On Thu Jan 02, 2003 at 11:58:34AM -0800, Brook Humphrey wrote: > On Tuesday 31 December 2002 08:30 am, Brook Humphrey wrote: > > I made my own cd's with the mandrake 9.0 tree. To this I added the mandrake > > security updates an after a fresh install with these iso's the connection > > sharing does not work properly. The dhcp server fails to hand out an ip > > address the the client systems. I'm just curious if this same problem > > persists in the cooker branch. I will help trouble shoot the problem if > > need be. I do know also that it is only the dhcp server as I can manually > > assign ip's and it works fine.
I didn't see this original message so I don't know if there is more to this than the above but I don't know how it could be the updates. Nothing was done to the dhcp server; no DHCP-related updates were made. I suppose it might be an initscripts thing, although that was primarily for wireless changes, so I'm not sure how it would affect the server not handing out IPs (I'm assuming this DHCP server is the "faulty updated box" in question). Does this same thing happen if you install of the Mandrake-supplied 9.0 ISOs and then apply the updates after the fact? Obviously I have no idea what has changed with your ISOs and although I suspect the updates shouldn't break anything with the installer/installation, it isn't anything we test, for obvious reasons (time being the biggest factor). There is nothing else in updates that would have anything to do with DHCP, and the initscripts thing is a bit of a stretch, so I'm not convinced this is a problem from the security updates. Maybe drakconf has something to do with connection sharing; I don't know... I don't use connection sharing myself. > You know I've been using this distro since mandrake 5.3 I've supported > mandrake over the years and I still prefer mandrake over the others but I'm > really curious how come the security updates seem to break things for that > last few mandrake releases. I really would need some examples here. You're making a pretty general statement. All of my web servers run 8.2 and all run with current updates and there is nothing broken there. I've also got a few machines here running 9.0 and they are all current with updates. Granted, not all of these machines do "everything"... ie. each machine isn't a printer server, file server, web server, mail server, proxy server, ad naseum. You get the picture. I've got some regular web/mail/DNS/etc. servers that run with high uptimes, and desktop machines running 9.0 with no problems. They're not insecure default installs... they're defaults with updates. I haven't noticed anything broken, and if I did notice anything broken, rest assured they would be fixed rather quickly. So some examples here would be nice. I get very little feedback on security updates, so if there are some monumental problems, I'm not aware of them. If I'm not aware of them, I can't fix them. > With mandrake 8.1 and 8.2 the security updates made it so that older mac > clients could simply not even get on the net anymore. This worked out of the > box and only broke with the security updates for the various rpm's needed for > connection sharing. Ok, well, I don't use connection sharing so I don't know about that. Looking at the SRPMS in 9.0 and 8.2 updates, if it's broken in both as you indicate, I'm suspecting drakxtools, but correct me if I'm wrong. Not having used connection sharing, I'm not sure what package might be the culprit. Also, on a side note, the drak* tools updates are provided to me by the authors/developers. Those updates are not mine... I just rebuilt what I was given and tested it on my systems (not every conceivable scenario with them, however). If these problems were reported to the developers, then they never sent me anything to fix those packages with. But I find it strange that this is the first I'm hearing of these (IIRC). > Now with these sets of updates it breaks things again. You need to narrow down what is causing the problem. Is it, in both cases, just this connection sharing business? Is this what's causing your DHCP problem do you think? > I also want to address something else here. It's not like I'm making a living > off of this. I do own a computer store and I do websites for a living. > However I'm not selling systems with mandrake on them and not giving back to > mandrake. As a matter of fact I don't even sell systems with mandrake on > them. I'm in a small college town and anybody that knows about linux gets it > for themselves for the most part. My customers or at least 99% of them don't > even know about linux. > > So I'm offering to help as I have done in the past. It really concerns me that > these type of updates can get by Q&A no offense to Vincent Dannen (he is a > great guy) Really here I would just like mandrake to be the best it can be > and it really disturbs me that not one thing has been said about this email. > I really cant believe that I may finally have to support another distro. True enough, but you have to understand the resource allocation here. =) It kinda all boils down to that. And the fact that we can't test every thing, as much as we try. We have time constraints due to the high volume of fixes and updates that need to come out. We have personnel constraints; QA tests a lot more than just security updates. We have a small group of volunteers who test, in the hope of getting packages tested in more diverse scenarios, but it can't cover every angle either. I mean, we can test as much as possible, but invariably things will get missed. Look at cooker. How many people test cooker? How many bugs still get need to be fixed post-release? I'm not saying that this is a good or bad thing here, I'm just indicating that if you have all of the Mandrake developers and a userbase of a few hundred people that mess around with cooker and bugs still get through, then imagine the challenge one person building, five or so people doing pre-testing, and then a small over-worked QA department doing the final validation has. Granted we don't deal with the volume of packages in cooker, but the numbers need to speak for themself. It is especially difficult when these kinds of things are not reported directly back to us. I suspect you probably posted to the expert and/or cooker lists about these in the past. I try to read the lists but end up skimming most of it. Unless you bring it directly to my attention, or to a list like [EMAIL PROTECTED] which I read every message on and has a much lower noise level, it will likely get missed as a general post to a high-traffic list. For something like this, emailing the maintainer and cc'ing myself probably isn't a bad idea. Keeping the maintainer in the loop is good... they are the one who will have to fix it. > Please Please Listen to what I am saying here. These are the exact reasons why > corporate America is not coming to mandrake but instead to redhat or suse as > much as that pains me. I talk mandrake up all the time to all kinds of > people. I push it for any server related project I work on. When I do I back > mandrake with a purchase of mandrake. I want this distro to be the best. I > even backed you all through the recent money problems. I completely > understand what happened and am truly sorry that the past management did what > they did. I even talked to C. Mollinar about this. I don't think this is the reason "Corporate America" is using RedHat or SuSE as opposed to Mandrake. Those distros have had their fair share of "breakage" due to updates as well. These things just *happen*. It might be a little less with RH and SuSE however, but their (paid) security teams (possibly QA as well) are probably 5x the size of ours, which makes a difference. I'm not using that as a crutch or excuse, just plain fact. I think the big difference here is not in the quality of updates but that RH and SuSE are more server-oriented than Mandrake is. They have server products; we don't (other than SNF/MNF but those are more appliance-based, not server-based). > Ok last thought please let the last few of us loyal supporters help when we > ask to help. I really don't want to have to fork mandrake to get a usable > project. We welcome your help! I can always use another person or two (for obvious reasons, the volunteer secteam has to be a small but dedicated group) in secteam. If you have the ability/time/desire to test updates on older distribs, please offer your services. I would be more than happy to consider those folks who meet the requirements (secteam is not like cooker by any means!). I'm also open to suggestions on better bug reporting for updates. If sending an email to [EMAIL PROTECTED] is too difficult to get a hold of me directly, then I welcome other suggestions for how a person should report these bugs. Due to time constraints, I don't read Forum and I don't live on MandrakeExpert, so any problems reported there either need to be forwarded to me or cc'd to me in the first place. What else can be done? > Thanks for the time. Thanks for the comments. I do try to make the updates as "perfect" as possible, and if there are problems with them, they do need to be corrected and I try to be as responsive to legitimate issues as possible. -- MandrakeSoft Security; http://www.mandrakesecure.net/ "lynx -source http://linsec.ca/vdanen.asc | gpg --import" {FE6F2AFD : 88D8 0D23 8D4B 3407 5BD7 66F9 2043 D0E5 FE6F 2AFD}
msg84853/pgp00000.pgp
Description: PGP signature
