All package management systems suck. And by all, I mean everyone that I've ever tried. The registry / MSI of course sucks. Apt really sucks, any operation outside of the ordinary takes hours of poring through giant man pages and editing weird config files ("Pin-priority? WTF?"). pkg_src / portupgrade sucks too ("pkgdb -F? WTF?") but is a little less complex than apt, so among the package management tools I've used, it's the best of the bunch. That's not saying much though.
Now before you chime in and say oh, that's easy to do with package management system X, all you have to do is use feature Y, I don't care. Because there are frankly too many Y's. They're obscurely documented. Poorly thought out. Non-obvious. It's great that you've taken the time to learn package management system X, but to me it never seemed worth doing because they're all so needlessly complex in the first place.
So problem #1: a big percent of what a package system does is manage complexity for you. Managing complexity is a tough problem, but a boring problem to good developers. They have more interesting problems to solve. Really good developers do not write package systems. So the complexity isn't really managed very well in the end, it comes bursting out the seams in endless manpages and over-engineered config formats.
But problem #2: another large piece of a package system is managing a dependency graph, and letting you control how basic package operations interact with the graph. This is actually a somewhat interesting problem because it's graph theory. But every package system I know of gets it totally wrong. Rarely do dependency-aware operations get it right. And this is because top-notch developers do not write package management systems, so the hard problem receives a botched solution.
Somebody needs to pay a good developer to write a package management system we can all use, as an act of philanthropy to the software community, because there's no way we're getting one otherwise.
P.S. Oh yeah another gripe. Why do all these package systems use a giant lock on a package database, so you can do at most one install / deinstall at a time? Am I just a dirty freak for wanting to install several things at once, in parallel?
Posted by Alan at September 10, 2006 02:30 PM