RPM vs. tar for distribution for open source web applications

RPM advantages

  • Installation always puts it in the same location
  • Single copy of the source on the server, saves disk space
  • Potentially more secure, since permissions can be set to read-only
  • RPM can serve as an installation wizard, rather than writing one
  • RPM can also uninstall
  • Dependencies managed by RPM
  • Upgrades can be managed by RPM
  • Fits nicely into larger architecture
  • Can cross directories to handle configuration at different levels, for example, add an Apache .conf file.
  • Allows custom default configuration to be installed easily

RPM disadvantages

  • Single copy means application shouldn’t be customized once installed, all accounts will have to run the same
  • Single copy also means there may be additional filesystem architecture adaptations, for example a compiled template directory normally placed under the application would have to be accommodated. Application may have to be modified
  • May require root access
  • Filesystem architecture should be known
  • Requires installer to have some knowledge of RPM, usually more complex than tar
  • Requires installer to understand more filesystem commands (how to link into installed application, rather than install it
  • If application is normally distributed as a tar/gz file, RPM will be outside the documentation
  • Creating RPMs is far more complex than creating tars. Learning curve.
  • Development team and environment. If everyone is working on a single server, it may be difficult for them to share a single copy of an application. Consider VMWare.

Deciding Factors

  • Installation type - single application on the server, or multiple. Single is best with RPM, multiple is probably better with tar
  • Application source - custom applications may be better with RPM, outside/open source applications are probably better with tar
  • Dependencies and type - RPM really does a nice job with dependencies
  • Upgrades - RPM allows yum/up2date management of upgrades, with dependency observation
  • Skill/experience/education level of team
  • Servers in use - tar may be slightly more portable
  • Flexibility of target system
  • Updates during development are very easy to apply with RPMs