Ubuntu Devs Discuss Backports Changes
I’m greedy when it comes to software: I like having code that works, but I also want the very latest stable versions of my applications. Ubuntu does a good job satisfying the former demand, but it lags behind other distributions when it comes to keeping its repositories up-to-date. Fortunately, this issue has caught the attention of Ubuntu developers as of late, who have been discussing changes to the backports system. Here are the details.
Before going further, I should acknowledge that Ubuntu’s policy on software packages–which is to keep versions the same for the lifetime of each release–is well reasoned and deliberate. It helps ensure consistency across different iterations of Ubuntu and protects unwitting users from bleeding-edge, unstable code.
On the other hand, the packaging policy means that Ubuntu’s application stack quickly grows outdated after each release. Unless users seek software outside the official channels, they don’t get any version updates for Firefox, OpenOffice, Gnome or other applications until the next Ubuntu release–and in the free-software world, Ubuntu’s six-month development cycles (or longer for users sticking with LTS releases) can be a long time to wait.
Backports and PPAs
The one vehicle for addressing this issue is backports, which provide version updates of select packages when developers think there’s a good reason to do so. In theory, this should provide a healthy balance between stability and the need for up-to-date software. As Iain Lane recently pointed out on the Ubuntu developers’ mailing list, however, “getting stuff backported is too hard,” and in practice, very few packages tend to be updated via the backports system.
Lane also noted that the lack of backports has led to a proliferation of unofficial Personal Package Archives, or PPAs, that provide more recent builds of applications. Based on personal experience, I’d say he’s right: a quick look at my apt sources.list shows that I’m currently using third-party PPAs in order to maintain more up-to-date versions of browsers, firewall tools and torrent clients than those available in the official repositories.
The popularity of PPAs should come as no surprise: Launchpad has 17,203 of them, of which nearly 6,000 are active. And since Ubuntu 9.10, adding PPAs has been a one-liner, thanks to the apt-add-repository tool.
Unofficial PPAs aren’t necessarily a bad thing–although they do theoretically pose security and stability risks to people who use them without caution–and none of the Ubuntu developers are condemning them. But Ubuntu contributors are recognizing that the ubiquity of third-party PPAs underlines the ineffectiveness of the current backports infrastructure, and they’re discussing ways to fix it.
One suggestion is to streamline the process required for uploading a backport, eliminating much of the bureaucracy that currently slows things down. Another idea is the creation of official backports PPAs, which would exist alongside the current -backports repository.
So far, no consensus has been reached. Nonetheless, it’s encouraging to see this issue acknowledged and discussed before it gets out of hand, and we look forward to seeing how the backports system might be revamped in response.