Re: [rdo-dev] openstack-newton rpm packages unavailable now

2018-06-07 Thread Matthias Runge
On Thu, Jun 07, 2018 at 05:13:06AM +, Tobias Urdin wrote:
> Just sliding in with my 2 cents which are off-topic to the discussion but...
> 
> I've always found it fascinating why one would completely remove
> packages from official mirrors when the version is not supported anymore.
> There will probably always be somebody that might be looking for them,
> I've always had that feeling with RPMs compared to Debs.

Can you elaborate here on how RPMs are different to .debs?

What do you expect, when you're installing these packages?
Do you expect them to work? Do you expect, they won't create
a security issue? Do you want to be able to use them in
production? Is there a value in distributing something, which
doesn't work (anymore)?

What happens, if there is an issue, or a distributed rpm contains
a CVE? In that case, we'd actively distribute vulnerable software.
I always wondered, why someone would ask for software with
a vulnerability (or more).

This is to get expectations right[1]. It might look good at the
beginning, but can turn bad quite quickly.

Matthias

[1] https://twitter.com/AwardsDarwin/status/1003934362403049472
-- 
Matthias Runge 

Red Hat GmbH, http://www.de.redhat.com/, Registered seat: Grasbrunn,
Commercial register: Amtsgericht Muenchen, HRB 153243,
Managing Directors: Charles Cachera, Michael Cunningham,
Michael O'Neill, Eric Shander
___
dev mailing list
dev@lists.rdoproject.org
http://lists.rdoproject.org/mailman/listinfo/dev

To unsubscribe: dev-unsubscr...@lists.rdoproject.org


Re: [rdo-dev] openstack-newton rpm packages unavailable now

2018-06-07 Thread Tobias Urdin
I'm not talking about quality, security or basically nothing in between
either.
Just the plain annoyance when packages are removed from mirrors.

Lets just pretend for a while you're new at a job, and the most common
thing is you inherit old setups.

On that day you inherit an old OpenStack setup, on an old version, and
the next version
to upgrade does not exist in mirrors so you have no packages, and you
cannot jump any more forward
without a lot of work.

We all know and have agreed in the community surveys so many times that
upgrades are are hard.
Well just let me end it with, I don't envy a person being in that
situation...

Best regards

On 06/07/2018 10:38 AM, Matthias Runge wrote:
> On Thu, Jun 07, 2018 at 05:13:06AM +, Tobias Urdin wrote:
>> Just sliding in with my 2 cents which are off-topic to the discussion but...
>>
>> I've always found it fascinating why one would completely remove
>> packages from official mirrors when the version is not supported anymore.
>> There will probably always be somebody that might be looking for them,
>> I've always had that feeling with RPMs compared to Debs.
> Can you elaborate here on how RPMs are different to .debs?
>
> What do you expect, when you're installing these packages?
> Do you expect them to work? Do you expect, they won't create
> a security issue? Do you want to be able to use them in
> production? Is there a value in distributing something, which
> doesn't work (anymore)?
>
> What happens, if there is an issue, or a distributed rpm contains
> a CVE? In that case, we'd actively distribute vulnerable software.
> I always wondered, why someone would ask for software with
> a vulnerability (or more).
>
> This is to get expectations right[1]. It might look good at the
> beginning, but can turn bad quite quickly.
>
> Matthias
>
> [1] https://twitter.com/AwardsDarwin/status/1003934362403049472

___
dev mailing list
dev@lists.rdoproject.org
http://lists.rdoproject.org/mailman/listinfo/dev

To unsubscribe: dev-unsubscr...@lists.rdoproject.org


Re: [rdo-dev] openstack-newton rpm packages unavailable now

2018-06-07 Thread Phill. Whiteside
Hi,

also totally off topic. I was asked to gather up all the lubuntu
releases[1] as I also removed them at EoL. turns out that there are still
586 cpu's out there!! And, yes, I am still one missing - the very 1st one.

