> Yeah, so alienated over here with the 90% of desktop users not using one of those. Don't see why you're taking this so personally that you feel the need to resort to some kind of personal attack.

I'm sorry, I didn't intend it as an attack, just a remark that you seem to be asking for something that very few in the open source world are providing.

Yes, 90% of desktop users use Windows. But Linux is not Windows, and neither is Haiku, and so I'm not sure why you're upset that we've decided to go a route more Linuxy than Windowsy here.

And I also note that Windows has an app store now, and more and more apps are showing up on it. So there's that.

> I prefer the simplicity, flexibility, and non-conflicting nature of appdirs.

And as an OS developer and package maintainer, I prefer the tradeoff the other way. You are of course more than free to create AppImage-style HPKGs on your own. :)

> I think that package management has no place in a desktop OS, so when Haiku added one I lost interest.

Well, it seems most of the open source world disagrees with you very much, then.

> I'm sorry, I didn't intend it as an attack, just a remark that you seem to be asking for something that very few in the open source world are providing.

Yes, this is a continual source of frustration for me. Every time someone starts a new desktop OS project they just keep making the same mistakes (at least I think they are mistakes) and we end up with what is essentially another Linux distro.

> Yes, 90% of desktop users use Windows. But Linux is not Windows, and neither is Haiku, and so I'm not sure why you're upset that we've decided to go a route more Linuxy than Windowsy here.

Because there are approximately 200 Linux distributions that already went that route and they're not particularly useful dekstop OSs either. Haiku already had an uphill battle in lack of software and hardware support, but the more it makes itself like a Linux distro the less reason I see to choose it over a Linux distro.

> And as an OS developer and package maintainer, I prefer the tradeoff the other way.

Yes, exactly. You like package management because it makes your life easier, not because it makes the system simpler, and not because it provides more flexibility for the user.

> You are of course more than free to create AppImage-style HPKGs on your own. :)

I could do that in Linux or Windows, why bother doing it for an OS with even less hardware and software support? If an OS wants me to use it over something else then I need compelling reasons.

> Well, it seems most of the open source world disagrees with you very much, then.

Perhaps that's part of the reason they have so few desktop users. I can only speak for myself here.

> (at least I think they are mistakes) > Because there are approximately 200 Linux distributions that already went that route and they're not particularly useful dekstop OSs either

I think the mistakes of Linux are having a system that "stacks up" components without any overall design philosophy or any sort of vertical integration. In my days before Haiku, I used Linux a lot, and was continually frustrated with how every upgrade audio would break, or the video codecs wouldn't play audio, or ... well, a lot of other issues that were fixable, but every time I had to edit a config file or rebuild something myself was very annoying. That's why Linux isn't a useful desktop OS for me, not because of the package manager, which actually makes it somewhat tolerable.

Haiku doesn't have those issues: if something doesn't work, it's our fault, not the kernel team's fault, or the X11 team's fault, or the alsa team's fault, etc. And that also means we can design the interconnections between these systems to be slimmer and more efficient than Linux did, since they need to support "component swapping."

> Yes, exactly. You like package management because it makes your life easier, not because it makes the system simpler, and not because it provides more flexibility for the user.

Yes, it makes my life easier as a developer. But it also makes my life easier as a user: Why am I going to go search a website I barely trust for a zip file that I extract and then add symlinks to? I much prefer the one-click-install model, thanks, and I know a lot of users that do too.

I don't know what flexibility I've lost that. As I've said above, I can still install packages in `~`, and extract them if I really did want to put it somewhere besides that. So what can I not do now that I could before?

> If an OS wants me to use it over something else then I need compelling reasons. > Perhaps that's part of the reason they have so few desktop users. I can only speak for myself here.

For me at least, as well as most Haiku users I know, the reasons are the ones I outlined above, not the package manager.

> I think the mistakes of Linux are having a system that "stacks up" components without any overall design philosophy or any sort of vertical integration. [...] That's why Linux isn't a useful desktop OS for me, not because of the package manager, which actually makes it somewhat tolerable.

I agree, but I think the reason Linux is this way, where everything depends on multiple other things even while they frequently break and have no integration, is at least in part because of the reliance on package management. If Linux had a stable base set of shared libraries developers could depend on and applications were distributed as appdirs, then developers are disincentivised towards non-base-system dependencies because they'd have to include them. You could then use what few advantages shared libraries offer (security updates, slightly less wasted space) for the most important things in the system while still allowing the simplicity and flexibility offered by applications just being a folder.

> Yes, it makes my life easier as a developer. But it also makes my life easier as a user.

Sure, as long as you only ever want to work within the confines of what is provided by the package manager. There's a difference between "easy" and "simple". I prefer "simple" because it can be understood and reasoned about and conformed to my use case. "Easy" requires the system to try and understand what I want, and we know how well that works for youtube, netflix, and amazon recommendations.

