Re: [rdo-dev] openstack-newton rpm packages unavailable now
On Thu, Jun 07, 2018 at 05:13:06AM +, Tobias Urdin wrote: > Just sliding in with my 2 cents which are off-topic to the discussion but... > > I've always found it fascinating why one would completely remove > packages from official mirrors when the version is not supported anymore. > There will probably always be somebody that might be looking for them, > I've always had that feeling with RPMs compared to Debs. Can you elaborate here on how RPMs are different to .debs? What do you expect, when you're installing these packages? Do you expect them to work? Do you expect, they won't create a security issue? Do you want to be able to use them in production? Is there a value in distributing something, which doesn't work (anymore)? What happens, if there is an issue, or a distributed rpm contains a CVE? In that case, we'd actively distribute vulnerable software. I always wondered, why someone would ask for software with a vulnerability (or more). This is to get expectations right[1]. It might look good at the beginning, but can turn bad quite quickly. Matthias [1] https://twitter.com/AwardsDarwin/status/1003934362403049472 -- Matthias Runge Red Hat GmbH, http://www.de.redhat.com/, Registered seat: Grasbrunn, Commercial register: Amtsgericht Muenchen, HRB 153243, Managing Directors: Charles Cachera, Michael Cunningham, Michael O'Neill, Eric Shander ___ dev mailing list dev@lists.rdoproject.org http://lists.rdoproject.org/mailman/listinfo/dev To unsubscribe: dev-unsubscr...@lists.rdoproject.org
Re: [rdo-dev] openstack-newton rpm packages unavailable now
I'm not talking about quality, security or basically nothing in between either. Just the plain annoyance when packages are removed from mirrors. Lets just pretend for a while you're new at a job, and the most common thing is you inherit old setups. On that day you inherit an old OpenStack setup, on an old version, and the next version to upgrade does not exist in mirrors so you have no packages, and you cannot jump any more forward without a lot of work. We all know and have agreed in the community surveys so many times that upgrades are are hard. Well just let me end it with, I don't envy a person being in that situation... Best regards On 06/07/2018 10:38 AM, Matthias Runge wrote: > On Thu, Jun 07, 2018 at 05:13:06AM +, Tobias Urdin wrote: >> Just sliding in with my 2 cents which are off-topic to the discussion but... >> >> I've always found it fascinating why one would completely remove >> packages from official mirrors when the version is not supported anymore. >> There will probably always be somebody that might be looking for them, >> I've always had that feeling with RPMs compared to Debs. > Can you elaborate here on how RPMs are different to .debs? > > What do you expect, when you're installing these packages? > Do you expect them to work? Do you expect, they won't create > a security issue? Do you want to be able to use them in > production? Is there a value in distributing something, which > doesn't work (anymore)? > > What happens, if there is an issue, or a distributed rpm contains > a CVE? In that case, we'd actively distribute vulnerable software. > I always wondered, why someone would ask for software with > a vulnerability (or more). > > This is to get expectations right[1]. It might look good at the > beginning, but can turn bad quite quickly. > > Matthias > > [1] https://twitter.com/AwardsDarwin/status/1003934362403049472 ___ dev mailing list dev@lists.rdoproject.org http://lists.rdoproject.org/mailman/listinfo/dev To unsubscribe: dev-unsubscr...@lists.rdoproject.org
Re: [rdo-dev] openstack-newton rpm packages unavailable now
Hi, also totally off topic. I was asked to gather up all the lubuntu releases[1] as I also removed them at EoL. turns out that there are still 586 cpu's out there!! And, yes, I am still one missing - the very 1st one. Regards, Phill. 1. http://phillw.net/isos/lubuntu/ On 7 June 2018 at 10:17, Tobias Urdin wrote: > I'm not talking about quality, security or basically nothing in between > either. > Just the plain annoyance when packages are removed from mirrors. > > Lets just pretend for a while you're new at a job, and the most common > thing is you inherit old setups. > > On that day you inherit an old OpenStack setup, on an old version, and > the next version > to upgrade does not exist in mirrors so you have no packages, and you > cannot jump any more forward > without a lot of work. > > We all know and have agreed in the community surveys so many times that > upgrades are are hard. > Well just let me end it with, I don't envy a person being in that > situation... > > Best regards > > On 06/07/2018 10:38 AM, Matthias Runge wrote: > > On Thu, Jun 07, 2018 at 05:13:06AM +, Tobias Urdin wrote: > >> Just sliding in with my 2 cents which are off-topic to the discussion > but... > >> > >> I've always found it fascinating why one would completely remove > >> packages from official mirrors when the version is not supported > anymore. > >> There will probably always be somebody that might be looking for them, > >> I've always had that feeling with RPMs compared to Debs. > > Can you elaborate here on how RPMs are different to .debs? > > > > What do you expect, when you're installing these packages? > > Do you expect them to work? Do you expect, they won't create > > a security issue? Do you want to be able to use them in > > production? Is there a value in distributing something, which > > doesn't work (anymore)? > > > > What happens, if there is an issue, or a distributed rpm contains > > a CVE? In that case, we'd actively distribute vulnerable software. > > I always wondered, why someone would ask for software with > > a vulnerability (or more). > > > > This is to get expectations right[1]. It might look good at the > > beginning, but can turn bad quite quickly. > > > > Matthias > > > > [1] https://twitter.com/AwardsDarwin/status/1003934362403049472 > > ___ > dev mailing list > dev@lists.rdoproject.org > http://lists.rdoproject.org/mailman/listinfo/dev > > To unsubscribe: dev-unsubscr...@lists.rdoproject.org > ___ dev mailing list dev@lists.rdoproject.org http://lists.rdoproject.org/mailman/listinfo/dev To unsubscribe: dev-unsubscr...@lists.rdoproject.org
[rdo-dev] Rocky Milestone 2 RDO Test Days 14-15 June
Who’s up for a rematch? Rocky Milestone 2 is here and we’re ready to rumble! Join RDO [0] on June 14 & 15 for an awesome time of taking down bugs and fighting errors in the most recent release [1]. We won’t be pulling any punches. Want to get in on the action? We’re looking for developers, users, operators, quality engineers, writers, and, yes, YOU. If you’re reading this, we think you’re a champion and we want your help! We’ll have packages for the following platforms: * RHEL 7 * CentOS 7 You’ll want a fresh install with latest updates installed so that there’s no hard-to-reproduce interactions with other things. We’ll be collecting feedback, writing up tickets, filing bugs, and answering questions. Even if you only have a few hours to spare, we’d love your help taking this new version for a spin to work out any kinks. Not only will this help identify issues early in the development process, but you can be the one of the first to cut your teeth on the latest versions of your favorite deployment methods like TripleO, PackStack, and Kolla. Interested? We’ll be gathering on #rdo (on Freenode IRC) for any associated questions / discussions, and working through the “Does it work?” tests [2]. Like Rocky said, “The world ain’t all sunshine and rainbows,” but with your help, we can keep moving forward and make the RDO world better for those around us. Hope to see you on the 14th & 15th! [0] https://www.rdoproject.org/ [1] https://www.rdoproject.org/testday/ [2] https://www.rdoproject.org/testday/tests/ -- K Rain Leander OpenStack Community Liaison Open Source and Standards Team https://www.rdoproject.org/ http://community.redhat.com ___ dev mailing list dev@lists.rdoproject.org http://lists.rdoproject.org/mailman/listinfo/dev To unsubscribe: dev-unsubscr...@lists.rdoproject.org