[Bug 578045] Re: Upgrading packaged Ubuntu application unreasonably involves upgrading entire OS

[Mike O'Donnell]

Ok, my 2 cents worth, from an new, casual user's perspective. I agree
this is a bug.

History:

I bought my first computer 3 years ago, and struggled along with Vista
for six months, until I was infested with the "conficker worm"
http://en.wikipedia.org/wiki/Conficker after going on an online banking
institution, April 01.2009. I had all the newest anti-malware
applications. My installed version of Kaspersky;s went nuts reporting to
me the infection, but became unusable. All the Microsoft anti-malicious
software removal sites, for me couldn't contend with it. In desperation
I bare-boned installed Hardy ... Great I learn no real concerns about
malware in Linux and Ubuntu, if one is cautious. :^). I make a conscious
decision to remain with LTS, for being more secure and less chance of
things going "screwy" with new code.  I start to learn my way around
linux and Ubuntu slowly (new and casual user right) and inevitably break
it multiple times, winding up re-installing Hardy as last resorts, for
lack of knowing how to fix. Theses were complete new installs, a lot of
configuring. Now I keep a separate ~/ partition, that save a lot of
configuring in new installs, bringing it forward during manual installs.
(Starting to learn a bit of the "'nix way"). I learn I need a backup
solution in place the "hard way" and finally settle on Deja-dup; for
lack of better understanding ... a front-end configuration for duplicity
back-end. By this time I have learned to enable PPA's for my preferred
and often used apps and do so for "DD". I use DD as it's an Ubuntu
featured app in the Software Sources and is going to be included for the
next release. Also, the dev (Michael Terry) works for Canonical, I
believe. Seems a good choice for a newbie's backup solution. I ran into
a problem, with DD and contacted and received help for the concern, at
Launchpad. MTerry, in our conversation states:

"So, there is a theoretical concern that if duplicity changed something,
you'd want a newer Deja Dup that knew how to handle that change (which
you won't be getting from the deja-dup PPA because Lucid's version won't
be getting updated, as newer Deja Dups require more modern
dependencies). But for the current duplicity, I don't believe that is
the case. I believe 14.x can handle the latest duplicity. Also, there
are a couple bugs fixed in at least duplicity 0.6.14 that you will
really want. They potentially introduce data corruption if a backup is
interrupted. I have backported the fixes and would love if you could
test them:  So I would highly recommend you either install my backports
or use the duplicity PPA.

Backports". Well I never used backports because of this warning here:  https://help.ubuntu.com/community/UbuntuBackports 
"Backports candidates are tested by several Backports developers and community contributors before they are allowed to be placed in the repository. Backports packages are thus safer to use than the development distribution. At minimum the packages should be usable in a manner that the average Backports developer could test. However, given the nature of introducing newer versioned packages from a development distribution into a stable, released distribution, problems can arise. The most common side-effects would be a bug that escaped testing, or a new configuration file format (or other kind of incompatibility). If you have problems with a Backports package please report it in the Backports bugtracker and not the main Ubuntu one.

Due to the nature and purpose of Backports, it is not as "stable" as the
previously mentioned update repositories, for a variety of reasons.

    Backports are designed to provide new features. These new features may be unfamiliar to users and require a period of re-learning to become familiar with their favorite application again.
    Backports may introduce differing configuration file options or behavior that may catch an administrator off guard. For this reason it's not encouraged to upgrade backports as a part of an automated procedure on high-stability production environments.
    Backports are newer software by definition, and newer software tends to be tested by fewer people. The risk for an uncaught bug is increased. 

In assessing the "stability" of backports, it's important to define the
term stability first. In terms of "the behavior I see today is the same
as the behavior I'll see after applying a bunch of backports updates",
Backports is fairly unstable. New apps introduced via backports may have
significantly changed behavior or interfaces. In terms of "applying a
backport will completely break my system", Backports is fairly stable. A
great deal of work goes into testing backports and it's highly unlikely
for a backport to be a severe regression from the version it replaces.

The user should judge for himself if Backports are appropriate for his
purposes".

So, how does a No0b know, if enabling the Backport repos are
"appropriate for his purpose", or if he can fix it if is not. I don't!

Well great, I want security, stability and a good backup solution and I
am a (remember casual, new and I should add "older" user), and because
the version of Deja-dup included in Lucid is version 14.X and the dev
has version deja-dup-20.0.tar.bz2 out. I think I should try compiling
it; but am afraid I will wind up in "dependency-hell" and break things
again ...

