Re: 2.0 packages being removed from avalon
Vincent Stemen wrote: On Tue, 22 Sep 2009 09:05:40 -0400 (EDT), Justin C. Sherrill wrote: Since 2.4 is out, and we'll have binary pkgsrc packages for it soon, the 2.0 packages are due to be removed. If this will cause you trouble, please speak up. The plan is to keep packages for the current release (2.4) and the previous release (2.2), which gives us a binary package retention schedule of about a year. If possible, I would recommend (and request) keeping packages available for at least two previous releases rather than just one. It is really bad to keep around packages we don't build anymore, because they get outdated and accumulate security problems. And we don't have the resources to keep building packages. I think we should keep around what we can build for at the moment, and not a bit more. cheers simon -- 3 the future +++ RENT this banner advert +++ ASCII Ribbon /\ rock the past +++ space for low CHF NOW!1 +++ Campaign \ / Party Enjoy Relax | http://dragonflybsd.org Against HTML \ Dude 2c 2 the max ! http://golden-apple.biz Mail + News / \
Re: 2.0 packages being removed from avalon
On Wed, Sep 23, 2009 at 12:26:31PM +0200, Simon 'corecode' Schubert wrote: It is really bad to keep around packages we don't build anymore, because they get outdated and accumulate security problems. And we don't have the resources to keep building packages. I think we should keep around what we can build for at the moment, and not a bit more. I agree. --Peter pgpWVQPlX45ck.pgp Description: PGP signature
Re: 2.0 packages being removed from avalon
On Wed, Sep 23, 2009 at 12:26:31PM +0200, Simon 'corecode' Schubert wrote: Vincent Stemen wrote: On Tue, 22 Sep 2009 09:05:40 -0400 (EDT), Justin C. Sherrill wrote: Since 2.4 is out, and we'll have binary pkgsrc packages for it soon, the 2.0 packages are due to be removed. If this will cause you trouble, please speak up. The plan is to keep packages for the current release (2.4) and the previous release (2.2), which gives us a binary package retention schedule of about a year. If possible, I would recommend (and request) keeping packages available for at least two previous releases rather than just one. It is really bad to keep around packages we don't build anymore, because they get outdated and accumulate security problems. And we don't have the resources to keep building packages. I think we should keep around what we can build for at the moment, and not a bit more. Well, Justin did say If this will cause you trouble, please speak up.. :-) Yea, I wouldn't expect you to continue building and maintaining packages for very old revisions, but it is convenient to have access to the original snapshot of binary packages for maintaining older machines, so that packages can be added (or replaced if something gets broken or deleted) without having to do a full upgrade. It's up to you guys of course. We will probably go ahead and start downloading the whole package suite, then, for major revisions to keep around locally for maintaining any older installations we have. Regards, Vince
Re: 2.0 packages being removed from avalon
Simon 'corecode' Schubert wrote: It is really bad to keep around packages we don't build anymore, because they get outdated and accumulate security problems. And we don't have the resources to keep building packages. I think we should keep around what we can build for at the moment, and not a bit more. DragonFly releases get outdated too, and accumulate security problems. I think we should delete their ISO's from our mirrors.
Re: 2.0 packages being removed from avalon
On Wed, September 23, 2009 6:26 am, Simon 'corecode' Schubert wrote: It is really bad to keep around packages we don't build anymore, because they get outdated and accumulate security problems. And we don't have the resources to keep building packages. I think we should keep around what we can build for at the moment, and not a bit more. If we only keep what we can build, that means not even the previous release of DragonFly. Keeping the files only uses disk space, really. If we have users who need them, I don't see a problem with doing so. For comparison, NetBSD right now has two quarterly releases for two different releases, which is similar to what we're doing: ftp://ftp.netbsd.org/pub/pkgsrc/packages/NetBSD/i386/
Re: 2.0 packages being removed from avalon
I don't see any major problem keeping as much as 2-years worth of packages around. Security issues do crop up but from the point of view of someone having to make the choice between spending 5 minutes adding an older version of a package verses potentially a day upgrading the entire system, I'd rather the person had that choice to make. Software basically starts accumulating security and obsolesence issues from the day it is released so it is kinda hard to argue for specific break points. -Matt
Re: 2.0 packages being removed from avalon
