why do some prefer to build software from source code?

7 respostas [Última entrada]
tonlee
Desconectado
Joined: 09/08/2014

I have noticed some choose to build a piece of software from source code also if a ready to install packet is available.
Why building yourself? Is it more secure? It decreases errors?

JadedCtrl
Desconectado
Joined: 08/11/2014

The source tends to be a little more up-to-date than the packages, so that's a little incentive to do so.
EDIT: If there was a "delete" button, I would definitely do it right now- my comment has certainly been made pointless. So, yea. Please -1 this post so it can be hidden!

marioxcc
Desconectado
Joined: 08/13/2014

There are several reasons:

Packages in the repository are usually not the latest, except possibly in a rolling release distribution. The latest version of a free program is always available as source code; this is a logical fact: if only the binary was available for a version, then it's not free software, and if neither binary nor software are available, then that version isn't published. This is an elaboration of what JadedCtl pointed.

The developers develop a program in its source form. If there's a semi-official compiled version, it's usually compiled independently of the development proceeds (even if done by a developer of that program); so all the developers can verify the source, but only one (or none, if none of them is in charge of building), the one who compiles, can verify the binary. Therefore, it's more likely than a binary of the program has malicious features added than the source version. A binary may intentionally not match the purported source.

Installing a package often means installing a configuration which may not be desired. For instance, installing a daemon program usually creates a dedicated user for it and installs init scripts. With a program one compiles from source it's easy to run in place, and install as well.

Building oneself allows to optimize to the maximum, and to the local machine. I usually give "-O3 -march=native -fomit-frame-pointer -s" as CFLAGS. This enables the compiler to use CPU instructions that it may otherwise not use.

onpon4
Desconectado
Joined: 05/30/2012

I usually prefer to use Trisquel packages, but failing that, whether I use a pre-built binary or source code depends on a number of factors.

One reason I sometimes choose source over pre-built binaries is a lot of GNU/Linux binaries are kind of crappy compared to what you can get by building them yourself. For example, a lot of the time you can do a make install to install the program in a meaningful place, but you can't do that with pre-built binaries; you just have to run those in-place somewhere in your home directory. Sometimes that's fine, but sometimes installation is more convenient.

Another reason, which I've only ever come across once, is if only certain versions of a program are libre. The example I've come across is Gish, which had a version of its source code released, but has since then gotten binary-only updates. This one actually took quite a bit of unnecessary effort because one of the updates was apparently to rename certain data files, but anyway, I had to compile source code myself to make sure I was getting the right one, so that's what I did.

(Side note: I don't recommend Gish. It's kind of a crappy game.)

tomlukeywood
Desconectado
Joined: 12/05/2014

if you compile and install from source will you get security updates?

or do you have to just remember which programs you complied and update them manually?

Magic Banana

I am a member!

I am a translator!

Desconectado
Joined: 07/24/2010

APT cannot know of what you compiled (unless you actually created a DEB package from source and then installed it). As a consequence, APT will not propose you any update.

tomlukeywood
Desconectado
Joined: 12/05/2014

so if i wanted a newer version of gnu nano(just an example)
and i compiled the latest version of gnu nano into a deb or yum file and installed it.

and then its discovered that nano has a bug that
gives away your root password or something like that

would it get security updates?

Magic Banana

I am a member!

I am a translator!

Desconectado
Joined: 07/24/2010

It won't get updated. Even if you make a .deb package. The version you installed would be higher than the one proposed in the repository.

Now, if you are aware of the bug, you will probably build the latest version (where the bug has been fixed). If you make a new .deb every time, then you could make a PPA so that other user can profit from your work.

That said, the example you gave involves 'nano' that is already proposed in a PPA, the GNU PPA (maintained by DNS, a Trisquel user): https://launchpad.net/~dns/+archive/ubuntu/gnu