> I don't know what flexibility I've lost that. As I've said above, I can still install packages in `~`, and extract them if I really did want to put it somewhere besides that.

Can you put an application on a USB drive, take it to another Haiku system, and run it from the USB drive without installation? Can I have 3 different versions of the same application, each on a different volume? Can I created a folder hierarchy and place applications in it according to my own organizational criteria? If so, maybe Haiku's packaging system isn't so awful. I expect that isn't the case except for a handful of applications though based on what you've said previously.

> is at least in part because of the reliance on package management. If Linux had a stable base set of shared libraries developers could depend on

Except in saying that, you're completely ignoring the fact that X11 by itself requires how many different projects, all of which have different teams, goals, etc.? Just attempting to even get that would wind up in bikesheds at so many levels that it'd be impossible to do. But this has been Linux's problem since the 90s, it's not new at all.

And Linux has always been "just a kernel." Even FreeBSD still has disagreements about what to put in the base system, and they did get along without a true package manager for a while, but not anymore.

> Sure, as long as you only ever want to work within the confines of what is provided by the package manager.

A few weeks ago I needed something the package manager didn't have. So I ported and made another package for it. I also ran into a BeOS app that still used the "appdir" model because nobody updated it, and it still worked.

The package manager isn't "old magic" which must be "appeased" and "worked around." If it doesn't work, or it's missing something, we fix it.

> "Easy" requires the system to try and understand what I want, and we know how well that works for youtube, netflix, and amazon recommendations.

I've reiterated multiple times that you can forego the package manager and use the still-existing "easy" route if you'd like. Why does the package manager's mere existence cause a problem?

> Can you put an application on a USB drive, take it to another Haiku system, and run it from the USB drive without installation? ...

Yes. The executable bit still exists outside of packages, you know ;)

You will need to manually extract said packages, and then set up the `lib` folder properly (just as app developers did for appdirs); and then this relies on the application using relative paths for loading data (which all should, because they can be installed in `~` as well, but I'm not sure we check for conformance on this point just yet.)

You of course loose all the benefits of the package manager -- updates, etc. -- by doing this. But I guess that's what you want.

I don't think we're disagreeing on the problem with Linux Desktop here. The whole system is a patchwork of projects by different groups with disparate goals.

> I've reiterated multiple times that you can forego the package manager and use the still-existing "easy" route if you'd like. Why does the package manager's mere existence cause a problem?

Because when it is the official "way things are done", that will be relied upon and anyone not doing things "the way things are done" will be ignored and told to do things "the way things are done". See: any question on a Linux Desktop forum where the user wanted to do something out of the ordinary.

Example: Try installing Visual Studio Build Tools to somewhere other than Program Files. It can't be done. It will install a few things to wherever you pointed it, but because "Program Files is where the programs go" someone at Microsoft hardcoded paths so it just dumps the majority of it in Program Files anyway.

Another example: Try to get apt to download a package you already have installed, and all its dependencies, onto a USB drive so you can install them on a computer that doesn't have the internet. The developers never considered the possibility that someone would want to download software for a different computer.

> Yes. The executable bit still exists outside of packages, you know ;)

It isn't about the executable bit, it's about expectations. Someone hardcodes a path to something because that's where the package manager puts it and I'm SOL.

> You will need to manually extract said packages, and then set up the `lib` folder properly (just as app developers did for appdirs);

The difference of course being that the developers do it for an appdir, whereas now that is something I have to do as the user.

> and then this relies on the application using relative paths for loading data (which all should, because they can be installed in `~` as well, but I'm not sure we check for conformance on this point just yet.)

Precisely. It isn't the way things are done, so no one cares.

It sounds like the hoops I'd have to jump through to make appdirs on Haiku might be less than what I'd have to do on Linux, which is nice, but isn't going to make Haiku any more attractive to me. After all, if I'm going to jump through those hoops I may as well do it on an OS with better hardware and software support.

> I don't think we're disagreeing on the problem with Linux Desktop here. The whole system is a patchwork of projects by different groups with disparate goals.

Indeed we agree on that.

> See: any question on a Linux Desktop forum where the user wanted to do something out of the ordinary.

That is a community problem, not a technical problem then. We should fix those, too.

> onto a USB drive so you can install them on a computer that doesn't have the internet. The developers never considered the possibility that someone would want to download software for a different computer.

Haiku's `pkgman` doesn't have this feature built-in yet, but it would be easy enough to add. Already you can just copy `hpkg` files out of /system/packages to anywhere you want, and then run `pkgman install <files>` to install those HPKGs elsewhere (assuming you grabbed all the right ones.)

Actually, since you can already dump package info (including dependencies) using `pkgman`, writing a script to do this would be pretty easy.

