1 |
"Mark Knecht" <markknecht@×××××.com> posted |
2 |
5bdc1c8b0811241446s7b7b01e7qba78f4e6de060a38@××××××××××.com, excerpted |
3 |
below, on Mon, 24 Nov 2008 14:46:35 -0800: |
4 |
|
5 |
>> Personally, I default to ~arch, and unmask hard-masked packages either |
6 |
>> in- tree or from various overlays from time to time as well. |
7 |
> |
8 |
> Where do you do this? In /etc/make.conf? I've never run a machine like |
9 |
> that but would be interested in at least seeing how many packages this |
10 |
> machine would have to rebuild if I went there. |
11 |
|
12 |
Yes, I set ACCEPT_KEYWORDS=~amd64 (which automatically includes stable |
13 |
amd64 as well, as shown by an emerge --info) in /etc/make.conf. You'd be |
14 |
surprised at how far out of date stable arch is in some cases. Of course |
15 |
in other cases, generally mature and real slow moving packages, the |
16 |
latest version available has long been stable on most or all archs (see |
17 |
below). |
18 |
|
19 |
> Also, when you say '~arch' on this list do you really mean ~amd64, or is |
20 |
> there a real ~arch that I've not learned about? |
21 |
|
22 |
~arch (arch being short for machine-architecture, with the stable |
23 |
equivalent then being just arch or simply stable) is simply the generic |
24 |
term for what on Debian would be (AFAIK) testing, for any machine type, |
25 |
amd64/x86/ppc/ppc64/mips/superh(sh)/whatever, altho some of the lower use |
26 |
ones are classed as experimental and only get ~arch. They don't get full |
27 |
stable as there's simply not enough devs and ATs on those archs to keep |
28 |
up with stable testing. |
29 |
|
30 |
> Generally I've always run stable and then never shied away from having a |
31 |
> larger set of file in my package.keywords file to get what I think I |
32 |
> want to run. |
33 |
|
34 |
With ~arch by default, you normally have very few packages listed in |
35 |
package.keywords. There /may/ be a few individual packages that you |
36 |
choose to stay with stable on, but at least here, I don't use |
37 |
package.keywords for that but rather, package.mask, and mask whatever |
38 |
individual version I'm having problems with, thereby forcing portage back |
39 |
to a previous version, whether that's stable or an earlier ~arch version. |
40 |
|
41 |
Another bonus of ~arch is that you very seldom ever have a security |
42 |
upgrade to worry about (I've seen one in >4 years), because most of the |
43 |
time you're well past the afflicted versions in any case. At least |
44 |
that's the case if you also do --deep by default when you upgrade, as I |
45 |
do. |
46 |
|
47 |
The parallel down-side, however, is that there's quite a bit more package |
48 |
churn on ~arch -- a package may go thru several -r versions and |
49 |
occasionally even several upstream releases for ~arch, before one is |
50 |
actually demonstrated to be stable enough to be keyworded straight arch. |
51 |
|
52 |
The packages I /do/ have listed in package.keywords are usually there so |
53 |
I can keyword them something else, perhaps ** if I'm testing a package |
54 |
that has no arch keywords at all yet (KEYWORDS="", the empty set). or |
55 |
occasionally x86 if I'm testing something that's keyworded for it but has |
56 |
no amd64 keyword at all, ~ or not. In theory it could be something else |
57 |
too, but it's relatively unlikely to be needed as long as x86 and amd64 |
58 |
are the majority archs. |
59 |
|
60 |
> I don't think that running 'stable' anymore really means stable. package |
61 |
> management has (IMO, really) gotten rather arbitrary over the last 2 |
62 |
> years to the extent that I know of multiple people who have left the |
63 |
> distro because stable packages are really broken. It's hard on some |
64 |
> people with certain workload models (say a professional recording |
65 |
> studio) to run stable, do updates, find new software is broken, and then |
66 |
> have to downgrade. Lost time is lost money. I know of at least 4 that |
67 |
> have moved onto other prepacked distros in the last year. Disappointing. |
68 |
|
69 |
I've heard that before, but as I run ~arch by default, I obviously have |
70 |
no personal experience to go on. What I believe happens is that devs by |
71 |
definition will be running ~arch on many of their boxes, and that while |
72 |
they are supposed to and I'm sure do actually test on a stable box before |
73 |
marking stable, the test sample size is by practical reality relatively |
74 |
small, and sometimes, when the package hits the larger stable user base, |
75 |
there /will/ be the occasional configuration that breaks, because there |
76 |
was simply no case of it in the tested sample base. |
77 |
|
78 |
Of course, there's also the occasional pure mistake, plain and simple, |
