WelcomeWelcome | FAQFAQ | DownloadsDownloads | WikiWiki

Author Topic: Why are the TCEs in TinyCorePure64 so old? I see some from like 2013  (Read 503 times)

Offline asilentmurmur

  • Newbie
  • *
  • Posts: 6
Hello everyone!

I am new to the forum and new to TinyCore.. I love the concept behind TinyCore, but one of my biggest gripes about it, is the fact that many of the TCEs, for TinyCorePure64 , are so out dated that I wonder if anyone is actually maintaining these TCEs and keeping them up to date?  For example, the version of Midori Browser, as well as Brave browser , in the App Browser, is quite old.  Are there any other more up to date Repositories that I can use to get the most up to date versions of packages?   Sorry for sounding like I am ranting, I am just curious as to why these packages are not kept updated.

Thanks!

Offline CentralWare

  • Retired Admins
  • Hero Member
  • *****
  • Posts: 747
Re: Why are the TCEs in TinyCorePure64 so old? I see some from like 2013
« Reply #1 on: September 22, 2024, 08:45:26 PM »
Quick reads:
Midori:
https://forum.tinycorelinux.net/index.php/topic,17827.0.html
https://forum.tinycorelinux.net/index.php/topic,23737.0.html
https://www.reddit.com/r/browsers/comments/18ct5u2/so_if_anyones_curious_about_the_current_state_of/

Brave: https://www.reddit.com/r/brave_browser/
If you want to create a TCZ: http://tinycorelinux.net/13.x/x86_64/tcz/src/brave-browser/package_brave

Quote
I am just curious as to why these packages are not kept updated.

First "typical" reason why something may not be updated: Lack of user interest/lack of requests

Second reason sometimes would be the lack of maintainers (volunteers who keep packages "up to date" as you say)
Tiny Core is based on volunteer staff and members who donate their time and efforts to make it great.

Final typical reason... there are tens if not hundreds of thousands of software applications you could have chosen from to "gripe" about. :)
I'm reasonably certain there's not a distro out there who can remotely claim to "have them all."  Let alone the manpower to maintain them all to current releases.  Not even the commercial deviations offer "everything."  They offer what's popular (See #1 above.)

In retrospect, you are both welcomed to and encouraged to become the new maintainer for the software applications you personally desire!  It's not selfish when someone compiles a project they'll be using if someone else hasn't already...  in fact, it's the exact opposite when you're successful in doing so and you decide to share the spoils with the entire TCL community!

Welcome to Tiny Core!

Offline Juanito

  • Administrator
  • Hero Member
  • *****
  • Posts: 14756
Re: Why are the TCEs in TinyCorePure64 so old? I see some from like 2013
« Reply #2 on: September 23, 2024, 03:01:57 AM »
In some cases extensions are not updated because they just work 🙂

btw - the brave-browser extension was updated this month, albeit not to the latest git version.

Offline mocore

  • Hero Member
  • *****
  • Posts: 616
  • ~.~
Re: Why are the TCEs in TinyCorePure64 so old? I see some from like 2013
« Reply #3 on: September 23, 2024, 04:53:07 AM »
  Are there any other more up to date Repositories that I can use to get the most up to date versions of packages?   

afaik the only option currently would be along the lines of
"script to add custom extensions to local mirror" @ https://forum.tinycorelinux.net/index.php/topic,26175.0.html

hint :it possible to search the repo file( for source archives and build scripts)  https://forum.tinycorelinux.net/index.php/topic,27246.0.html



many of the TCEs, for TinyCorePure64 , are so out dated that I wonder if anyone is actually maintaining these TCEs and keeping them up to date?

un like consumables (food ect) in the `supermarket` software dose not go off or out of date
** with the exception of  security certificates ... which will affect browsers

this is begging the question , what updates do you require (based on what policy)

eg is it *better*  ::) to have

a)the highest version number ( with the latest bugs)
b)or the newest "stable" version ( with the latest bug fixes !!!)
c)or the old version that still works with/for some other legacy software 

