On Mon, Oct 08, 2007 at 10:12:53AM +1000, Paul Gear wrote: > > Let's put aside the issue of whether the init script should do the same > thing as the shorewall command. > Agreed.
> The thing i'm really concerned about is that Debian users don't have > access to the latest stable versions of Shorewall in a native packaging > format. At the moment, if i want to deploy Shorewall on a customer > system, i recommend SUSE (openSUSE or SLES) because it's the platform > that works the best with the RPMS. > This concerns me as well. > We are not going to "fix" Debian policy about application versions in > this respect, because it's not "broken". Debian's policy on which > versions to include is working as designed - the problem as i see it is > that their release schedule doesn't match Tom's, and this creates > support problems for Shorewall. > I would have to agree that Tom is a fiend when it comes to releases :-) I don't know of any other substantial project that releases as often (except maybe Linux). > I personally would prefer to be running the latest stable version of > Shorewall on most of my systems (and probably the latest svn version on > my home gateway), but because i don't want the hassle of maintaining > tarball-based installs, i stick with the version in etch (3.2.6). > (Sarge uses Shorewall 2.2.3!) > Well, sure. Look at Etch, for instance. It was frozen on 11 December 2006. The first 3.4 release was not made until mid-March 2007. There was no way that a new "major" upstream version was going to make it during the freeze. Now, depending on how "major" the changes were, it may have been possible to continue the releases under the 3.2 line. However, that is sort of allowing the downstream to dictate how the upstream works, which is probably not always right. > That's why i think the best compromise would be to maintain a Debian > repository for the project that keeps up to date with Shorewall's stable > version, and ensure that this package is fully Debian-compliant, so that > people can smoothly integrate the latest Shorewall versions into their > Debian systems. (We should start with the packages that Lorenzo has > created to ensure maximum compatibility.) > Please don't misunderstand me. I am not strictly opposed to this. However, I think that the first step would be to ask Lorenzo to either relinquish the shorewall packages (Andrew and I are both Debian developers and he if is not willing/able to maintain or co-maintain the packages, I certainly would be; I don't mean to insult you Andrew, I just don't want to speak for you without knowing). Failing that, perhaps inviting Lorenzo to be more involved in the upstream development would probably result in better packages and also Debian more closely tracking the upstream releases. If we can get that, then it would be possible to just tell people to pin their shorewall packages to unstable. If we have a hand in the packaging, we can always make sure that the unstable version also works in stable. Of course, if Lorenzo does not wish to give up the packages nor to get involved in the upstream development, then I think setting up our own little repository would be acceptable. However, I'd like to try the other two options first. Now, Lorenzo was previously fairly responsive. In fact, I remember prior to the release of Etch helping test his 3.2.6 packages on some of my servers. (Yes, Tom, those are the servers that are still running 3.2.6 :-p). Anyhow, we need to find someone well respected who has been involved in Shorewall development for some amount of time (and who lives near Seattle) to approach Lorenzo. I think that person should be Tom. :-) Lorenzo seemed like a fairly reasonable fellow when I corresponded with him previously. I don't think he would be greatly opposed to anything which results in better Debian packages. Regards, -Roberto -- Roberto C. Sánchez http://people.connexer.com/~roberto http://www.connexer.com
signature.asc
Description: Digital signature
------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/
_______________________________________________ Shorewall-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-devel
