this post was submitted on 17 Apr 2026
0 points (50.0% liked)

Linux

17120 readers
387 users here now

Welcome to c/linux!

Welcome to our thriving Linux community! Whether you're a seasoned Linux enthusiast or just starting your journey, we're excited to have you here. Explore, learn, and collaborate with like-minded individuals who share a passion for open-source software and the endless possibilities it offers. Together, let's dive into the world of Linux and embrace the power of freedom, customization, and innovation. Enjoy your stay and feel free to join the vibrant discussions that await you!

Rules:

  1. Stay on topic: Posts and discussions should be related to Linux, open source software, and related technologies.

  2. Be respectful: Treat fellow community members with respect and courtesy.

  3. Quality over quantity: Share informative and thought-provoking content.

  4. No spam or self-promotion: Avoid excessive self-promotion or spamming.

  5. No NSFW adult content

  6. Follow general lemmy guidelines.

founded 2 years ago
MODERATORS
MigratingtoLemmy@lemmy.world
0
(Rant) Linux really needs to do a better job with package management... (lemmy.zip)
submitted 8 hours ago by ramble81@lemmy.zip to c/linux@lemmy.world
21 comments fedilink hide all child comments
 

A sample journey when trying to install software:

  • Try your distros repos, it’s either not there or an older version
  • Oh wait, you need to add their repo to your list and try again
  • Actually, they don’t have a repo, but you can install this deb/rpm from their site
  • Nevermind, it actually needs to be installed with pip to get the latest version
  • Or wait, it was actually a rust package and needs cargo
  • Well, this package is available as a snap
  • Screw it, I’ll just build it from source…. Except the dependencies I need take me through the entire journey again

It’s crazy with a large package like mesa. It uses meson, which requires it be installed via pip, and also needs rust which is best installed via a snap, but then there are dependencies it needs that require multiple paths…

On Windows: find the msi or exe and be done with it.

you are viewing a single comment's thread
view the rest of the comments
[–] moonpiedumplings@programming.dev 20 points 7 hours ago

If you're not on archlinux, you should probably switch. It has the latest packages of everything, and the Arch User Repos are essentially compiling whatever xyz program you want from source, in one command.

You should also be careful with doing stuff like installing deb/rpm's directly from sites, because that's how you can break your system. Also, I suspect you installed pip packages to the system itself, which can also can break your system.

Anyway, mesa, a "system" package is definitely more challenging as well, since it needs to be deeply integrated into the system. If you actually need a newer version of it, then the easiest is to just switch to a distro that has a newer version, or if you only need the userspace version, you can use it within a docker container like the one's offered by distrobox or junest.

If you were wanting a newer version of an "application", flatpak would probably be good enough to get it onto your system. "Applications" don't need to be as integrated with the rest of your system.

As a rebuttal to your post though, there is a very good reason why Linux does packaging the way it does. Installing a program on Windows is nowhere as simple as it may seem to you.

You probably have an adblocker, and use a non google search engine, and know your way around sites. But consider the average users actual process of installing a program on Windows. It looks something more like:

  • Search on google for program
  • Click first link. Oh wait, that's a sponsored link that leads to malware.
  • Click second link. Oh wait, that site is not an ad but also probably malware
  • Navigate through "You've got a virus on your PC"
  • Go back to google
  • Find the real link. Click through the ads on that site because of course it has ads.
  • Download the real software

Of course, to you the process probably takes 15 seconds. But to a real average, non advanced user, this experience is fraught with risks. If they select wrongly, then they get malware on their computer. Compare this to installing software on Linux from a distro's repos:

  • Open app store / package manager GUI
  • Find program. Click install. Enter password.
  • Don't think about things like program versions, and just be happy you now have Krita or whatever program you want.

No risk. No pain. Simple.

There is a very good reason for older packages in distro repos as well. There are two main reasons:

The first is stability. Stability vs unstability doesn't mean anything about system reliability, but is instead about lack of change. I like to say that a stable release distros doesn't just mean you older packages, it means you get the same system behavior over a period of time. Instead of a constantly changing set of bugs, you deal with the same set.

I like Arch. I like new packages. I can find workarounds for the current annoying bug this update cycle. But the average user probably doesn't want to have to deal with that. They probably don't want to have to deal with the bug of the week, and they would rather just have some predictable bug that stays there for a few years that they already know their way around.

I remember watching a twitch streamer hit this, actually. They were complaining about new packages, and I pointed out that the reason why older packages are there is to have the same predictable set of bugs, instead of a changing set. They dismissed me, claiming they needed new packages, which is understandable. But then they (an ArchLinux user) immediately encountered an issue with Dolphin (Linux file browser) where the top bar / UI wouldn't load at all and got really frustrated. I didn't say anything, but I did laugh to myself and feel vindicated when it happened. Of course, eventually that bug will be fixed. But new ones will come along.

The second reason, is supply chain security. Debian, and Red Hat Enterprise Linux, where not affected by the XZ utils backdoor, due to having a policy of only doing carefully cherry picked security updates. I won't go into detail here, but I have another comment about it.