79 |
where some dev goofed and something got marked stable that shouldn't have |
80 |
been. |
81 |
|
82 |
But as I was explaining earlier, other than the occasional simply broken |
83 |
config that's normally caught before a package gets anywhere near stable, |
84 |
I believe someone running ~arch and regularly updating --deep is probably |
85 |
less likely to run into issues than somebody running who knows /how/ old |
86 |
and stale deep dependencies that simply haven't been upgraded in ages, |
87 |
because nothing required it, the user is on stable so they're behind |
88 |
upstream's development edge in any case, and the user normally doesn't |
89 |
use --deep when he does his upgrades so the dependencies tend to stay at |
90 |
the absolute minimum version necessary to work, which can as I said be |
91 |
years behind what the upstream provider of the package is working on, and |
92 |
broken in all sorts of ways against current versions of gcc and glibc and |
93 |
the various dependency libraries. |
94 |
|
95 |
Here's a bit of the upstream perspective. I'm not a dev per se but I'm |
96 |
relatively closely involved with the pan (nntp/newsgroup client) |
97 |
upstream, being AFAIK the oldest and most active regular on the pan user |
98 |
and developer lists. Most users on the lists will be using the latest |
99 |
version or close to it, and when a new version of gcc or glib or gtk |
100 |
comes out, we'll be working on patches to get pan working with the |
101 |
latest. Someone with better development skills than me usually gets a |
102 |
working patch relatively quickly, and we all submit it to our various |
103 |
distributions (I submit to Gentoo, of course, and have a working |
104 |
relationship with eva@gentoo, the Gentoo dev that usually handles pan) |
105 |
and the pan/gnome bugzilla itself, so Charles (the actual developer) can |
106 |
incorporate it in the next release when he gets around to doing one. |
107 |
|
108 |
Then six months or a year later, we get people coming in with the same |
109 |
problems we dealt with back then and have by now forgotten the details |
110 |
of, asking how to get two-year-old pan versions to compile. That's not |
111 |
even counting the ones still using the old and no longer updated pan |
112 |
0.14.x C language version, when upstream pan has for /years/ now been an |
113 |
entirely recoded in C++ version, starting with 0.90 and now on 0.133. |
114 |
(To be fair, the new C++ version hasn't had an official "stable" release |
115 |
upstream yet, but it works better than the old crufty code ever did, the |
116 |
old code is now broken on anything like a modern compiler or against |
117 |
modern glib or gtk, and despite the lack of an official stable new-code |
118 |
version, the old-code is officially unsupported now, with no further |
119 |
development taking place.) |
120 |
|
121 |
So I know first hand from an upstream perspective what it's like trying |
122 |
to deal with years outdated "stable" versions. |
123 |
|
124 |
Then there's the fact that with 0.132 released Aug. 1, 2007, and an |
125 |
updated 0.133 released exactly a year later, Aug. 1, 2008, the unpatched |
126 |
0.132 as STILL carried by Ubuntu even in their latest 2008.10 release, |
127 |
HAS A KNOWN SECURITY VULNERABILITY! This despite the fact that a patch |
128 |
was released in late May, and they've had a security bug open on it, just |
129 |
sitting there for nearly that long! (I personally filed the Gentoo bug |
130 |
in late May, the ~arch version was patched within two weeks, and an |
131 |
upgrade with the patch was stabilized and GLSA released by July, AFAIK.) |
132 |
Needless to say some of us pan upstream regulars are a bit irritated at |
133 |
Ubuntu right now, with who knows how many users not only from the 2008.4 |
134 |
release but now the 2008.10 release as well, left vulnerable to a |
135 |
publicly known security bug. |
136 |
|
137 |
At least Gentoo stable isn't /that/ bad! We got our updates and the GLSA |
138 |
out, and the old/vulnerable versions hard/security masked and then |
139 |
removed. But perhaps you get the idea why I don't find stable a choice |
140 |
particularly usable for me personally at least, now. Of course I'm |
141 |
closer to pan upstream than anything else, but knowing what I know about |
142 |
stale stable packages often lacking all the fixes (security and |
143 |
otherwise) of the latest upstream version with pan, it has only made me |
144 |
more of a confirmed ~arch user than I would have been otherwise. |
145 |
|
146 |
-- |
147 |
Duncan - List replies preferred. No HTML msgs. |
148 |
"Every nonfree program has a lord, a master -- |
149 |
and if you use the program, he is your master." Richard Stallman |