It's still an advert, this time saying "Please download my project" rather than "Please buy my product". The payoff is the validation from his users that his efforts were actually worth something, rather than cold hard cash.
Re: (Score:2)
The best kind of ad, in my opinion. One of the reasons I follow slashdot is to learn about new developments in IT.
A succesful project needs to attract enough developers to keep it going, and that means promotion of one kind or another. The commercial world can buy advertising. Slashdot is providing a valuable service by helping non-profit projects reach out to potential contributors and consumers.
This project is interesting to me because it tackles a problem I'd been considering recently. I use Can
No. (Score:2)
Re:No. (Score:4, Insightful)
I don't think it is designed to be the one-repository-to-rule-them-all, debian style. In fact I think it is partly a reaction to the fact that that model doesn't work well in many cases.
Re: (Score:2)
Meanwhile, Zero Install keeps each app separated and sandboxed and you could argue that it is better than adding a repo.
Interesting technology, needs PR (Score:3, Insightful)
The technology is interesting. It's fully decentralized, works even on Windows, offers Mac-style drag and drop images, uses a full SAT solver for dependency resolution...
What it needs is better marketing.
Re: (Score:2)
1. More apps need to start using it so it gets in higher demand.
2. Ubuntu and others benefit from market fragmentation. By having all the software in their repos which aren't compatible with other distros, that pulls users to their platform just for software access. This is of course contrary to what the free software and ubuntu philosophies are all about.
So for thos
Worth a try? (Score:2)
Installs ok, haven't tried it out yet.
Wonder why it needs to remove "python3-aptdaemon.pkcompat" if it says it does its stuff without messing about with a system's libraries, tho.
Re: (Score:2)
I have an idea the .deb package recommends "packagekit". If that conflicts with "python3-aptdaemon.pkcompat", I guess your package manager might offer to remove it. You could try using --no-install-recommends.
If you try to install a program that needs a library that is only available through your distribution, then 0install will offer to install it using PackageKit, if PackageKit is available.
Re: (Score:2)
Thanks for the info. I am decidedly unsophisticated at this stuff.