Event details

Surviving the RPM package and repository jungle

von Jos Vos (X/OS Experts in Open Systems BV)

Wednesday, 23.05.2012, London, 14:30-15:00 Uhr

Linux distributions based on RPM packages offer their own package repositories. Besides these "official" repositories, a very fastly increasing number of third-party RPM packages and repositories exists. These packages may offer you free software that was not included in a distribution, proprietary and/or not-freely distributable software, or combinations of these. It is a trend to make individual packages available in an own repository, for easy installation and upgrade.

Using third-party package may impose several risks to your system. First of all, especially the proprietary software packages often seem to be built by people not aware of common packaging practices or the Filesystem Hierarchy Standard. Furthermore, some packages serve multiple distributions, resulting in a bad packages doing things "the wrong way", in many cases with huge post-install scripts. Packages sometimes even conflict with the base distribution.

This talk will give some real-life examples of what is wrong with certain third-party packages. Then a few methodes to solve, avoid, or at least minimize the problems are shown. The main purpose of the talk is to create awareness of the risks, so that someone can decide how to deal with it in their particular environment.

Although this talk will focus on RPM packages and repositories, most of the theory will also apply to the dpkg/apt world.

Über den Autor Jos Vos:

Jos Vos is owner/co-founder of X/OS Experts in Open Systems BV.
He has more than 25 years of experience in research, development and
consulting in the field of systems software, Internet and security.
UNIX has been central in his academic and professional life, he feels
privileged for never having used a Windows machine so far.

His operating system of choice since 1994 is Linux. In the Linux
community he is best known for writing ipfwadm and part of the
firewall code in the 2.0 kernel. He also was the core developer
of X/OS Linux, a freely available enterprise-class distribution
based on the Red Hat Enterprise Linux sources.

His company X/OS acts as a knowledge partner, working together with
clients on projects that require in-depth knowledge of UNIX and Open
Source. Consulting work deals primarily with IT architectures,
advanced system administration topics and integration issues. It is
often combined with custom software development to implement a
tailor-made solution for the client, from glue code to complete

In addition to sharing knowledge, X/OS offers open, standards-based
solutions built on top of Linux and Open Source software. Products
include customizable firewall/VPN appliances, point-of-sale terminals,
high-availability clusters and Linux support services.