What are the pros and cons of the repository system concept used in Ubuntu (et al)?

There are good things and bad things about installing software from one central repository.

Good:

  • It's all in one place, so you know where to look.
  • It enables really easy catalogue-type applications (e.g. aptitude, synaptic)
  • Good distros maintain their repos fairly strictly, so there's a fair bit of quality control, meaning you can trust the software from the repo more than from untrusted sources
  • It enables you to do some very fancy auto-resolving of software dependencies (well, allows you to do it more easily at least)
  • Single source of updates - you don't have to check each individual app (or app's website) for updates, they all come via one place
  • It allows mirroring of all the known-good software for an OS to different servers around the world (e.g. the place I work maintains a Ubuntu repo mirror)

Bad:

  • It's not as easy to install from other sources outside the repo
  • It's very geared towards open-source software, rather than proprietary
  • It feels restrictive; if you're not in the repo, you're not on the radar (even though, yes, you can still install software from outside the repo, it's so much harder that not a lot of people bother)

Overall, the Pros outweigh the Cons for most linux distros (in fact, probably most unixes), which is why it's used a lot in the unix world. Used in a lot of different ways too; ubuntu's deb/apt repositories, fedora/redhat/others rpm/yum repos, *bsd's ports tree, gentoo's portage, pkgsrc, the list goes on. Some of them do a better job than others :)


First of all there isn't really one "linux repository system". Each linux distribution decides for itself which package management system to use (or whether to use one at all) and, usually, has its own repositories.

Ubuntu uses the dpkg/apt package management system from debian with Ubuntu's own repositories. How this works is basically: For each application that you can install through apt, there's a dpkg-package which is basically a zipped archive containing the application's files (with the executables compiled for Ubuntu) and some metadata, which (among other things) contain a description of the package and the package's dependencies so the package manager knows which other packages need to be installed before this one can be installed (e.g. a game might need opengl and SDL to be installed, a gnome-application would obviously need gnome to be installed etc.).

Now a repository is a place where packages for a specific Ubuntu version are uploaded by Ubuntu's package maintainers. Apt then browses the available repositories, to find the package you want to install and its dependencies, download them and install them.

This is better than downloading everything yourself because a) you don't have to download everything yourself b) you don't have to hunt all through the web to find all the dependencies and c) you don't get situations like in Windows where each game installs its own version of DirectX.


Perhaps a better question would be: what's the difference between x and y package managers?

A Mac OS package manager:Darwinports

Windows package manager: Windows_update

More and more the move is towards repo's and away from downloading from webpages, and you're asking "why?". Really, the best way to look at this stuff is to read what's already written:

"Impact

Ian Murdock has commented that package management is "the single biggest advancement Linux has brought to the industry", that it blurs the boundaries between operating system and applications, and that it makes it "easier to push new innovations [...] into the marketplace and [...] evolve the OS".[1]"

-wikipedia, package management

Reliability is, I would argue, is the primary benefit from package management, with the added plus of increased security. It also happens to be quite easy to surf on over to http://packages.ubuntu.com and see, literally, every single supported piece of software. You can expect that, so long as you play within the box of the package manager, things will auto-magically work and be secure. With the standard caveat emptor proviso, of course. If it really worked perfectly there'd be no need for mailing lists.

Compare that to "fixing" the registry, or maintenance like that when there's no package manager. On the mac, it's quite notable that there's no "official" package manager for third party software, however, my reading of wikipedia is that Mac OS utilities are in a package manager of some sort, although I don't know the name of it.