On 2021-03-18, zimoun wrote: > On Wed, 17 Mar 2021 at 11:08, Vagrant Cascadian <vagr...@debian.org> wrote: > >> ... and I would expect this version to ship in Debian for another ~3-5 >> years, unless it gets removed from Debian bullseye before the upcoming >> (real soon now) release! > > I could miss a point. In 3-5 years, some people will be still running > Debian stable (or maybe oldstable or maybe this stable is LTS), so they > will “apt install guix” at 1.2.0, right? But then there is no guarantee > that Berlin will still serve this 5 years old binary substitutes. But > “guix install” fallback by compiling what is missing, right?
Sure. > Then the question will be: are the upstream sources still available? > Assuming that SWH is still alive at this future, all the git-fetch > packages will have their source, whatever the upstream status. For > all the other methods, there is no guarantee. There is never a guarantee of source availability from third parties; one of the downsides of the Guix approach to source management vs. Debian (e.g. all released sources are mirrored on Debian-controlled infrastructure ... which brings up an interesting aside; could Debian, OpenSuSE, Fedora, etc. archives could be treated as a fallback mirror for upstream tarballs). > On the other hand, at this 3-5 years future, after “apt install guix”, > people will not do “guix install” but instead they should do “guix > pull”. Therefore, the compression of substitutes does not matter that > much, right? Except for issues like the openssl bug which causes build failure due to certificate expiry in the test suite basically would break guix pull in those cases... maybe that is a deal breaker for the Debian packaged guix... > The only strong backward compatibility seems between “guix pull” rather > than all the substitutes themselves. Isn’t it? Other said, at least > keep all the necessary to have “guix pull” at 1.2.0 be able to complete. The guix-daemon is still run from the packaged version installed as /usr/bin/guix-daemon, so would need to be patched to get updates for new features and ... in light of https://issues.guix.gnu.org/47229 ... security updates! It is of course possible to configure to use an updated guix-daemon from a user's profile (e.g. as recommended with guix-binary installation on a foreign distro), but out-of-the-box it uses the guix-daemon shipped in the package, which, at least with my Debian hat on, is how it should be. > Thanks for this opportunity to think at such time scale. :-) Heh. :) live well, vagrant
signature.asc
Description: PGP signature