Re: Non-security updates between stable releases?
I am not advocating being hostile to novice users; I am saying that we should not cater solely to that segment of our user base; especially at the expense experienced users who have been long using Debian as the basis of productive work. Some considerations and improvements seem at first glance as for novice users, but they often make sense for proffesionals too. For example, if Debian Linux makes some choice without bothering the end user, and if he does it in logical manner, then not only novice user is glad he shouldn't make some cryptic geeky choice that scares him, but also the professional often appreciates that he is not wasting his time and can concentrate at real work. Similar if something improves end user comfort somehow, etc. Sysadmins are slow to explore such improvements and to appreciate them. BFU's are much more flexible in this manner :-) However at the end, the admins are able to absorb it too. So, I think the wisdom is in those improvements, that bless BROAD end user base. What is good for BFU is not neccessarily bad for admin! Peter -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Non-security updates between stable releases?
Tim, I couldn't write it better. 3 months ago, there has been a thread with similar topics: Debian desktop -situation... Peter Tim Hull wrote / napísal(a): Just to follow up, I do appreciate that Debian wishes to cover so many architectures - I even installed Debian on quite possibly the most obscure architecture in the past, m68k (an old Quadra 700). Would have been funny to attempt a full-blown X install. Honestly, only NetBSD rivals Debian in that department. However, I will agree that it seems a bit absurd to hold up security fixes for a browser for all architectures based on breakage on a few obscure ones. Getting back to my original question, it still seems like there is a problem (at least for end users on the desktop) with the current release cycle. Lenny is not slated for release until September 2008, yet Etch will be spectacularly outdated before then (for some, it already is - just ask Gnome users, who are two releases behind *now*). Testing is not a viable desktop choice (observe the aforementioned security issues), and unstable is really OK only if you are a Linux expert. It seems to me that something has to be done - whether this be some official backports (especially of popular components like KDE, Gnome, the kernel, etc) or a faster release cycle. Personally, I prefer the former idea - I don't see a need to update my glibc and gcc every 6 months and like the stable Debian base, though I do like to have the latest Gnome. I think many users are in the same boat. Anyway, if any work is done in this regard, please let me know. Tim -- Odchádzajúca správa neobsahuje vírusy, nepoužívam Windows. === Mgr. Peter Tuhársky Referát informatiky Mesto Banská Bystrica ČSA 26 975 39 Banská Bystrica Tel: +421 48 4330 118 Fax: +421 48 411 3575 === -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Non-security updates between stable releases?
On Tue, Jul 31, 2007 at 05:02:58AM -0400, Tim Hull wrote: In my own case, I figure I'll probably either be running Sid or Ubuntu Feisty. Why don't you want to use testing, again? From my own experience, it seems like the issue that needs to be fixed to make stable more viable for end-users is to have automated, dependency-resolving, backporting functionality in apt. Backporting isn't always automatic, packages change with time. Right now, it is probably not so bad, a simple apt-get build-dep foo; apt-get -b source foo might work because etch has not been released a long time ago. But as lenny grows near, more and more packages will need manual backporting. Michael -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Non-security updates between stable releases?
Anyway, regarding my original concern and my ideas, I have reached a few conclusions. In my own case, I figure I'll probably either be running Sid or Ubuntu Feisty. I gave etch+rolling my own backports a try, but backporting each package was a throwback to the Debian Hamm (i.e. pre-apt) days - I was often having to manually resolve dependencies due to the fact that I didn't want to pull them *all* from stable or *all* from unstable - I wanted to pull the minimum necessary from unstable and the rest from stable when building. Also, it seemed like I'd have to backport 50-odd packages to get the functionality I'm looking for on my system - and I'd still only have Gnome 2.14... From my own experience, it seems like the issue that needs to be fixed to make stable more viable for end-users is to have automated, dependency-resolving, backporting functionality in apt. Essentially, one command would grab all build-deps that it can from stable, backport the rest from unstable/testing, and then build and install the package from unstable (or testing) source, cleaning up for itself when finished. In short - think the best of apt and the best of BSD ports all rolled together in one I may think this over, sketch out some plans, and look into implementation. However, as my actual programming experience is mostly limited to what I've done in CS (C and C++, but no extensive usage of libs other than the standard C and C++ libs, though some Qt), I don't expect miracles. I do plan on helping to bring this about, though... Even if I go with Ubuntu Feisty, I still plan on working with Debian on this and some other issues. I'll just keep multiple build environments around. I could still decide to just go back to the closed-source world (in my case, OS X - not Windows), but I want to move over this time (i've tried probably 4 or 5 times...) The only thing holding me up is laptop power management support and the old standby, multimedia. Thanks once again to all the Debian developers... Tim
Re: Non-security updates between stable releases?
