How do I decide which PPA to use?

Question

I'm looking for a PPA for Ruby 1.9.2 for Lucid Lynx, and I've noticed that there's a couple of them. Is it possible to determine which one is more commonly used, and therefore more likely to be error-free?

score 3 · Answer 1 · answered Aug 09 '11 at 23:06

The important thing to remember is that anyone can register a PPA. The main question you need to ask yourself is do you trust the PPA's owner. The level of trust needed depends on the package and what you hope to do with it. I might trust a PPA for an indicator based on the recommendation of a blog that I follow, but I'd want to know a lot more about the PPA owner if I were looking to upgrade X on my desktop or Ruby on a production server.

You should look at the PPA's owner on Launchpad. Is it team maintainer? What else is the owner involved with? Is the owner involved with the software upstream? Is the owner an Ubuntu developer?

Remember when you add a PPA to your sources, the main concern isn't the installation of a single package, it's that you are more or less giving the PPA root access to your machine through the ability to push updates.

Though it works the other way as well. Is the owner still actively providing security updates? foo 1.0 in Lucid might be a bit old, but at least it is still receiving security updates. foo 1.2 from Joe Bob's PPA might be more recent, but if a security bug is found to affect both version is he going to provide an update? Check their Lauchpad profile to make sure they are at least active.

Here's a scary story. I was investigating a PPA to possibly recommend to you for getting Ruby 1.9.2 on Lucid. Unfortunately one seeming popular one I came across is run by an "open" team. Team membership confers upload right to the team's PPA. As it now stands, someone could potentially join the team and upload a compromised version of the software in the PPA at anytime.

In Launchpad, teams can be used for various purposes. One reason that teams will have open membership is so anyone can access their mailing list. Though in most cases you would do something like create a foo-users team for the mailing list and a foo-dev team for PPA upload rights or bzr commit access. Perhaps Launchpad shouldn't let open teams create a PPA at all. — andrewsomething, Aug 09 '11 at 23:27
On further investigation, it seems that Launchpad won't let an open team create a PPA. This team must have previously been closed and then changed their permissions. I emailed them alerting them to the problem. I'm tempted to make an upload in their PPA only adding a new debian/changelog entry but that feels naughty. Either way, there seems to be a bug in Launchpad somewhere. I'm going to reproduce this on the staging server and file a bug on it. — andrewsomething, Aug 09 '11 at 23:40

score 0 · Answer 2 · answered Aug 03 '11 at 01:18

0

First you check what is available in the official repositories.

Go to http://packages.ubuntu.com/ and perform a search for ruby. In the search options, try lucid, lucid-updates (only of Ruby had a security update) and lucid-backports (only for newer versions that have been packaged back for lucid).

I performed the search and found that there is only one version of Ruby available (in lucid), and it is version 4.2. When you mention version 1.9.2, do you refer to the ruby package or some companion package?

answered Aug 03 '11 at 01:18

user4124

8,911

The Ruby1.9.1 package for Lucid is based on Ruby 1.9.1 patchlevel 376. Where did you get 4.2 from? Link please? – Andrew Grimm Aug 03 '11 at 01:22
Perhaps @user4124 was referring to the ruby package which serves as a transitional / dummy package and is numbered as 4.2. In the official repo, the ruby package is actually pointing to ruby1.8 currently. The latest ruby version I can find in http://packages.ubuntu.com is version 1.9.1 currently for 11.04 (http://packages.ubuntu.com/natty/ruby1.9.1-full). Not sure why 1.9.2 is being parenthesized there. – JohanSJA Aug 03 '11 at 04:19
@JohanSJA: That's Ruby 1.9.2, but it's in a debian package called 1.9.1. Here's an explanation on that topic – Andrew Grimm Aug 03 '11 at 05:38
If that is the case, I don't see a reason for going with PPA for ruby 1.9.2. What is your reason anyway? – JohanSJA Aug 03 '11 at 05:53
@JohanSJA: The version of Ubuntu we're installing on is Lucid, not Natty. – Andrew Grimm Aug 03 '11 at 06:01

score 0 · Answer 3 · answered Aug 09 '11 at 14:37

0

There are unofficial ones that people compile code to and stick up for anyone (brave enough) to use but the official and (probably better tested) version is the one in http://packages.ubuntu.com/ - which you can access via synaptic. I wouldn't touch the other PPAs for production systems.

The short answer seems to be that the only supported version of Ruby at the moment on Ubuntu is 1.8. Don;t touch 1.9.1 with a barge-poll if you're using Rails - there's even a message on the Rails homepage to that effect.

answered Aug 09 '11 at 14:37

ac_

101

Thanks, but I'm not using Rails. I'm a bioinformatician using Plain Old Ruby Objects. – Andrew Grimm Aug 09 '11 at 23:04
Ah ok. Well since I posted that answer I discovered the joys of RVM - which does allow you to install the latest Ruby, quite easily. Should be what you need. I used these instructions and lo and behold, it worked...http://beginrescueend.com/rvm/install/ – ac_ Aug 15 '11 at 16:48

How do I decide which PPA to use?

3 Answers3