One of the worst things you can do to your RPM-based system is to use the --force and --nodeps options when adding packages. You don't see much discussion of just how bad it can be for you though. It's made worse by some pre-packaged software coming from vendors who have installation instructions telling you to use --force instead of fixing their packages. So, before you use these flags, let me tell you about them...
The --force option to "rpm" is actually a short-hand for the options --replacepkgs, --replacefiles, and --oldpackage:
In short, --force will overwrite files from other packages, install the package even if it's already installed, and may result in down-grading a package already on your system.
In other words, it's used to install broken packages. This may be a package which isn't meant to be installed on your distribution at all, for example, installing a Mandrake package on a Fedora system. Or it may be that the packager of the software was too lazy to fix conflicts in the package when they were building it. If the package install instructions tell you to use "--force", it's almost certain that the packager knew of the problems but was being lazy.
If you feel the need to use --force, you probably want to try looking a little harder for a package that was meant for your distribution in the first place. Or, at the least try getting the .src.rpm version of the package and rebuild it with "rpmbuild --rebuild
Why aren't RPMs transportable between distributions? The biggest reason is because of differing ideas about how the packages and file-system are to be laid out. Package naming differences cause dependencies to fail. For example, maybe one distro uses ucd-snmp, while another uses netsnmp. These two packages provide roughly the same capability, but there are two alternatives for that software package.
Because of these differences in distributions, you really should listen if rpm complains when installing a package. Using --force may get it working in the short term, but probably will result in breaking other parts of your system and may also lead to all sorts of problems down the line.
What about --nodeps? This causes RPM to install a package, even if other required packages aren't available. This usually won't break your system (unless used with --force), but probably means that the package won't work once you've installed it. The best resolution to these problems are to get the .src.rpm and rebuild it, if the dependencies aren't available for your system. If they are available, use a tool like "yum" to install the dependencies and any related ones. It's real easy.
Remember, --force can break your system. I've had to re-install systems that users have done --force on. In one particular case, the user had just gotten into the habit that if an rpm command didn't work, they would try it with --force, without really understanding why the base rpm command was failing. The results were a system that was totally broken, and it was easier to re-install than to try to surgically fix. It was time to upgrade to the latest release anyway.
So, be careful out there. If you're going to use --force, at least try to understand why it is that the package can't be installed without it.
Many people seem to believe that this is a problem with the rpm too or format itself, and that Debian's system is superior because of that. The real advantage Debian has is the huge package repository which is more or less tested to all work together. With the RPM distributions, few if any have a single repository of packages that are as large as Debian's. To even get close with Fedora, you need to use at least a couple of third-party repositories, maybe as many as 5. Sad but true.
However, Fedora seems to be moving in the right direction with getting more community involvement into getting a central package repository with many more packages. The repository is one of the biggest advantages of Debian, in my humble opinion. However, when a package is not available in Debian, it's much more likely to have an RPM than a DEB package.comments powered by Disqus