Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
practical difference between "main" and "contrib"/"non-free" package sections
81 views
Skip to first unread message
Alexander
Jun 4, 2015, 3:20:04 AM6/4/15
to
Hello. It is said on the Debian website, that contrib and non-free
packages get security updates whenever it is possible, some of these
packages are maintained by official Debian teams (for example,
firmware-linux-nonfree is maintained by Debian Kernel Team). Seems like
the only practical difference in Debian's attitude to contrib/non-free
is that packages from contrib/non-free cannot be included in official
Debian installation images and there is no difference in how Debian
supports main, contrib, non-free. Am I right?
Thank you.
--
To UNSUBSCRIBE, email to debian-us...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listm...@lists.debian.org
Archive: https://lists.debian.org/556FFB18...@gmail.com
packages get security updates whenever it is possible, some of these
packages are maintained by official Debian teams (for example,
firmware-linux-nonfree is maintained by Debian Kernel Team). Seems like
the only practical difference in Debian's attitude to contrib/non-free
is that packages from contrib/non-free cannot be included in official
Debian installation images and there is no difference in how Debian
supports main, contrib, non-free. Am I right?
Thank you.
--
To UNSUBSCRIBE, email to debian-us...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listm...@lists.debian.org
Archive: https://lists.debian.org/556FFB18...@gmail.com
Reco
Jun 4, 2015, 12:00:05 PM6/4/15
to
Hi.
On Thu, 04 Jun 2015 10:15:36 +0300
Alexander <misterep...@gmail.com> wrote:
> Hello. It is said on the Debian website, that contrib and non-free
> packages get security updates whenever it is possible, some of these
> packages are maintained by official Debian teams (for example,
> firmware-linux-nonfree is maintained by Debian Kernel Team). Seems like
> the only practical difference in Debian's attitude to contrib/non-free
> is that packages from contrib/non-free cannot be included in official
> Debian installation images and there is no difference in how Debian
> supports main, contrib, non-free. Am I right?
> Thank you.
No, you're mistaken. Every package should be maintained by someone (or
by some team) or it's excluded from the Debian archive.
The main difference between 'main' and 'non-free' is that 'main'
software's source can be modified by maintainer (and of course, any
end-user if said user wishes to do so). 'non-free' software may lack
the source entirely.
'contrib' serves as a shim between 'main' and 'non-free' in a sense
that by itself 'contrib' software is free (as in 'liberty'), but it's
useless without 'non-free'.
In terms of support it means that every time some bad vulnerability is
discovered - 'main' software can be patched at once. For 'non-free'
software everyone is left at the mercy of software vendor. For
'contrib' it depends on the scale of possible breakage.
Of course, there are politics involved. For example, the very
'firmware-linux-nonfree' package you mention was not considered
'non-free' by certain Debian Developers back in the day said package
was invented.
Or, for example, 'hplip' package provides certain programs
with the only function of downloading and installing non-free blobs,
yet the package itself resides in 'main'.
Reco
--
To UNSUBSCRIBE, email to debian-us...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listm...@lists.debian.org
Archive: https://lists.debian.org/20150604185608.e4e3...@gmail.com
On Thu, 04 Jun 2015 10:15:36 +0300
Alexander <misterep...@gmail.com> wrote:
> Hello. It is said on the Debian website, that contrib and non-free
> packages get security updates whenever it is possible, some of these
> packages are maintained by official Debian teams (for example,
> firmware-linux-nonfree is maintained by Debian Kernel Team). Seems like
> the only practical difference in Debian's attitude to contrib/non-free
> is that packages from contrib/non-free cannot be included in official
> Debian installation images and there is no difference in how Debian
> supports main, contrib, non-free. Am I right?
> Thank you.
by some team) or it's excluded from the Debian archive.
The main difference between 'main' and 'non-free' is that 'main'
software's source can be modified by maintainer (and of course, any
end-user if said user wishes to do so). 'non-free' software may lack
the source entirely.
'contrib' serves as a shim between 'main' and 'non-free' in a sense
that by itself 'contrib' software is free (as in 'liberty'), but it's
useless without 'non-free'.
In terms of support it means that every time some bad vulnerability is
discovered - 'main' software can be patched at once. For 'non-free'
software everyone is left at the mercy of software vendor. For
'contrib' it depends on the scale of possible breakage.
Of course, there are politics involved. For example, the very
'firmware-linux-nonfree' package you mention was not considered
'non-free' by certain Debian Developers back in the day said package
was invented.
Or, for example, 'hplip' package provides certain programs
with the only function of downloading and installing non-free blobs,
yet the package itself resides in 'main'.
Reco
--
To UNSUBSCRIBE, email to debian-us...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listm...@lists.debian.org
Reco
Jun 4, 2015, 3:10:05 PM6/4/15
to
Hi.
Please refrain from personal e-mail. It's considered inapproprate here.
I'm sending this e-mail to the list and suggesting you to do the same
with your original e-mail.
On Thu, 4 Jun 2015 21:38:15 +0300
Mister EpicMannow <misterep...@gmail.com> wrote:
> Thank you for your explanation.
> I understand now, what problems can one meet, if he deals with non-free.
> So:
> 'non-free' packages get security fixes, bug fixes, other changes only when
> it is possible according to license
> 'non-free' packages may have no sources available
> in terms of support (except two statements above) 'non-free' packages are
> just like 'main' packages.
> 'contrib' packages are in terms of support just like 'main' packages
> ''contrib' and 'non-free' packages will remain in the repositories for as
> long as there are people ready to maintain them, and they get upstream
> upgrades (just like packages in 'main').
> Correct?
Correct, with one exception. If 'non-free' package does not have the
source - it's impossible to fix it. Either the vendor should provide
the fix (and it can take months if not years for this to happen), or
you (as distribution) continue to ship vulnerable software (or firmware
as it all the same in this regard), or you drop the offending package
entirely.
Reco
--
To UNSUBSCRIBE, email to debian-us...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listm...@lists.debian.org
Archive: https://lists.debian.org/20150604220653.0f6c...@gmail.com
Please refrain from personal e-mail. It's considered inapproprate here.
I'm sending this e-mail to the list and suggesting you to do the same
with your original e-mail.
On Thu, 4 Jun 2015 21:38:15 +0300
Mister EpicMannow <misterep...@gmail.com> wrote:
> Thank you for your explanation.
> I understand now, what problems can one meet, if he deals with non-free.
> So:
> 'non-free' packages get security fixes, bug fixes, other changes only when
> it is possible according to license
> 'non-free' packages may have no sources available
> in terms of support (except two statements above) 'non-free' packages are
> just like 'main' packages.
> 'contrib' packages are in terms of support just like 'main' packages
> ''contrib' and 'non-free' packages will remain in the repositories for as
> long as there are people ready to maintain them, and they get upstream
> upgrades (just like packages in 'main').
> Correct?
Correct, with one exception. If 'non-free' package does not have the
source - it's impossible to fix it. Either the vendor should provide
the fix (and it can take months if not years for this to happen), or
you (as distribution) continue to ship vulnerable software (or firmware
as it all the same in this regard), or you drop the offending package
entirely.
Reco
--
To UNSUBSCRIBE, email to debian-us...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listm...@lists.debian.org
0 new messages