On Wed, Sep 23, 2009 at 07:24:39PM -0700, Matthew Dillon wrote: I don't see any major problem keeping as much as 2-years worth of packages around. Security issues do crop up but from the point of view of someone having to make the choice between spending 5 minutes adding an older version of a package verses potentially a day upgrading the entire system, I'd rather the person had that choice to make. Exactly. Up to at least 2 years is about what I was thinking. If packages are only available for the cutting edge, I think it limits the market for production use. It is not uncommon for us to leave machines up for months or even years without touching them. For example, our firewall, which is still running Dragonfly 1.8.0-RELEASE has been up for 272 days prior to today, when it got shutdown to rearrange cables. And it's power supply fan has been locked since June! :-). In fact it was already a somewhat old installation when I installed asterisk on it to use as our PBX VOIP server without having NAT issues. Luckily the packages were still available at the time, so I just had to download it and do a pkg_add. I didn't want to bring our whole network down for hours to do it. Software basically starts accumulating security and obsolesence issues from the day it is released so it is kinda hard to argue for specific break points. -Matt In fact, I don't know about now days, but that was one of my big gripes about NetBSD prior to our changing over to Dragonfly. They started deleting and/or moving their binary packages all the time. Every time we needed to install a new package on any of our machines, they were gone. Even for releases that were not all that old. When they move them around all the time, it breaks our pre-configured tools for downloading them. I was happy to see that Dragonfly is much more consistent about the package locations. Also, if it's a concern at all, I think it will lessen your bandwidth consumption by keeping them around longer because people like us will just download what we need when we need it, rather then downloading the entire collection just in case we might need something in the future, since they might not still be there next week. -Vince
Re: 2.0 packages being removed from avalon
Justin C. Sherrill wrote: Since 2.4 is out, and we'll have binary pkgsrc packages for it soon, the 2.0 packages are due to be removed. If this will cause you trouble, please speak up. The plan is to keep packages for the current release (2.4) and the previous release (2.2), which gives us a binary package retention schedule of about a year. (The 2.3.1 packages on avalon.dragonflybsd.org currently work for 2.4, and the directories are symlinked in until a 2.4 build is finished.) Who is gonna be hurt if 2.0 packages remain available?
Re: 2.0 packages being removed from avalon
Jordan Gordeev wrote: Justin C. Sherrill wrote: Since 2.4 is out, and we'll have binary pkgsrc packages for it soon, the 2.0 packages are due to be removed. If this will cause you trouble, please speak up. The plan is to keep packages for the current release (2.4) and the previous release (2.2), which gives us a binary package retention schedule of about a year. (The 2.3.1 packages on avalon.dragonflybsd.org currently work for 2.4, and the directories are symlinked in until a 2.4 build is finished.) Who is gonna be hurt if 2.0 packages remain available? Disk space, confused people, unfixed security issues...
Re: 2.0 packages being removed from avalon
On Tue, September 22, 2009 10:00 am, Jordan Gordeev wrote: Who is gonna be hurt if 2.0 packages remain available? Current + previous release is the plan for keeping the packages around; at some point they are not useful any more, and this plan gives them a year of life. We can extend this if it turns out there's people that are both staying at old versions and needing binary packages to be available, but I don't think that's the case (yet). Pkgsrc quarterly releases are only updated for the quarter they are current, so this seems to cover enough time to cover most usage.
Re: 2.0 packages being removed from avalon
On Tue, 22 Sep 2009 09:05:40 -0400 (EDT), Justin C. Sherrill wrote: Since 2.4 is out, and we'll have binary pkgsrc packages for it soon, the 2.0 packages are due to be removed. If this will cause you trouble, please speak up. The plan is to keep packages for the current release (2.4) and the previous release (2.2), which gives us a binary package retention schedule of about a year. If possible, I would recommend (and request) keeping packages available for at least two previous releases rather than just one. I just finally upgraded my work station to 2.2.1 finally from 1.10.1 only about a week ago and we still have other work stations around here that are running 1.10.x. In fact, our firewall/misc server is still running 1.8.0-RELEASE. A lot of our machines get pretty old because lack of time and necessity to upgrading them. You know the adage: If it ain't broke, don't fix it. By the way, I cannot get to the package directories to any previous release on any of the mirrors today. I just get error 550 Permission denied. I was trying to access the 2.2.1 packages. I tried ftp://ftp.twaren.net/BSD/DragonFlyBSD/packages/ ftp://www.theshell.com/pub/DragonFly/packages/ ftp://chlamydia.fs.ei.tum.de/pub/DragonFly/packages/ On chlamydia I can get to the DragonFly-2.3.1 directory but nothing older. On theshell, the only directory I seem to be able to access is DragonFly-2.4.0-upload - Vince