 :o

Offline gadget42

  • Hero Member
  • *****
  • Posts: 725
Re: Why are the TCEs in TinyCorePure64 so old? I see some from like 2013
« Reply #4 on: September 23, 2024, 08:15:47 AM »
a few days ago i grabbed an ubuntu-8.10 live-cd and booted it up in a circa 2010 ibm workstation

as @mocore relates, the browser certificates failed but that was to be expected after 16 years

when i want to run damn small linux i can either use the live-cd or pull out the antique that it is still installed on

still glad that TCL-15.x exists!
The fluctuation theorem has long been known for a sudden switch of the Hamiltonian of a classical system Z54 . For a quantum system with a Hamiltonian changing from... https://forum.tinycorelinux.net/index.php/topic,25972.msg166580.html#msg166580

Offline CardealRusso

  • Full Member
  • ***
  • Posts: 178
Re: Why are the TCEs in TinyCorePure64 so old? I see some from like 2013
« Reply #5 on: September 24, 2024, 05:48:41 AM »
I personally have intentionally reduced the update frequency of the extensions I originally uploaded to biannually, maybe annually from next year, after realizing that there is special care taken by the devs regarding the use of server storage-

>updates are backed up
>many of the extensions I'm updating are between 50~100mb
>old versions of tinycore removed to save space

Perhaps if we were to be more rigorous with the buildscript, doing all the screening and testing to ensure that it works, we could then back up only the buildscript of the software that has been updated instead of the tcz?

Offline CentralWare

  • Retired Admins
  • Hero Member
  • *****
  • Posts: 747
Re: Why are the TCEs in TinyCorePure64 so old? I see some from like 2013
« Reply #6 on: September 24, 2024, 06:28:18 PM »
Perhaps if we were to be more rigorous with the buildscript, doing all the screening and testing to ensure that it works, we could then back up only the buildscript of the software that has been updated instead of the tcz?

@CardealRusso: As much as the idea sounds terrific, there's also times where the build script, patches, custom/config files and source tarball are just as if not more important than the TCZ itself in terms of server storage.  (If the build script "works" as it should with the aforementioned patches/files/source, most anyone can create their own TCZ in a pinch.  Or have an automation system available to maintainers - which is currently in the works, that tends to many of the "updates" which would be up to end-users to test and confirm.

Offline asilentmurmur

  • Newbie
  • *
  • Posts: 6
Re: Why are the TCEs in TinyCorePure64 so old? I see some from like 2013
« Reply #7 on: September 28, 2024, 07:21:51 PM »
Quick reads:
Midori:
https://forum.tinycorelinux.net/index.php/topic,17827.0.html
https://forum.tinycorelinux.net/index.php/topic,23737.0.html
https://www.reddit.com/r/browsers/comments/18ct5u2/so_if_anyones_curious_about_the_current_state_of/

Brave: https://www.reddit.com/r/brave_browser/
If you want to create a TCZ: http://tinycorelinux.net/13.x/x86_64/tcz/src/brave-browser/package_brave

Quote
I am just curious as to why these packages are not kept updated.

First "typical" reason why something may not be updated: Lack of user interest/lack of requests

Second reason sometimes would be the lack of maintainers (volunteers who keep packages "up to date" as you say)
Tiny Core is based on volunteer staff and members who donate their time and efforts to make it great.

Final typical reason... there are tens if not hundreds of thousands of software applications you could have chosen from to "gripe" about. :)
I'm reasonably certain there's not a distro out there who can remotely claim to "have them all."  Let alone the manpower to maintain them all to current releases.  Not even the commercial deviations offer "everything."  They offer what's popular (See #1 above.)

In retrospect, you are both welcomed to and encouraged to become the new maintainer for the software applications you personally desire!  It's not selfish when someone compiles a project they'll be using if someone else hasn't already...  in fact, it's the exact opposite when you're successful in doing so and you decide to share the spoils with the entire TCL community!

Welcome to Tiny Core!


Thank you for the helpful response!  I guess the reason I asked my question is I am curious to know how TC extension maintainers deal with security vulnerabilities? For example, lets say a major vulnerability that affects all linux systems worldwide is discovered, do these vulnerabilities get patched quickly by the extension maintainers? 