On Tue, Jul 31, 2007 at 05:02:58AM -0400, Tim Hull wrote: In my own case, I figure I'll probably either be running Sid or Ubuntu Feisty. I gave etch+rolling my own backports a try, but backporting each package was a throwback to the Debian Hamm (i.e. pre-apt) days Backporting is any good only for a single or a couple of packages. For anything more, you'll want a mixed system with a pin like: Package: * Pin: release a=stable Pin-Priority: 500 Package: * Pin: release a=testing Pin-Priority: 200 - I was often having to manually resolve dependencies due to the fact that I didn't want to pull them *all* from stable or *all* from unstable - I wanted to pull the minimum necessary from unstable and the rest from stable when building. Also, it seemed like I'd have to backport 50-odd packages to get the functionality I'm looking for on my system - and I'd still only have Gnome 2.14... Too bad, apt won't resolve the dependencies the first time, but at least it will tell you what you're missing, and you'll be spared any actual backporting. You do have to manually ok every package you want to upgrade from stable to testing, but then the package will track testing until the version in stable catches up. And the issue in apt is, it ever considers only one version, the one with highest pin which matches the non-downgrading rules. This is wrong if: stable (pinned at 500): foo=1.0 [Depends: bar=1.0], bar=1.0 testing (pinned at 200): foo=1.2 [Depends: bar=1.2], bar=1.2 If the user says: apt-get install foo=1.2, apt won't be smart enough to find out it needs to upgrade bar as well. Same for aptitude or any other front-end, making pulling packages from testing or experimental a pain. -- 1KB // Microsoft corollary to Hanlon's razor: // Never attribute to stupidity what can be // adequately explained by malice. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Non-security updates between stable releases?
Why don't you want to use testing, again? Well, it doesn't have security updates (well, testing security team is supposed to exist, but it seems somewhat dormant as of late). I may give it a try, though - I'm not running a server so it shouldn't be too bad. Backporting isn't always automatic, packages change with time. Right now, it is probably not so bad, a simple apt-get build-dep foo; apt-get -b source foo might work because etch has not been released a long time ago. But as lenny grows near, more and more packages will need manual backporting. It wasn't that easy in the cases I was talking about - I had to backport additional packages from unstable to backport what I wanted in the first place. This (auto-backporting all build-deps that stable doesn't have (and their build-deps if necessary), installing the other build-deps from stable, and then building from source and installing the result) is what I was talking about implementing/investigating, not changing apt-get build-dep foo; apt-get -b source foo; dpkg -i foo* into one command. Regarding apt-pinning, I didn't use it because ultimately half my system would then be updated to testing/unstable (including things like glibc), going by what apt was saying when I tried it. In that case, why not run testing/unstable (which I may do anyway - though I may go with an Ubuntu Feisty install and a testing/unstable chroot environment).
Re: Non-security updates between stable releases?
Tim Hull dijo [Mon, Jul 30, 2007 at 07:14:50PM -0400]: Please enumerate which features are present in the new version of Gnome which are not present in the Etch version that the average user simply cannot live without. gnome-power-manager contains massive improvements, for one thing - which means I can actually use my laptop's special keys (volume etc). Also, gnome-power-manager supports suspend much more. GNOME probably isn't the biggest concern, though - there are other areas that will be quite concerns with Etch towards then end of its life cycle. In particular, the kernel and X.org will be lacking much support for recent hardware (think back to past releases and you'll know what I mean). Let me add emphasis to the cannot live without part. Debian is known for valuing more overall integration and stability than bleeding uptodateness or featurefullness. Yes, the situation towards the end of the Woody life cycle was already unsustainable, and many people were running completely hybrid machines instead of three year old, although stable (but really not satisfying for many use cases) functionality. Right now, most of us can still sit at a Sarge machine and feel it completely usable. Etch is still -for me- as up to date as I want it for a _user_ to be. Maybe, if Etch does not satisfy you, you are not Debian's target user :) Of course, we can benefit from you working with testing/unstable. Both statements are highly subjective. Testing doesn't have security support ATM - that's the issue with it. Unstable may be more viable, but at times can experience weird issues with dependencies. Every now and then there are breakages, in both testing and unstable. If I wanted my users' systems to break, I'd point them towards Fedora instead ;-) Having somebody facing an uninstallable situation or a conflict indication message, although perfectly understandable and easy to work out with our current tools, is something I don't want an end-user to tackle. Greetings, -- Gunnar Wolf - [EMAIL PROTECTED] - (+52-55)5623-0154 / 1451-2244 PGP key 1024D/8BB527AF 2001-10-23 Fingerprint: 0C79 D2D1 2C4E 9CE4 5973 F800 D80E F35A 8BB5 27AF -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Non-security updates between stable releases?
On Tue, Jul 31, 2007 at 12:07:44PM +0200, Adam Borowski [EMAIL PROTECTED] was heard to say: stable (pinned at 500): foo=1.0 [Depends: bar=1.0], bar=1.0 testing (pinned at 200): foo=1.2 [Depends: bar=1.2], bar=1.2 If the user says: apt-get install foo=1.2, apt won't be smart enough to find out it needs to upgrade bar as well. Same for aptitude or any other front-end, making pulling packages from testing or experimental a pain. That's actually not true in aptitude. Daniel -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Non-security updates between stable releases?
