We see Most of the Windows softwares are packaged in a single executable file. When I double-click Setup file, it sets up all the files, binaries and libraries with it.
I understand the dependency of Ubuntu or more generally linux packages. But I wonder, Why these exists. Isn't it possible to build a single file with all dependencies? What is the problems with this method?
Please try to give the reason in details.
The main reason that dependencies are not included with the program itself is so that components of the system can be easily updated.
Imagine one dependency is used by five different programs. If a security vulnerability is found in that dependency, only one copy has to be updated, rather than five copies.
To the user, it doesn't matter that multiple packages need to be installed - installing the one piece of software you want automatically installs its dependencies.
The main difference between .deb and .exe packaging is not that Ubuntu software is not published in a single file. The main difference is the whole concept of a software repository that contains packages, and that updates can be easily be provided from.
This can sometimes be problematic for computers without a direct internet connection. There are tools, like APTonCD, that help minimise these difficulties.
That is not totally true. Ubuntu software usually comes in one single .deb file. Being utterly simplistic (and inaccurate), .deb files are the correspondent .exe file for windows. All programs, including those in windows use dependencies to other files in the operative system (libraries). The installation process is just more or less explicit in different OS. When you use the software center in Ubuntu to download a program you download only the dependencies that are not installed in your system and the actual program files. That prevents the system from being overloaded with duplicate files and duplicate functionality that would end up in conflicts.
Believe it or not, the only difference between installing a program in windows or Ubuntu is the amount of information that they provide to the users. Windows thinks that its users are dumb and do not want them to know what it is being installed when running an exe file. In linux you get that information..for some users is too much detail, but others (most) really appreciate that.
hope it makes sense.
On Ubuntu, most software does come in a single file. It is a
*.deb
debian package file which is downloaded, unpacked and installed from your package-manager.Why doesn't Ubuntu install software from self-extracting executables like most Windows software does?
Because self extracting
*.exe
files are a very dangerous proposition to accept.The most critical differences between a self-extracting executables and a packaging system, like the debian/Ubuntu one, are:
In more detail:
Security
In the windows world you have to trust that single
*.exe
file. How can one really be sure it can be trusted? How can you even know that it installs something? How can you be sure it doesn't do other things behind your back?In Ubuntu, all packages are digitally signed, so by using a separate package file - the package manager (be it muon, synaptic, aptitude, or even straight apt) - you get the content verified before it is even unpacked, let alone installed. This assumes, of course, that you trust the repositories. I'd rather trust the Ubuntu repositories (a single authority) than hundreds of often unfamiliar different sources to download from.
Granular Control
With a
*.exe
file, you can essentially do one thing: execute it. In Ubuntu you can inspect the contents of the package, descriptions, configs, individual files, latest changes, bug fixes, etc. from the convenience of your package manager, before deciding whether to install or not.When you install from an
*.exe
file, you also have to trust its 'uninstall' hook (and not all*.exe
files are guaranteed to have one). In Ubuntu, all files belonging to standard packages installed by the package manager, can always be uninstalled because that's a function of the package manager, not the package itself. The package manager is a separate, and trusted application, which provides both the installer and uninstaller, the package cannot take away the uninstall hook from you. Of course, a malicious package can sneak stuff via post-install actions, but that's why we have the official repository system and the same people we trust to maintain them.Transparency
It goes further. On Ubuntu I can really trust my system, because I can verify the software on many levels. The ultimate level is being able to look at source-code. binary packages have corresponding source packages. I can actually look at the source (Example: 'apt-get source bash' will give you the full sources to the bash shell). In the world of *.exe files, usually there are only binaries, and who knows what they actually do behind the scenes?
That said, there are always exceptions to the rules, but for me security and trust mean I cannot accept executing binaries from hundreds of different sources that are hard to verify as a standard way to install components on my system.
In addition to what has been said by others, sometimes a single piece of software is split up into several packages because not all features are relevant to all users. For example, if the documentation of a program is voluminous, it usually will be provided by a separate package. This allows users which are not interested in these optional features to save disk space and bandwidth/time for downloading.
Let's try sharing my understanding about the dependencies (Yes, I was aware of the merit of Ubuntu or more generally Linux way of handling software. I simply was trying to assemble all good opinion and reason in a central way, so that I can demonstrate some of my friends).
Windows Softwares are mostly packaged in a single file. Does this imply they don't have any dependency?
No, Almost all softwares have dependency on some other pieces of softwares. (Unless that software is very low-level and can talk with the hardware directly, such as Operating System itself). Microsofts's softwares aren't free from dependency. So,The important question is: how they handle this?
Answer: They handle this in their own traditional way. Assuming their most users as dumb, they simply put all the dependency in the single file, resulting the bigger sized (1 filed) Software.
For an example, See the Games released for Microsoft. Almost every game includes DirectX setups, though users may have updated versions of them already.
Here is something i have found on Google about Why DirectX is included with every game.
click here for full article. It is clear they are not doing very good with handling dependency.
Most of the time, regardless of dependencies already are in place, they provide it to gain simplicity (for their users). Also see how many softwares themeselves include the .NET runtime components.
Another example from my experience: Once I downloaded and installed an MS software. Being satisfied with the process, I clicked on the icon to open the software, Only then it tells me that "I need Java to run". Such a situation never occur in a Linux world via it's package management. (unless you try downloading .deb files from repository site and installing by double clicking, in a MS fashion).
How Linux handles this problem of dependency?
Well, Linux or Ubuntu does not hide the fact that, you have to have dependencies installed for using the software (unlike the Microsoft way). But when you installed the components, Another software which dependes on the same component use the installed depencies previously installed (unlike MS softwares including all things).