As a regular Linux user who doesn't publish apps but has been reading this argument for years I've never understood the value distros provide.
They're clearly doing a huge amount of work editing everything, but it also doesn't seem like they have the resources to properly test their edits. And while their edits are necessary to make everything work with their system, from a high level perspective they don't seem to be making the software better at what I want it to do. Given that, their model looks like dangerous busywork that at best delays updates and at worst introduces new bugs.
Distros use the word "maintain" to describe what they're doing, but they don't seem to be doing that. To maintain a piece of software I'd expect the maintainer to need a deep understanding of the source code and to continually monitor changes. The complaints maintainers post that software changed seem to prove they aren't doing that.
When I first saw a maintainer complain a library only posted about a breaking build change in their release notes and mailing list I was shocked. I had been assuming they were reading diffs, when they weren't even reading the changelog.
Generally, distros supply security updates. For example, Debian picks a version for a release and makes sure it has security updates for the entire release. Sometimes this requires backporting patches because the version is no longer supported upstream. This means an app can be shipped that will work for the life of the release without changes, while staying secure.
In theory, yes. In practice I'm very skeptical that maintainers can correctly backport patches without having a solid understanding of the source code. And I'm skeptical that maintainers can have a solid understanding of the source code without reading a substantial portion of it, and I know they haven't got the time to do that.
I’m sure what you’re saying happens. There’s 1000s of packages with maintainers of varying skill.
That said the track record speaks for itself. I can only remember one time a maintainer introduced a vuln in Debian. The system works even though you’ll find cracks if you look.
Yeah, quality varies. But the vast majority of this is volunteer work. If I were developer of some app and I wanted it to work on Fedora, I'd probably be the maintainer of its package. But if I didn't want to do that, I'd at least be in contact with the person who was. "Hey heads up, we broke compat. Let me know if we need to huddle or something." Also seems a lot easier than inventing Flatpak and getting distros and users to use/like it.
So much of this stuff is like a default unwillingness to work with humans over the internet, but that's fundamentally how FOSS works. A couple years ago there was a kerfluffle between the scientific community and SciPy--the community wanted SciPy to maintain compatibility literally forever and also continue adding new features. SciPy was like, "that's impossible, and even if we wanted to it would take the resources of Microsoft to do". But they never talked about it! Instead there were open letters and forum threads.
The quickest route to fixing social problems like this--and they are social--is to deal with people. I'm pretty misanthropic, but even I have to admit this is true.
> Distros use the word "maintain" to describe what they're doing, but they don't seem to be doing that. To maintain a piece of software I'd expect the maintainer to need a deep understanding of the source code and to continually monitor changes. The complaints maintainers post that software changed seem to prove they aren't doing that.
I just want to point out that this is asking a lot. You're essentially asking Debian to find volunteers to become as knowledgeable about, say, Libreoffice, as the developers themselves. That's probably not gonna happen. I think a more reasonable definition of "maintainer" is "ensures the package continues to work on ${DISTRO}, reaches out to the developers if a new update breaks that". I'm not defending the case you brought up, that sounds pretty lazy to me, but in the vast majority of cases it works great.
They're clearly doing a huge amount of work editing everything, but it also doesn't seem like they have the resources to properly test their edits. And while their edits are necessary to make everything work with their system, from a high level perspective they don't seem to be making the software better at what I want it to do. Given that, their model looks like dangerous busywork that at best delays updates and at worst introduces new bugs.
Distros use the word "maintain" to describe what they're doing, but they don't seem to be doing that. To maintain a piece of software I'd expect the maintainer to need a deep understanding of the source code and to continually monitor changes. The complaints maintainers post that software changed seem to prove they aren't doing that.
When I first saw a maintainer complain a library only posted about a breaking build change in their release notes and mailing list I was shocked. I had been assuming they were reading diffs, when they weren't even reading the changelog.