So, if Canonical and Ubuntu want to court new users, I believe fixing
this bug, would make things a lot easier and potentially safer for me
and those other No0bs.

:^)

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to software-center in Ubuntu.
https://bugs.launchpad.net/bugs/578045

Title:
  Upgrading packaged Ubuntu application unreasonably involves upgrading
  entire OS

Status in NULL Project:
  Invalid
Status in Ubuntu Software Center:
  Invalid
Status in “software-center” package in Ubuntu:
  In Progress

Bug description:
  It is easier to upgrade to the newest stable versions of most
  applications -- even open source applications -- on a proprietary
  operating system than it is on Ubuntu.

  Two examples:

  1. Wait for a new version of LibreOffice to be released.

  What happens:
  * <http://www.libreoffice.org/download/> offers downloadable versions for Windows, Mac OS X, Ubuntu and other systems.
  * However, nothing in Ubuntu Software Center, Update Manager, or anywhere in the default system, allows you to install the newest version in a trusted way.

  2. Wait for a new Hedgewars version to be released. (Or notice that
  you are unable to play network games, because the server requires a
  client version newer than the one packaged in Ubuntu.)

  What happens:
  * <http://hedgewars.org/download.html> links to an Ubuntu package, but this requires setting up an untrusted "Playdeb" channel.
  * On Mac OS X, the new version is advertised by a badge on the App Store icon, and can be installed in a couple of clicks.
  * However, nothing in Ubuntu Software Center, Update Manager, or anywhere in the default system, allows you to install the newest version in a trusted way.

  Users learn that they shouldn't download from outside trusted
  repositories or websites as a rule, and it's very true that choosing
  to install applications from outside trusted places poses a risk to
  the system. PPAs often provide unstable, development releases which
  may not run well on the system they're installed on, or pose security
  risks to the system. GetDeb.net is a reasonably trustable source for
  now, but a new user may not know about it, and it still may not
  provide the same level of trust that an Ubuntu sanctioned source would
  to the user. But if nothing else, GetDeb could be configured as a
  source for new, stable yet unsupported versions of software and be
  advertised as such somewhere in the default Ubuntu install.

  What should happen:
  * On running Ubuntu Software Center or Update Manager, you should be told that you have the option to replace the current version with a newer version.

  WHY THIS SHOULD HAPPEN:

      A rolling release, or semi-rolling release system has been
  suggested in the past and almost always is shot down for various
  reasons. I don't believe the way I'm suggesting this would constitute
  a rolling release system, and I don't think it would require any large
  change to the way things are done now. Ultimately, it would be up to
  the devs to implement this idea in whatever way they wished if they so
  chose, but here's why I think the USC should provide the ability to
  upgrade software easily and safely:

      -Software development stops for no operating system, and Windows
  users are used to having the newest versions of software as soon as,
  or soon after they come out. Being able to upgrade easily to newer
  versions of software, is a rather reasonable expectation of a modern,
  mainstream operating system.

     -Resources wouldn't be stretched too thin; software would be
  upgraded to their newest stable version under the stipulation that
  regardless of their former status of support (main or universe), they
  may or will be completely unsupported after upgrade. It's better than
  or at least equal to the alternative; using potentially malicious or
  unstable untrusted software from unofficial sources.

     -Doesn't it seem wrong that it's easier to have the newest versions
  of FOSS software on proprietary operating systems than on a largely
  FOSS one? Ubuntu should showcase the best and newest of what FOSS has
  to offer, not so much or in a way that makes it look like a Debian-
  based Fedora, but in a way that if the user wants it, he can get it
  easily. Sure, you could reasonably argue that if the user cares so
  much about new software, he/she could go to a distro like Fedora or a
  rolling release distro, but that'd be kinda like Windows telling it's
  users that if they want the newest version of say, Windows Media
  Player (bear with me here xD) they have to upgrade their entire OS to
  an unstable development release. Ubuntu should be able to offer new
  versions of software easily, but it doesn't mean that all the core
  system libraries and daemons have to be upgraded. Simply an option for
  (at least) commonly used software.

  ------------

  Latest progress:
  * <https://blueprints.launchpad.net/ubuntu/+spec/foundations-o-backports-ui> (for software in the Ubuntu archive)
  * <https://myapps.developer.ubuntu.com/dev/> (for software not in the Ubuntu archive)

  This bug will be marked as Fixed when at least 50% of Ubuntu
  applications can be updated to a new version without upgrading the
  operating system.

To manage notifications about this bug go to:
https://bugs.launchpad.net/null/+bug/578045/+subscriptions