It looks like there's a way to do this in apt, anyway: https://stackoverflow.com/a/27469489

> After all, if I'm going to jump through those hoops I may as well do it on an OS with better hardware and software support.

If that's all you want, then sure, go ahead. Again, this wasn't some integral part of Haiku's identity in our minds.

I'm aware of the script for apt, actually, precisely because I needed to do this once. That's a hack though, apt clearly wasn't built with the idea that anyone might ever want to do something with packages other than install them on their local system.

It's fine that Haiku's goals and mine don't align, really it is. I'm just not going to go out of my way to use it because I don't feel it offers advantages that outweigh the disadvantages.

There's also this artificial distinction between the uninstalled and the installed form of the same software. Once you have installed it, it is married into a system that makes it very hard to get it out of the running system again and transfer it to another system (unless you kept the debs or hope that they are still online in some repo).

A better system is one in which the archive/installer and the installed instance of a software is one and the same. Such as a Mac .app bundle or an AppImage for Linux.

"It wasn't built with the idea", but yet you can do that, because of the UNIX philosophy of chaining commands together. So I think if you're calling it a "hack", then you fundamentally disagree with the UNIX philosophy.

I mean, I have my issues with it, but I wouldn't go so far as to say that kind of command chaining is a "hack".

> "It wasn't built with the idea", but yet you can do that, because of the UNIX philosophy of chaining commands together. So I think if you're calling it a "hack", then you fundamentally disagree with the UNIX philosophy.

I disagree with the fact that the unix philosophy hasn't been updated since the 70s and text parsing is still considered the height of chianing applications together. I call it a hack because that's exactly what it is.

> Another example: Try to get apt to download a package you already have installed, and all its dependencies, onto a USB drive so you can install them on a computer that doesn't have the internet. The developers never considered the possibility that someone would want to download software for a different computer.

This is not true of all package managers. DNF (for Fedora, Mageia, and soon OpenMandriva) and YUM (for RHEL and CentOS) have a download subcommand that lets you resolve the full chain of dependencies without considering what's on the computer to be able to have everything for installing it offline somewhere else.

AnIdiotOnTheNet, did you know the https://gitlab.com/probono/platformissues project? It is describing the Desktop Linux Platform Issues and what should be done to overcome them. I invite you (and everyone else interested in this topic) to contribute.

> Yes, 90% of desktop users use Windows.

Windows has both a consumer-focussed App store and a developer-focussed package manager [0].

[0] well, okay, the latter is for .NET rather than Windows per se.

Yes, among many other hateable things MS has done to Windows lately, they've started adopting the bad ideas from OSS.

But, Windows also has the best hardware and software support of any desktop operating system by a wide margin, so if I'm going to use an OS I don't like I may as well use the one that lets me run the software I want on the hardware I have.

And almost no one uses them. Or did you get your Photoshop in the Windows Store?

> I think that package management has no place in a desktop OS

Why? Is this from a developer or an end-user perspective? From an end-user perspective, why does it matter?

For any sufficiently complicated application, most developers are going to rely on existing libraries and other components. So either you have a centralised way of managing this (i.e. a package manager) or you have every app with its own packaged (and thus potentially duplicated) dependencies and hope that every developer pushes out a new version whenever there's a security vulnerability in one of the dependent components. Whatever the drawbacks of package managers, that seems like the only sustainable model if you remotely care about security.

From an end user perspective I want control over what I have installed, and where it is installed. I want to be able to install multiple versions of an application, I want to be able to put that application on any volume, I want to be able to put that application on a thumb drive and run it on a different PC, I want to be able to install the latest version without having to wait for the repo to be updated, I want to be able to install applications that aren't in the repo, and I want to be able to do it without library conflicts and version mismatches. I have never in my life seen a package manager that can do those things.

From a developer perspective I just make appdirs anyway, because to me part of what makes personal computing great is being able to make an application and distribute it myself without having to kowtow to 200 different package repositories.

>Whatever the drawbacks of package managers, that seems like the only sustainable model if you remotely care about security.

If your OS doesn't give you any application sandboxing features whatsoever because its stuck in the idea that permissions apply only to users, then maybe. Most of the shared libraries you'd care about security patches for should be part of the base system so appdirs don't have to include them. Of course, that means actually having a stable and well defined base system. On the whole, however, I think people who make this argument should probably be using OpenBSD if they claim to care about security so much. Like I said, it's a tradeoff, you don't have to agree.

> I want to be able to install applications that aren't in the repo, and I want to be able to do it without library conflicts and version mismatches. I have never in my life seen a package manager that can do those things.

Well, you're generally not limited to the repos. You can pull down a git repo and build from source (which is generally a one-liner command).

Arch's AUR is pretty good for packages not in the official repos, including, in some cases, earlier versions.