On Sun, 29 Jul 2007 22:40:15 -0700, Steve Langasek [EMAIL PROTECTED] wrote: On Mon, Jul 30, 2007 at 01:13:48AM -0400, Tim Hull wrote: Isn't this why the testing security team was formed, to address situations where there needs to be security fixes for testing like this? Is it still operational? If so, I'm just curious if they need help Sure. Feel free to fix gcc on mips and mipsel so that it's capable of building xulrunner again. I still kind of fail to see a reason for holding back security fixes for the mainstream because of obscure failures on doorstep architectures. If this becomes the norm, then our broad architecture support becomes one of Debian's main _dis_advantages. Greetings Marc -- -- !! No courtesy copies, please !! - Marc Haber |Questions are the | Mailadresse im Header Mannheim, Germany | Beginning of Wisdom | http://www.zugschlus.de/ Nordisch by Nature | Lt. Worf, TNG Rightful Heir | Fon: *49 621 72739834
Re: Non-security updates between stable releases?
On Sun, 29 Jul 2007 18:34:27 -0500, Manoj Srivastava [EMAIL PROTECTED] wrote: And I am not sure where this part comes from. I've been running unstable on all my end user systems for 11 years now. I would say the local policy f whether or not to use unstablke on an end user system depends on the end user. If an administrator as skilled as you is available, running unstable on production systems is fine (I don't dare doing so, but that's a matter of varying milieage). The necessary administrator skills are probably available for like 0.001 % of our installations. Greetings Marc -- -- !! No courtesy copies, please !! - Marc Haber |Questions are the | Mailadresse im Header Mannheim, Germany | Beginning of Wisdom | http://www.zugschlus.de/ Nordisch by Nature | Lt. Worf, TNG Rightful Heir | Fon: *49 621 72739834
Re: Non-security updates between stable releases?
On Mon, 30 Jul 2007, Tim Hull wrote: In the case of Iceweasel, stable already has 2.0.0.5, as this was a security update. There is supposed to be a testing security team, but evidently they haven't gotten around to the Iceweasel fix. Honestly, it is a bit weird - but a fact of the release system - that testing is actually *behind* stable in the particular case. Isn't this why the testing security team was formed, to address situations where there needs to be security fixes for testing like this? Is it still operational? If so, I'm just curious if they need help, as this is one area that could improve desktop usage - having a testing distribution that can reasonably be used (which includes security fixes). We are definitely short on man-power, both for checking which vulnerabilities affect Debian (non-DDs ok) and for preparing and uploading fixes to testing security (DDs required). Help would be appreciated. I have been putting off the ice* and xulrunner uploads so far, because I have tried to get a way to copy uploads from stable-security to testing-security, instead. This would save a lot of work where the version in stable and testing are still the same. Unfortunately, I have not been successful, yet. But I agree that the situation with ice* and xulrunner is bad, and I will hopefully find some time to make uploads soon. Cheers, Stefan -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Non-security updates between stable releases?
Just to follow up, I do appreciate that Debian wishes to cover so many architectures - I even installed Debian on quite possibly the most obscure architecture in the past, m68k (an old Quadra 700). Would have been funny to attempt a full-blown X install. Honestly, only NetBSD rivals Debian in that department. However, I will agree that it seems a bit absurd to hold up security fixes for a browser for all architectures based on breakage on a few obscure ones. Getting back to my original question, it still seems like there is a problem (at least for end users on the desktop) with the current release cycle. Lenny is not slated for release until September 2008, yet Etch will be spectacularly outdated before then (for some, it already is - just ask Gnome users, who are two releases behind *now*). Testing is not a viable desktop choice (observe the aforementioned security issues), and unstable is really OK only if you are a Linux expert. It seems to me that something has to be done - whether this be some official backports (especially of popular components like KDE, Gnome, the kernel, etc) or a faster release cycle. Personally, I prefer the former idea - I don't see a need to update my glibc and gcc every 6 months and like the stable Debian base, though I do like to have the latest Gnome. I think many users are in the same boat. Anyway, if any work is done in this regard, please let me know. Tim
Re: Non-security updates between stable releases?
Hi, Would a combination of backports.org (for etch-backports) and etch security updates, not take care of this for you? You would get fairly up to date packages built for etch, and still have a viable upgrade option when the next release comes. - Lawrence --- Tim Hull [EMAIL PROTECTED] wrote: Just to follow up, I do appreciate that Debian wishes to cover so many architectures - I even installed Debian on quite possibly the most obscure architecture in the past, m68k (an old Quadra 700). Would have been funny to attempt a full-blown X install. Honestly, only NetBSD rivals Debian in that department. However, I will agree that it seems a bit absurd to hold up security fixes for a browser for all architectures based on breakage on a few obscure ones. Getting back to my original question, it still seems like there is a problem (at least for end users on the desktop) with the current release cycle. Lenny is not slated for release until September 2008, yet Etch will be spectacularly outdated before then (for some, it already is - just ask Gnome users, who are two releases behind *now*). Testing is not a viable desktop choice (observe the aforementioned security issues), and unstable is really OK only if you are a Linux expert. It seems to me that something has to be done - whether this be some official backports (especially of popular components like KDE, Gnome, the kernel, etc) or a faster release cycle. Personally, I prefer the former idea - I don't see a need to update my glibc and gcc every 6 months and like the stable Debian base, though I do like to have the latest Gnome. I think many users are in the same boat. Anyway, if any work is done in this regard, please let me know. Tim -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Non-security updates between stable releases?
