I'm not talking about quality, security or basically nothing in between either. Just the plain annoyance when packages are removed from mirrors.
Lets just pretend for a while you're new at a job, and the most common thing is you inherit old setups. On that day you inherit an old OpenStack setup, on an old version, and the next version to upgrade does not exist in mirrors so you have no packages, and you cannot jump any more forward without a lot of work. We all know and have agreed in the community surveys so many times that upgrades are are hard. Well just let me end it with, I don't envy a person being in that situation... Best regards On 06/07/2018 10:38 AM, Matthias Runge wrote: > On Thu, Jun 07, 2018 at 05:13:06AM +0000, Tobias Urdin wrote: >> Just sliding in with my 2 cents which are off-topic to the discussion but... >> >> I've always found it fascinating why one would completely remove >> packages from official mirrors when the version is not supported anymore. >> There will probably always be somebody that might be looking for them, >> I've always had that feeling with RPMs compared to Debs. > Can you elaborate here on how RPMs are different to .debs? > > What do you expect, when you're installing these packages? > Do you expect them to work? Do you expect, they won't create > a security issue? Do you want to be able to use them in > production? Is there a value in distributing something, which > doesn't work (anymore)? > > What happens, if there is an issue, or a distributed rpm contains > a CVE? In that case, we'd actively distribute vulnerable software. > I always wondered, why someone would ask for software with > a vulnerability (or more). > > This is to get expectations right[1]. It might look good at the > beginning, but can turn bad quite quickly. > > Matthias > > [1] https://twitter.com/AwardsDarwin/status/1003934362403049472 _______________________________________________ dev mailing list dev@lists.rdoproject.org http://lists.rdoproject.org/mailman/listinfo/dev To unsubscribe: dev-unsubscr...@lists.rdoproject.org