Offline CentralWare

  • Retired Admins
  • Hero Member
  • *****
  • Posts: 747
Re: Why are the TCEs in TinyCorePure64 so old? I see some from like 2013
« Reply #8 on: October 06, 2024, 08:00:17 PM »
@asilentmurmur: If there was such a thing as a "global" system flaw, it would usually be isolated to a specific ingredient (such as the Kernel itself, a software application, a hardware driver, etc.)

In cases where there's a security flaw that could affect our users, someone in the forum will bring it to our attention if it's not already under investigation - something that severe wouldn't get past our community.  What ever the "vulnerability" would be, that one ingredient is updated when the flaw is corrected.

For example: Let's say someone found a flaw in the Chrom(ium) web browser software, which I'm picking on web browsers only because they're constantly scrutinized since everyone uses them and if you gain entry to back-end a browser, you virtually "own" the user's web environment and if it goes deep enough, their entire computer.  A browser is a single package and/or possibly one or more of its dependencies which will require attention from their authors, not the tens of thousands of ingredients/extensions that are currently on the books.  If by chance it were possible that other packages which use libraries and the likes FROM Chrom(ium) and would possibly also fall into the same category, they too would be investigated, but that tends to be less common as the correction at the top of the hill tends to cover most of those below it.

Misconception of what it means to be a maintainer: EXTENSION maintainers are not normally responsible for the "fixing" or "updating/enhancing" of other people's software; that's normally up to the authors themselves.  Extension maintainers normally just compile other people's software applications and when needed, look into compilation issues/problems that arise over time as things in the overall picture change; more times than not we don't have to modify the application or its dependencies - nor would we want to, otherwise, it would create a unique fork in the road which would likely break when the author(s) created an update on their end.  We do have a few patches for the Kernel, BusyBox and a few of the toolchain apps which are Tiny Core specific, but we keep things like that to a minimum and based on necessity.

Lastly, let's say there's an extension, as you mentioned, dated 2013...  let's say for sake of argument that the extension version is 3.2.1 and the current version is 3.2.6.
Sometimes a maintainer will leave well enough alone with an extension which has no updates in a long time or has updates which wouldn't really affect the Tiny Core environment or its overall functionality, so they'll decide "If it's not broken, why change a good thing!"  Another path that happens is sometimes an update to an extension also makes it much larger in file size where it's decided the "changes" don't outweigh the "Tiny Core" principle and thus they're left alone -- still functioning for their purpose, just not as "new" (and "fat") as "Current" would make it.  This is where our users tend to compile the newer version for themselves if something in the newer version is wanted, but very few others would feel the same way.  Sometimes, it only takes a few people to request the newer version for an informal "vote" to go into motion and the maintainer ends up upgrading the app to appease the public - and sometimes they'll just offer a hand to help the user do it themselves if the upgrade doesn't conform to the TCL way of things.  Finally, sometimes the "latest and greatest" Package "A" ends up breaking Packages B, C and D in the process.  This all has to be weighed.

To put your mind at ease...  not many things around here are avoided due to laziness or complication - everything is usually done by choice for what's best for Tiny Core.

Offline mocore

  • Hero Member
  • *****
  • Posts: 616
  • ~.~
Re: Why are the TCEs in TinyCorePure64 so old? I see some from like 2013
« Reply #9 on: October 07, 2024, 05:22:14 AM »
do these vulnerabilities get patched quickly by the extension maintainers? 

lets hope NOT
or the haste might well introduce users to *MORE* bugs  :o
 :P

https://en.wiktionary.org/wiki/more_haste,_less_speed
Quote
When one is in a hurry, one often ends up having less success and completing a task more slowly.

*tangent*

"the number of possible states 3 variables in JavaScript can have is grater than the number of atoms on the planet"

  ???   https://www.youtube.com/watch?v=lKXe3HUG2l4

« Last Edit: October 07, 2024, 05:37:07 AM by mocore »