App stores and Linux repositories: Maybe the worst ideas ever

Linux software repositories have many benefits. But, like what happens in app stores, companies end support for them and your system stops getting updates.

App stores and Linux repositories: Maybe the worst ideas ever

Eight years ago, Nokia released a Linux-powered tablet dubbed the N810. It’s a very cool little device, with a rather pleasant-to-use slide-out keyboard, running a Debian-based distribution known as Maemo.

That little tablet went everywhere with me. At one point I—no joke— owned two of them. I could do some pretty remarkable things with that little beauty—from making Skype calls (back when I still used Skype) to running a full-blown version of Gimp. It was a complete, powerful desktop computer in my pocket.

Recently, I decide to dust off my trusty old N810 to use it again. It’s a Linux-based computer, so why not. Right?

I plugged the little guy in to charge it up, and I quickly came to a horrible realization: 

The repositories for software (including system updates) were simply—gone. Nokia deleted them some time back. That means I have a perfectly usable device here—on which it is close to impossible install most of the previously available software.

I hear what many of you are thinking: “But this device is 8 years old. Why would a company continue to support it and keep those repositories online?” And, you know what? That’s a perfectly valid point. Expecting every company, community or organization to spend time and money supporting these repositories indefinitely is just plain crazy.

The source of the problem

The core problem isn’t that an organization doesn’t have the resources to keep a repository online. The problem is in the package repository model itself.

Before everyone grabs the torches and pitchforks, hear me out.

I’ve long championed of the benefits of repositories. The ability to quickly find and install software packages is a wonderful thing. And being able to use this mechanism to apply updates to all of the packages on your system, on a regular basis, is absolutely freaking fantastic.

But the cost of this functionality is that each system relying upon these repositories is, by design, rapidly approaching end of life. Before too long (typically only a few years) the repository that your system relies upon will go offline. Maybe the company that maintained it will go out of business or simply not have the resources to continue supporting it. Whatever the reason, it will happen. And when it does, your system will no longer get updates. 

Worse than that. Your system will no longer have the ability to install new software intended for your platform. And if you need to re-setup your system from scratch? Well, you’re in bad shape there, too. No repo, no packages. No packages, no software.

One solution: clone repositories

Technically, since we’re talking about Linux and free/open source software here, there’s nothing stopping someone from cloning the entire repository for a system before it goes offline and then providing that repository as a service to people who still want it. But this is a big undertaking and is something that a casual user of a platform simply isn’t going to do.

In my case, I absolutely would have done this for my N810. I would have cloned the entire repository, including system updates, and hosted it on my server for personal use (and provided it to anyone else who needed it). Would I have ever bothered to update it? Probably not. But I would have had it there for as long as I ran that device. But, alas, I didn’t know the company was killing the entire repository (perhaps I should have expected it, but I didn’t). So, I’m plum out of luck. Plus, I’m weird. Most people would absolutely not clone a repository and self-host it. That's just a crazy thing to do.

How repositories are like proprietary app stores

Interestingly, this problem isn’t all that different from the problems that people face with proprietary app stores. If you buy a piece of software from Apple’s App Store, Google Play, etc., you are buying something with the knowledge that you will lose the ability to update or install it in the future should that store go away or simply change enough to not fully support your version of the platform. This happens. We all know it. Plenty of us have been burned by this repeatedly.

On the open source side of things, we have a bit more flexibility. Those proprietary app stores give you no real options should they stop supporting you. At least with a Linux package repository, you have the option to clone the darn thing—no matter how much work it might be.

So, what do we do about it? I honestly don’t know.

On the one hand, the traditional package repository model is fantastic. It makes installing and updating software easy and powerful. When it’s working, it is a joy to have available. 

On the other hand, this model of software/package distribution is the cause for a large number of platforms and devices that are, for most purposes, essentially bricked only a few years after being released. And that really stinks.

What to do?

Perhaps we need a global system, funded by someone like the Linux Foundation, that keeps archive snapshots of the final version of every repository for every released system—simply for legacy purposes. (There are some projects here and there that do this for a handful of Linux distros already. But even they go away eventually.)

Or perhaps each system should have a feature where, when you install a package from a repository, you can have it (optionally) copy that package (and all dependencies) to a specific place on your local system (or remote server), preserving the repository structure. That way you slowly build a little mini-repository of all the software you’ve used. When the main repository goes away (and it will—they all do), you’ll at least be able to re-install the software you’ve been using.

Heck. Maybe we need to move away from repositories entirely and settle on something like AppImage—where you can download and run a single file that contains the software and all of its dependencies—thus making it easier to back up specific versions of the software you rely upon.

In a way, that last option seems the most logical if we’re at all concerned about long-term longevity of our systems. On the other hand, it does feel like a small step backwards in time, leaving behind so much of the convenience that repositories offer.

But maybe it’s worth it.

Update: After I wrote this article, I decided to do some additional searching (because I'm stubborn). After a few hours, I managed to find a page, hosted by someone I want to give a major high-five to, that lists all of the known repositories for my little N810. And, as luck would have it, someone from the community did exactly what I talked about earlier in this article, resulting in continued availability of a repository for the platform.

How long will it exist? Who knows. Going on odds, probably not forever. So, you better believe I'm cloning the whole damn thing right now just to have a local copy. For the moment, my immediate needs are met. But I don't anticipate many moons going by before a similar problem pops up.


Copyright © 2016 IDG Communications, Inc.

The 10 most powerful companies in enterprise networking 2022