Hi, Would a combination of backports.org (for etch-backports) and etch security updates, not take care of this for you? You would get fairly up to date packages built for etch, and still have a viable upgrade option when the next release comes. - Lawrence That may work OK for me, though you'd still miss some significant things (GNOME would be stuck on 2.14) and what I am mostly suggesting is that there should be a better official Debian solution for the end-user. I could always work on backporting Gnome 2.18, though :) But that depends on whether I ultimately decide to use Debian or Ubuntu (or FreeBSD, or some other OS) in my own case. Tim
Re: Non-security updates between stable releases?
On Mon, Jul 30, 2007 at 13:01:07 -0400, Tim Hull wrote: That may work OK for me, though you'd still miss some significant things (GNOME would be stuck on 2.14) and what I am mostly suggesting is that there should be a better official Debian solution for the end-user. There is no such thing as the end-user. Cheers, Julien -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Non-security updates between stable releases?
On Mon, 30 Jul 2007 08:28:48 +0200, Marc Haber [EMAIL PROTECTED] said: On Sun, 29 Jul 2007 18:34:27 -0500, Manoj Srivastava [EMAIL PROTECTED] wrote: And I am not sure where this part comes from. I've been running unstable on all my end user systems for 11 years now. I would say the local policy f whether or not to use unstablke on an end user system depends on the end user. If an administrator as skilled as you is available, Well, while I have been pottering around on computers for about 25 years now, I have never formally been a sysadmin (though I do maintain machines for myself and sometimes my group at my place of employment). I would hesitate to characterize myself as a skilled sys admin. running unstable on production systems is fine (I don't dare doing so, but that's a matter of varying milieage). The necessary administrator skills are probably available for like 0.001 % of our installations. Would you consider the possibility that you might be underestimating the skill level of a significant segment of our user base? I would think that Debian is the domain of skilled users; and that the novices are mostly fled to fedora/ubuntu/xandros/linspire. I am not advocating being hostile to novice users; I am saying that we should not cater solely to that segment of our user base; especially at the expense experienced users who have been long using Debian as the basis of productive work. manoj -- THEGODDESSOFTHENETHASTWISTINGFINGERSANDHERVOICEISLIKEAJAVELININTHENIGHTDUDE Manoj Srivastava [EMAIL PROTECTED] http://www.debian.org/~srivasta/ 1024D/BF24424C print 4966 F272 D093 B493 410B 924B 21BA DABB BF24 424C -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Non-security updates between stable releases?
On Mon, 30 Jul 2007 08:27:10 +0200, Marc Haber [EMAIL PROTECTED] said: On Sun, 29 Jul 2007 22:40:15 -0700, Steve Langasek [EMAIL PROTECTED] wrote: On Mon, Jul 30, 2007 at 01:13:48AM -0400, Tim Hull wrote: Isn't this why the testing security team was formed, to address situations where there needs to be security fixes for testing like this? Is it still operational? If so, I'm just curious if they need help Sure. Feel free to fix gcc on mips and mipsel so that it's capable of building xulrunner again. I still kind of fail to see a reason for holding back security fixes for the mainstream because of obscure failures on doorstep architectures. If this becomes the norm, then our broad architecture support becomes one of Debian's main _dis_advantages. I think that security changes make their way into unstable quickly enough. Remember, the primary goal for testing is to help Debian create Lenny; and thus security support for it is not at the level we provide for long term distributions like stable, or Sid (which is where the bulk of Debian development happens). Now, if we were preventing uploads into Sid, I would be more concerned. Lenny is not something I feel the itch to strongly support so far from its release. manoj -- Abandon the search for Truth; settle for a good fantasy. Manoj Srivastava [EMAIL PROTECTED] http://www.debian.org/~srivasta/ 1024D/BF24424C print 4966 F272 D093 B493 410B 924B 21BA DABB BF24 424C -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Non-security updates between stable releases?
