<img height="1" width="1" style="display:none;" alt="" src="https://dc.ads.linkedin.com/collect/?pid=420236&amp;fmt=gif">

Over $1M now available to pay open source maintainers! Get the details.

Highlights from the FOSDEM package management dev room

Andrew Nesbitt
by Andrew Nesbitt
on February 15, 2018

A couple weeks ago a number of us from Tidelift travelled to Belgium for FOSDEM, an annual free software conference that has grown to become one of the biggest in Europe.

This year Ben and I organised a package management devroom to help bring together the people designing, building, and using package managers so they could share what they are working on and the challenges they’ve faced.

In this post I wanted to give a brief summary of the package management talks and highlight some other related talks that happened across the conference.

Pulp 3: Simpler, better, more awesome

Pulp is an open source platform for hosting and managing your open package manager registries and mirroring existing ones. In this talk, Dennis covered the new features and changes in the next major release of the project. 

Slides and more details: https://fosdem.org/2018/schedule/event/pulp3/

Packaging C/C++ libraries with Conan

Conan is a fairly new package manager, primarily aimed at taking the pain out of packaging C and C++ libraries. Théo walked us through how it works, how to create packages, and how to handle cross-compilation with Conan.

Slides and more details: https://fosdem.org/2018/schedule/event/conan/

The package bazaars and the cathedrals

In his first of two talks, Philippe tackled the difficult task of comparing and contrasting system and application level package managers and their approaches to dependency management.

He covered the different use cases and social contracts of each type and ended up making a call for more collaboration, simply because all users are ending up becoming system integrators with the rise of containers.

Slides and more details: https://fosdem.org/2018/schedule/event/bazaarsandcathedrals/

Open build service in Debian

Andrew Lee covered the benefits of using the open build system for managing the automatic publishing of binary packages across many architectures and flavours of Linux.

He also covered how to setup OBS as well as a number of optimization tips to help existing users get the most out of the system.

Slides and more details: https://fosdem.org/2018/schedule/event/debianopenbuild/

Introduction to Flatpak

Unlike many of the talks, which were focused on packaging of libraries, Flatpak focuses on packaging applications for the Linux Desktop. Simon introduced Flatpak's model for packaging, how and why it differs from traditional packaging systems, and how Linux operating systems can benefit from having both.

Slides and more details: https://fosdem.org/2018/schedule/event/flatpak/

Package quality assurance

Sergey shared what he’s learnt about making the quality of OSS measurable whilst working Ossert. Perhaps most interestingly, he highlighted the most effective ways to enable users to become contributors by helping them gain understanding of the problem space and increasing their efficiency.

The results of his studies have now been published as the Open-source Maturity Model and the Open-source Enthusiast Playbook.   

Slides and more details: https://fosdem.org/2018/schedule/event/packagequalityassurance/

How compilers affect dependency resolution in Spack

In this talk, Todd Gamblin walked us through some of the challenges involved in packaging and cross-compiling software for HPC (High-Performance Computing) and what he’s working in with the package manager Spack to enabling using different compilers for different packages within the same dependency tree.

An interesting takeaway here is that they are working to add compilers and their dependencies directly into the resolution algorithm by declaring them as real dependencies, which makes reasoning about the system much easier in complex situations.

Slides and more details: https://fosdem.org/2018/schedule/event/spack/

Package management over Tor

Alexander talked about why you might want to download your packages over Tor and how to do it with pkgsrc, including a working live demo.

Slides and more details: https://fosdem.org/2018/schedule/event/packagemanagementovertor/

The many ways of using Guix packages

The Guix package manager is an interesting, “functional” package manager based on top of Nix, both of which take quite a different approach to traditional Linux package managers.

Chris’s talk explored the different ways in which Guix packages can be used, and what these different ways offer in terms of distributing, reproducing, versioning, and isolating packages.

Slides and more details: https://fosdem.org/2018/schedule/event/usingguix/

Package management unites us all

This was one of my favourite talks of the day, Sam broke down some of the unspoken truths about language package management and the communities that form around them.

Key takeaways for me:

  • Good package management makes experimenting with new packages fast, safe and easily reproduced
  • Rules encoded into a package manager end up defining the boundaries and norms for a community
  • As a community of package manager developers, we need to produce a shared taxonomy for every element of packaging to help level up knowledge sharing around the domain 

Slides and more details: https://fosdem.org/2018/schedule/event/packagemangementunites/

Meet purl: a "mostly" universal software package URL that purrs

In his second talk of the day, Philippe Ombredanne shared his proposal for “purl”, a URL spec that can be used to specify a package from any package manager.

This is particularly relevant to work that I’ve done on Libraries.io to normalize the differences between package managers, enabling tools and systems to be built that are agnostic to the details of the package managers used.

Slides and more details: https://fosdem.org/2018/schedule/event/purl/

How to make package managers cry

I definitely recommend watching the video of this talk. Kenneth presents some of the mistakes that open source projects make when it comes to packaging in a hilarious format with real world examples that will make any package manager maintainer cry.

Slides and more details: https://fosdem.org/2018/schedule/event/how_to_make_package_managers_cry/

Package management panel discussion

We ended the day with a panel discussion about the future of package management with Mike McQuaid, Philippe Ombredanne, Sam Boyer, and Todd Gamblin, chaired by yours truly.

We talked about levels of control in registries, free riders, open source sustainability, the role that package managers play as key infrastructure and finished with a general consensus that package manager maintainers should be talking more and working together to avoid solving the same problems again and again in different communities.

Links and more details: https://fosdem.org/2018/schedule/event/paneldiscussion/

Other package management related talks at FOSDEM

There were a number of other package manager-related talks that happened elsewhere across the conference, I’ve selected some of the most notable ones below:

Final thoughts

Our room was particularly popular—almost every session was completely full with queues filling the hallway. There’s definitely been a lot of nascent demand for package management talks.

Screen Shot 2018-02-14 at 9.53.38 AM.png

Based on discussions and themes of the talks during the conference I’m excited about the future of package management development with people starting to share knowledge and work together on around solving some of the most challenging aspects of packaging software.

We hope to run another package manager room at FOSDEM again next year and would love to hear your thoughts on how to make it better too.

If you’re interested in learning more about package management, follow us on Twitter or sign up for updates

2018 open source survey results