> From a developer perspective I just make appdirs anyway, because to me part of what makes personal computing great is being able to make an application and distribute it myself without having to kowtow to 200 different package repositories.

Right. And will you keep checking on your appdir-bundled components to make sure they're updated when necessary? This is what seems to me the real drawback of this method.

>>Whatever the drawbacks of package managers, that seems like the only sustainable model if you remotely care about security.

>If your OS doesn't give you any application sandboxing features whatsoever because its stuck in the idea that permissions apply only to users, then maybe. Most of the shared libraries you'd care about security patches for should be part of the base system so appdirs don't have to include them. Of course, that means actually having a stable and well defined base system.

Sandboxing is a separate issue.

Probably the BSD-model is better in some ways than the Linux model for having a well-defined base system.

> On the whole, however, I think people who make this argument should probably be using OpenBSD if they claim to care about security so much. Like I said, it's a tradeoff, you don't have to agree.

Perhaps, but there a lots of intermediate positions in the tradeoff. I myself settle for Linux-level usability and Linux-level security (because Windows-level security is unacceptable).

> Well, you're generally not limited to the repos. You can pull down a git repo and build from source (which is generally a one-liner command).

Yeah, it says a lot that this is the standard fallback. No thanks.

> Right. And will you keep checking on your appdir-bundled components to make sure they're updated when necessary? This is what seems to me the real drawback of this method.

I disagree that it is a big deal. For one, applications can check for updates on their own, they don't need the package manager/repository model to do that. AppImage has an alternative method where the AppImage provides a URI that the system can check for updates.

> because Windows-level security is unacceptable

Have you not used Windows since 98? There really isn't a single security feature Linux has that Windows doesn't. The biggest threat you face is ransomware, where Linux has the advantage only because it's such a pain to install software that doesn't come from the repository.

> Have you not used Windows since 98? There really isn't a single security feature Linux has that Windows doesn't. The biggest threat you face is ransomware, where Linux has the advantage only because it's such a pain to install software that doesn't come from the repository.

I have used Windows off and on from 3.11 to 10. Yes, I understand that what you say is true in theory. However, it is not true in practice. In Windows 10 I tried installing an app directly from the official Windows app store. Within 30 minutes that app had pulled down some sort of horrible malware that I couldn't get official Microsoft Tools to scrub, and even 3rd party ones had trouble. I think I ended up reinstalling, I can't remember. I do remember it sucked several hours of my life.

Crap like that wouldn't make it into a Linux repo; but apparently is fine for Microsoft's official app store. You can keep that security model.

And, as for the typical Windows program installing method, which is navigating to some website and downloading an installer, that is even more ripe for this sort of chicanery. No thanks. I'll stick to curated repos.

Those aren't security models, they're application distribution models, but besides that, the best you can do is an anecdote about "some software" you don't remember at all?

Yeah, installers suck, I think they don't quite suck as bad as repositories because at least you don't have to rely on a third party maintainer, but I can understand that if you don't draw outside the lines very often then they're probably fine.

What we should be doing is what Android does, but simpler (that is, without the store and the part where a user account is assigned). Applications should be directories, and they should be launched in their own namespace by default and sandboxed until you give them permission to do things.

They're application distribution models that have a great impact on security.

> the best you can do is an anecdote about "some software" you don't remember at all?

It was a wallpaper changer, and it was 3-5 years ago and I didn't keep a detailed journal of my Windows experiences. But it tells you something if you can be infected with malware from the official Microsoft apps store. That's not a platform I want to be doing banking or even email on.

I like Android for lots of things, but a model of safe and responsible software distribution it is NOT.

Anyway, if you like the separate namespaced app model, Linux offers that possibility too, you can use something like Cockpit [ https://cockpit-project.org/ ] to manage apps running in containers.

I'm aware that you can jump through a bunch of hoops to make something like that work on Linux, for ever single application individually, but I don't want to jump through a bunch of hoops so I'll just keep using Windows because it works and has much better hardware and software support. Linux desktops have had decades to convince the world that their way of doing things is better and part of the reason they haven't managed it, I think, is because they never listen to criticism and insist that their backwards and ancient unix ways of doing things are better like it's some kind of religion.

> I like Android for lots of things, but a model of safe and responsible software distribution it is NOT.

Bull. Every application you download from the appstore is sandboxed by default and there is effort put in to verifying that software isn't malicious. It doesn't always work for two reasons: Unlike Linux desktops, Android isn't actively hostile to proprietary non-opensource software, and people actually use it.

Linux repositories can, and have, had malware. Check google, it happened to Gentoo in 2010 (interestingly someone also recently put some into Gentoo's GitHub mirror) for instance. That's because it isn't essentially different from any other appstore, except that a whole lot more people use a much broader range of software from Android and iOS appstores, which also have a whole lot more desktop software.