On Mon, Jul 30, 2007 at 11:23:47AM -0400, Tim Hull wrote: However, I will agree that it seems a bit absurd to hold up security fixes for a browser for all architectures based on breakage on a few obscure ones. Except that what you are describing is most certainly not the case. Take a look at the recent bind9 security announcements: http://lists.debian.org/debian-security-announce/debian-security-announce-2007/msg00102.html http://lists.debian.org/debian-security-announce/debian-security-announce-2007/msg00103.html In the case of the Etch announcement: For the stable distribution (etch) this problem has been fixed in version 9.3.4-2etch1. An update for mips is not yet available, it will be released soon. In the case of the Sarge announcement: For the oldstable distribution (sarge) this problem has been fixed in version 9.2.4-1sarge3. An update for mips, powerpc and hppa is not yet available, they will be released soon. So, tell me, where is a security update being held up because it is not in sync on all architectures? Now, in the case of testing (which is not officially supported for security updates, except by the secure-testing team), things may work a little differently. That is because testing propagation is based on rules, one of which includes that a package be in sync on all supported architectures. Getting back to my original question, it still seems like there is a problem (at least for end users on the desktop) with the current release cycle. Lenny is not slated for release until September 2008, yet Etch will be spectacularly outdated before then (for some, it already is - just ask Gnome users, who are two releases behind *now*). Please enumerate which features are present in the new version of Gnome which are not present in the Etch version that the average user simply cannot live without. Testing is not a viable desktop choice (observe the aforementioned security issues), and unstable is really OK only if you are a Linux expert. Both statements are highly subjective. It seems to me that something has to be done - whether this be some official backports (especially of popular components like KDE, Gnome, the kernel, etc) or a faster release cycle. As others have said, you are more than welcome to help out where possible. Personally, I prefer the former idea - I don't see a need to update my glibc and gcc every 6 months and like the stable Debian base, though I do like to have the latest Gnome. I think many users are in the same boat. Anyway, if any work is done in this regard, please let me know. While I think that your opinions are a bit misguided, I hope that you find what you are seeking, either in Debian proper, a derivative or in an effort that you lead yourself. Regards, -Roberto -- Roberto C. Sánchez http://people.connexer.com/~roberto http://www.connexer.com signature.asc Description: Digital signature
Re: Non-security updates between stable releases?
So, tell me, where is a security update being held up because it is not in sync on all architectures? Now, in the case of testing (which is not officially supported for security updates, except by the secure-testing team), things may work a little differently. That is because testing propagation is based on rules, one of which includes that a package be in sync on all supported architectures. I was talking about the case of testing. Please enumerate which features are present in the new version of Gnome which are not present in the Etch version that the average user simply cannot live without. gnome-power-manager contains massive improvements, for one thing - which means I can actually use my laptop's special keys (volume etc). Also, gnome-power-manager supports suspend much more. GNOME probably isn't the biggest concern, though - there are other areas that will be quite concerns with Etch towards then end of its life cycle. In particular, the kernel and X.org will be lacking much support for recent hardware (think back to past releases and you'll know what I mean). Testing is not a viable desktop choice (observe the aforementioned security issues), and unstable is really OK only if you are a Linux expert. Both statements are highly subjective. Testing doesn't have security support ATM - that's the issue with it. Unstable may be more viable, but at times can experience weird issues with dependencies. While I think that your opinions are a bit misguided, I hope that you find what you are seeking, either in Debian proper, a derivative or in an effort that you lead yourself. I understand why people don't understand my concerns/opinions. Honestly, in many of the cases these issues are not in fact issues for myself - I've run all sorts of beta software in the past. However, I think that there is an obvious demand for an option other than: A) packages updated (approximately) every 18 months, save for security issues (stable) B) packages are in constant flux, even things like glibc (testing/unstable)
Re: Non-security updates between stable releases?
Would you consider the possibility that you might be underestimating the skill level of a significant segment of our user base? I would think that Debian is the domain of skilled users; and that the novices are mostly fled to fedora/ubuntu/xandros/linspire. In my opinion exactly this should be a goal for Debian: become the favourite distribution for the not so skilled users. A lot of things are much better and more easy to handle than in other distributions (yes, including Ubuntu) - for example a _working_ upgrade path. Installing Debian is pretty easy these days and KDE/Gnome provide a lot of features which make sure that the not-so-skilled user will have a good experience, so it should be possible to become the favourite distribution of all people. Cheers, Bernd -- Bernd Zeimetz [EMAIL PROTECTED] http://bzed.de/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Non-security updates between stable releases?
This one time, at band camp, Bernd Zeimetz said: In my opinion exactly this should be a goal for Debian: become the favourite distribution for the not so skilled users. So long as it remains _a_ goal and doesn't try to become _the_ goal, go for it. -- - | ,''`.Stephen Gran | | : :' :[EMAIL PROTECTED] | | `. `'Debian user, admin, and developer | |`- http://www.debian.org | - signature.asc Description: Digital signature
Re: Non-security updates between stable releases?