Regards,

Phill.
1. http://phillw.net/isos/lubuntu/





On 7 June 2018 at 10:17, Tobias Urdin  wrote:

> I'm not talking about quality, security or basically nothing in between
> either.
> Just the plain annoyance when packages are removed from mirrors.
>
> Lets just pretend for a while you're new at a job, and the most common
> thing is you inherit old setups.
>
> On that day you inherit an old OpenStack setup, on an old version, and
> the next version
> to upgrade does not exist in mirrors so you have no packages, and you
> cannot jump any more forward
> without a lot of work.
>
> We all know and have agreed in the community surveys so many times that
> upgrades are are hard.
> Well just let me end it with, I don't envy a person being in that
> situation...
>
> Best regards
>
> On 06/07/2018 10:38 AM, Matthias Runge wrote:
> > On Thu, Jun 07, 2018 at 05:13:06AM +, Tobias Urdin wrote:
> >> Just sliding in with my 2 cents which are off-topic to the discussion
> but...
> >>
> >> I've always found it fascinating why one would completely remove
> >> packages from official mirrors when the version is not supported
> anymore.
> >> There will probably always be somebody that might be looking for them,
> >> I've always had that feeling with RPMs compared to Debs.
> > Can you elaborate here on how RPMs are different to .debs?
> >
> > What do you expect, when you're installing these packages?
> > Do you expect them to work? Do you expect, they won't create
> > a security issue? Do you want to be able to use them in
> > production? Is there a value in distributing something, which
> > doesn't work (anymore)?
> >
> > What happens, if there is an issue, or a distributed rpm contains
> > a CVE? In that case, we'd actively distribute vulnerable software.
> > I always wondered, why someone would ask for software with
> > a vulnerability (or more).
> >
> > This is to get expectations right[1]. It might look good at the
> > beginning, but can turn bad quite quickly.
> >
> > Matthias
> >
> > [1] https://twitter.com/AwardsDarwin/status/1003934362403049472
>
> ___
> dev mailing list
> dev@lists.rdoproject.org
> http://lists.rdoproject.org/mailman/listinfo/dev
>
> To unsubscribe: dev-unsubscr...@lists.rdoproject.org
>
___
dev mailing list
dev@lists.rdoproject.org
http://lists.rdoproject.org/mailman/listinfo/dev

To unsubscribe: dev-unsubscr...@lists.rdoproject.org


[rdo-dev] Rocky Milestone 2 RDO Test Days 14-15 June

2018-06-07 Thread Rain Leander
Who’s up for a rematch?

Rocky Milestone 2 is here and we’re ready to rumble! Join RDO [0] on June
14 &
15 for an awesome time of taking down bugs and fighting errors in the most
recent release [1].

We won’t be pulling any punches.

Want to get in on the action? We’re looking for developers, users,
operators, quality engineers, writers, and, yes, YOU. If you’re reading
this, we think you’re a champion and we want your help!

We’ll have packages for the following platforms:
* RHEL 7
* CentOS 7

You’ll want a fresh install with latest updates installed so that there’s no
hard-to-reproduce interactions with other things.

We’ll be collecting feedback, writing up tickets, filing bugs, and answering
questions.

Even if you only have a few hours to spare, we’d love your help taking this
new version for a spin to work out any kinks. Not only will this help
identify
issues early in the development process, but you can be the one of the first
to cut your teeth on the latest versions of your favorite deployment methods
like TripleO, PackStack, and Kolla.

Interested? We’ll be gathering on #rdo (on Freenode IRC) for any associated
questions / discussions, and working through the “Does it work?” tests [2].

Like Rocky said, “The world ain’t all sunshine and rainbows,” but with your
help, we can keep moving forward and make the RDO world better for those
around us. Hope to see you on the 14th & 15th!

[0] https://www.rdoproject.org/
[1] https://www.rdoproject.org/testday/
[2] https://www.rdoproject.org/testday/tests/

-- 
K Rain Leander
OpenStack Community Liaison
Open Source and Standards Team
https://www.rdoproject.org/
http://community.redhat.com
___
dev mailing list
dev@lists.rdoproject.org
http://lists.rdoproject.org/mailman/listinfo/dev

To unsubscribe: dev-unsubscr...@lists.rdoproject.org