As Abhijit Nadgouda says in "Benefits of Online Repositories", it only takes a simple command or two in Linux to download and install or upgrade a package.  If necessary, even dependencies will be downloaded and installed and you don't have to know anything about these new packages to make it all work in a matter of seconds.  And you don't have to use a browser or any kind of GUI to make this all happen.

Isn't this all just a little too easy? 

Well, it's not if you're a developer trying to get a job done quickly or you're working at home and don't really think about licensing terms or other obligations. 

But what if you're working in an enterprise or at an ISV where it really does matter what the license is for not just the top level project but all dependencies and their dependencies and so forth?  Are you violating any of your company's policies around software acquisition, in particular the policies related to open source licensing and distribution?  And what if one of those packages in the tree has an obligation requirement that your company can't accept or is not willing to meet?  How do you go about getting production support and/or indemnification for all the packages in your new hierarchy?

I think it's pretty easy to see that in certain settings there can be real issues related to the ease of software acquisition in our world of open source ubiquity.  This is a problem OpenLogic helps to solve through our library of over 400 certified packages backed by indemnification and SLA support.  We don't want to take away the ability for a developer to quickly find and install open source packages, but we do want to provide a thin layer of enterprise control and management around the process.  We want to make it easy for developers to research and find open source that not only does what they want, but is also compliant with existing policies so they don't have to waste time ripping and replacing "illegal" components later.

So although it's great that the logistics of acquiring open source packages has gotten far easier in recent years, it's important for enterprise decision makers to realize that too easy can lead to even more headaches than a slightly slower process that enforces reasonable constraints.