On Tue, 31 Jul 2007 03:20:02 +0200, Bernd Zeimetz [EMAIL PROTECTED] said: Would you consider the possibility that you might be underestimating the skill level of a significant segment of our user base? I would think that Debian is the domain of skilled users; and that the novices are mostly fled to fedora/ubuntu/xandros/linspire. In my opinion exactly this should be a goal for Debian: become the favourite distribution for the not so skilled users. A lot of things are much better and more easy to handle than in other distributions (yes, including Ubuntu) - for example a _working_ upgrade path. Installing Debian is pretty easy these days and KDE/Gnome provide a lot of features which make sure that the not-so-skilled user will have a good experience, so it should be possible to become the favourite distribution of all people. If that is an itch you feel like scratching, go right ahead. It is not something I feel a particular need to do. As long as you do not destroy the experience for skilled users, I have absolutely no objection (I do object to dumbing down the OS to cater to people who get confused when they see options). manoj -- Status quo: The mess we're in. Kelvin Throop III, The Management Dictionary Manoj Srivastava [EMAIL PROTECTED] http://www.debian.org/~srivasta/ 1024D/BF24424C print 4966 F272 D093 B493 410B 924B 21BA DABB BF24 424C -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Non-security updates between stable releases?
Tim Hull wrote: I knew about that, though it's not actually an official Debian repository (to my knowledge). If I were looking for a date that was tall yes compact, what would you tell me? How about a date with fair brown eyes? What you are asking for is a contradiction. There are only two ways to update stable once it's out: Issue another stable or lie about its stability. There are specific exceptions to this rule. In particular, not updating certain programs is, in itself, a problem. One such example is an anti-virus, which needs fresh definitions, and sometimes, fresh code as well. If that is where your interests lie, I suggest you have a look at the debian-volatile repository. Shachar -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Non-security updates between stable releases?
Russ Allbery wrote: Are you aware of backports.org? But backports are recompiled packages from testing, and for instance testing is still with iceweasel 2.0.0.3. How is it possible to improve this? -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Non-security updates between stable releases?
On Sun, Jul 29, 2007 at 12:01:43AM -0400, Tim Hull wrote: In my mind, many of the complaints that Debian doesn't release often enough could be mitigated this way, and it would be nice to see at some point. In *my* mind, many of the complaints that Debian doesn't release often enough are simply ignorant or selectively ignoring reality. If you hear someone make that complaint, kindly keep him (or her) from sticking his (or her) foot too far down the throat and point them to unstable. Regards, -Roberto -- Roberto C. Sánchez http://people.connexer.com/~roberto http://www.connexer.com signature.asc Description: Digital signature
Re: Non-security updates between stable releases?
On Sun, Jul 29, 2007 at 03:14:23PM +0200, ciol wrote: Russ Allbery wrote: Are you aware of backports.org? But backports are recompiled packages from testing, and for instance testing is still with iceweasel 2.0.0.3. How is it possible to improve this? Packages get held back from testing because of RC bugs. So, if you want packages moving into testing quicker, get the unstable version, test and file bug reports when you find a bug and also try and submit patches to the bugs that are already keeping it out of testing. Regards, -Roberto -- Roberto C. Sánchez http://people.connexer.com/~roberto http://www.connexer.com signature.asc Description: Digital signature
Re: Non-security updates between stable releases?
ciol [EMAIL PROTECTED] writes: Russ Allbery wrote: Are you aware of backports.org? But backports are recompiled packages from testing, and for instance testing is still with iceweasel 2.0.0.3. How is it possible to improve this? If you want to run absolutely bleeding edge code, you have to run unstable; there's no way around it. Otherwise, you still have to wait for testing and stabilization of packages. In my experience, that solves more problems than it creates; I run testing on my primary desktop for the additional stability and run unstable on my other systems so that I can test. -- Russ Allbery ([EMAIL PROTECTED]) http://www.eyrie.org/~eagle/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Non-security updates between stable releases?
On 7/29/07, Russ Allbery [EMAIL PROTECTED] wrote: ciol [EMAIL PROTECTED] writes: Russ Allbery wrote: Are you aware of backports.org? But backports are recompiled packages from testing, and for instance testing is still with iceweasel 2.0.0.3. How is it possible to improve this? In the case of Iceweasel, stable already has 2.0.0.5, as this was a security update. There is supposed to be a testing security team, but evidently they haven't gotten around to the Iceweasel fix. Honestly, it is a bit weird - but a fact of the release system - that testing is actually *behind* stable in the particular case. If you want to run absolutely bleeding edge code, you have to run unstable; there's no way around it. Otherwise, you still have to wait for testing and stabilization of packages. In my experience, that solves more problems than it creates; I run testing on my primary desktop for the additional stability and run unstable on my other systems so that I can test. This is the problem - most users (mission-critical servers excepted) want to get certain updates on an as-needed or wanted basis. Sometimes this is absolutely necessary especially towards the end of a release's lifespan when most new hardware simply won't work without certain updates. However, they DON'T want a system in constant flux where some major component could break any minute, which is what unstable or even testing is. Anyway, I guess I'm getting the impression that Debian and its users are more oriented towards the mission-critical server than the average desktop user. I.e. - you're competing more with OpenBSD than with Windows Vista or even Ubuntu (which is, of course, Debian-based). That's fine with me - I definitely know Debian would be my first choice for a mission-critical server. However, my concern is more towards the desktop, and as such I may continue to investigate other distributions. I appreciate what you're doing - keep up the good work... Tim
Re: Non-security updates between stable releases?
On Sun, Jul 29, 2007 at 04:23:56PM -0400, Tim Hull [EMAIL PROTECTED] wrote: On 7/29/07, Russ Allbery [EMAIL PROTECTED] wrote: ciol [EMAIL PROTECTED] writes: Russ Allbery wrote: Are you aware of backports.org? But backports are recompiled packages from testing, and for instance testing is still with iceweasel 2.0.0.3. How is it possible to improve this? In the case of Iceweasel, stable already has 2.0.0.5, as this was a security update. There is supposed to be a testing security team, but evidently they haven't gotten around to the Iceweasel fix. Honestly, it is a bit weird - but a fact of the release system - that testing is actually *behind* stable in the particular case. FWIW, it's not RC bugs that are keeping 2.0.0.5 away from testing, but the fact it's not built on arm, mips and mipsel. Mike -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Non-security updates between stable releases?
Tim Hull [EMAIL PROTECTED] writes: Anyway, I guess I'm getting the impression that Debian and its users are more oriented towards the mission-critical server than the average desktop user. I.e. - you're competing more with OpenBSD than with Windows Vista or even Ubuntu (which is, of course, Debian-based). That's fine with me - I definitely know Debian would be my first choice for a mission-critical server. However, my concern is more towards the desktop, and as such I may continue to investigate other distributions. I use Debian on all of my desktop systems. However, I use testing or unstable for that, not stable (even with backports). -- Russ Allbery ([EMAIL PROTECTED]) http://www.eyrie.org/~eagle/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Non-security updates between stable releases?
On Sun, 29 Jul 2007 10:10:49 -0400, Roberto C. Sánchez [EMAIL PROTECTED] wrote: On Sun, Jul 29, 2007 at 12:01:43AM -0400, Tim Hull wrote: In *my* mind, many of the complaints that Debian doesn't release often enough are simply ignorant or selectively ignoring reality. If you hear someone make that complaint, kindly keep him (or her) from sticking his (or her) foot too far down the throat and point them to unstable. Unstable is an unreleased development version and not supposed to be in use on end users' systems. Greetings Marc -- -- !! No courtesy copies, please !! - Marc Haber |Questions are the | Mailadresse im Header Mannheim, Germany | Beginning of Wisdom | http://www.zugschlus.de/ Nordisch by Nature | Lt. Worf, TNG Rightful Heir | Fon: *49 621 72739834
Re: Non-security updates between stable releases?
On Sun, 29 Jul 2007 23:44:24 +0200, Marc Haber [EMAIL PROTECTED] said: Unstable is an unreleased development version This part is true. and not supposed to be in use on end users' systems. And I am not sure where this part comes from. I've been running unstable on all my end user systems for 11 years now. I would say the local policy f whether or not to use unstablke on an end user system depends on the end user. As an end user of Debian, I certainly end up running Sid on all my machines. manoj -- Three may keep a secret, if two of them are dead. Benjamin Franklin Manoj Srivastava [EMAIL PROTECTED] http://www.debian.org/~srivasta/ 1024D/BF24424C print 4966 F272 D093 B493 410B 924B 21BA DABB BF24 424C -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Non-security updates between stable releases?
On Sun, Jul 29, 2007 at 10:28:12PM +0200, Mike Hommey wrote: In the case of Iceweasel, stable already has 2.0.0.5, as this was a security update. There is supposed to be a testing security team, but evidently they haven't gotten around to the Iceweasel fix. Honestly, it is a bit weird - but a fact of the release system - that testing is actually *behind* stable in the particular case. FWIW, it's not RC bugs that are keeping 2.0.0.5 away from testing, but the fact it's not built on arm, mips and mipsel. ... which are, in fact, RC bugs (in the toolchain). -- Steve Langasek Give me a lever long enough and a Free OS Debian Developer to set it on, and I can move the world. [EMAIL PROTECTED] http://www.debian.org/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Non-security updates between stable releases?
In the case of Iceweasel, stable already has 2.0.0.5, as this was a security update. There is supposed to be a testing security team, but evidently they haven't gotten around to the Iceweasel fix. Honestly, it is a bit weird - but a fact of the release system - that testing is actually *behind* stable in the particular case. Isn't this why the testing security team was formed, to address situations where there needs to be security fixes for testing like this? Is it still operational? If so, I'm just curious if they need help, as this is one area that could improve desktop usage - having a testing distribution that can reasonably be used (which includes security fixes). Additionally, on the topic of Sid desktop usability - the Debian site says it's not recommended, and many people have reported breakage in various areas. Also, Sid tends to undergo rapid change - i.e. glibc, X, the kernel, etc may be updated a few times in a matter of months. It's something that is definitely fine for a Debian developer - or maybe even advanced users - but not exactly something you want to put on the average desktop. On the other hand, Stable is often so out-of-date that it can't be installed on new hardware (this may not be the case now, but 6 months ago it was the case with Sarge). So, in my view as a mortal user, it seems like something needs to be done. Even with a shorter release cycle (12 months?), this would still be a long time to wait for updates for desktop users. That's why I brought up the ideas I did... Let me know if anything is going on in these areas. I must emphasize that my concerns are not necessarily about me, but about desktop users in general. Once again, thanks to the Debian developers for their work and openness in responding to my inquiries. Tim
Re: Non-security updates between stable releases?
On Mon, Jul 30, 2007 at 01:13:48AM -0400, Tim Hull wrote: In the case of Iceweasel, stable already has 2.0.0.5, as this was a security update. There is supposed to be a testing security team, but evidently they haven't gotten around to the Iceweasel fix. Honestly, it is a bit weird - but a fact of the release system - that testing is actually *behind* stable in the particular case. Isn't this why the testing security team was formed, to address situations where there needs to be security fixes for testing like this? Is it still operational? If so, I'm just curious if they need help Sure. Feel free to fix gcc on mips and mipsel so that it's capable of building xulrunner again. -- Steve Langasek Give me a lever long enough and a Free OS Debian Developer to set it on, and I can move the world. [EMAIL PROTECTED] http://www.debian.org/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Non-security updates between stable releases?
Hi, I must say I hope no one takes this the wrong way or flames me because of it - I really appreciate what Debian has done, and I think you have the most stable, logically laid out, and free (as in freedom) Linux distribution out there. That said, there is a significant issue that I see with Debian and most distributions in general that I wanted to bring up. The issue is that once a stable release is declared stable, that's it - there are no updates except for security holes. This is good, except when you need a feature included in a newer version of software included in Debian (for example, if a newer kernel has a non-security bugfix in it that you need). Yes, you can compile from source (or, in some cases, use unofficial packages) but that is far from ideal. What I am wondering is - has there been any effort and/or interest in working on this area? I know about debian-volitaile, but that seems oriented towards a very specific set of packages (like antivirus programs), and not, for example, bugfixes. Furthermore, has there been any interest in working on such a project? If there is some interest, I would be interested in helping with the effort (though IANADD). I do vaguely remember this being mentioned at some time somewhere by a Debian developer at some point in time, so I figured I'd bring it up. In my mind, many of the complaints that Debian doesn't release often enough could be mitigated this way, and it would be nice to see at some point. Once again, thanks for making Debian what it is - I'm amazed by the 21,000+ packages, the beauty of apt, and the fact that it's a completely volunteer effort. Keep it up. Tim
Re: Non-security updates between stable releases?
Tim Hull [EMAIL PROTECTED] writes: That said, there is a significant issue that I see with Debian and most distributions in general that I wanted to bring up. The issue is that once a stable release is declared stable, that's it - there are no updates except for security holes. This is good, except when you need a feature included in a newer version of software included in Debian (for example, if a newer kernel has a non-security bugfix in it that you need). Yes, you can compile from source (or, in some cases, use unofficial packages) but that is far from ideal. What I am wondering is - has there been any effort and/or interest in working on this area? I know about debian-volitaile, but that seems oriented towards a very specific set of packages (like antivirus programs), and not, for example, bugfixes. Are you aware of backports.org? I use it extensively for cherry-picking specific packages where I need a newer version for feature reasons while keeping the rest of the system running stable. That means there's only a few packages I have to pay special attention to for security vulnerabilities. -- Russ Allbery ([EMAIL PROTECTED]) http://www.eyrie.org/~eagle/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Non-security updates between stable releases?
Are you aware of backports.org? I use it extensively for cherry-picking specific packages where I need a newer version for feature reasons while keeping the rest of the system running stable. That means there's only a few packages I have to pay special attention to for security vulnerabilities. I knew about that, though it's not actually an official Debian repository (to my knowledge).It is missing a few things I need, though. I may look in to contributing over there, and it would be nice to see it as an official part of the Debian project, as well as possibly some point releases including backports. Thanks for the quick response, though...
Re: Non-security updates between stable releases?
Tim Hull [EMAIL PROTECTED] writes: I knew about that, though it's not actually an official Debian repository (to my knowledge).It is missing a few things I need, though. I may look in to contributing over there, and it would be nice to see it as an official part of the Debian project, as well as possibly some point releases including backports. I agree on wanting to see it as an official part of the project, just for branding purposes if nothing else. I think a lot of Debian users miss it or don't think they can trust it just because it's not .debian.org and therefore they can't make the same assumptions about how it's run (although in practice if they knew how it's set up, they probably could). I'm not at all sure on making it a point release; I think it works fairly well as is, and I'd rather put the scarce release resources into increasing at least the predictability and possibly the speed of full-blown stable releases from testing. -- Russ Allbery ([EMAIL PROTECTED]) http://www.eyrie.org/~eagle/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]