| 1 |
"Mark Knecht" <markknecht@×××××.com> posted |
| 2 |
5bdc1c8b0811241446s7b7b01e7qba78f4e6de060a38@××××××××××.com, excerpted |
| 3 |
below, on Mon, 24 Nov 2008 14:46:35 -0800: |
| 4 |
|
| 5 |
>> Personally, I default to ~arch, and unmask hard-masked packages either |
| 6 |
>> in- tree or from various overlays from time to time as well. |
| 7 |
> |
| 8 |
> Where do you do this? In /etc/make.conf? I've never run a machine like |
| 9 |
> that but would be interested in at least seeing how many packages this |
| 10 |
> machine would have to rebuild if I went there. |
| 11 |
|
| 12 |
Yes, I set ACCEPT_KEYWORDS=~amd64 (which automatically includes stable |
| 13 |
amd64 as well, as shown by an emerge --info) in /etc/make.conf. You'd be |
| 14 |
surprised at how far out of date stable arch is in some cases. Of course |
| 15 |
in other cases, generally mature and real slow moving packages, the |
| 16 |
latest version available has long been stable on most or all archs (see |
| 17 |
below). |
| 18 |
|
| 19 |
> Also, when you say '~arch' on this list do you really mean ~amd64, or is |
| 20 |
> there a real ~arch that I've not learned about? |
| 21 |
|
| 22 |
~arch (arch being short for machine-architecture, with the stable |
| 23 |
equivalent then being just arch or simply stable) is simply the generic |
| 24 |
term for what on Debian would be (AFAIK) testing, for any machine type, |
| 25 |
amd64/x86/ppc/ppc64/mips/superh(sh)/whatever, altho some of the lower use |
| 26 |
ones are classed as experimental and only get ~arch. They don't get full |
| 27 |
stable as there's simply not enough devs and ATs on those archs to keep |
| 28 |
up with stable testing. |
| 29 |
|
| 30 |
> Generally I've always run stable and then never shied away from having a |
| 31 |
> larger set of file in my package.keywords file to get what I think I |
| 32 |
> want to run. |
| 33 |
|
| 34 |
With ~arch by default, you normally have very few packages listed in |
| 35 |
package.keywords. There /may/ be a few individual packages that you |
| 36 |
choose to stay with stable on, but at least here, I don't use |
| 37 |
package.keywords for that but rather, package.mask, and mask whatever |
| 38 |
individual version I'm having problems with, thereby forcing portage back |
| 39 |
to a previous version, whether that's stable or an earlier ~arch version. |
| 40 |
|
| 41 |
Another bonus of ~arch is that you very seldom ever have a security |
| 42 |
upgrade to worry about (I've seen one in >4 years), because most of the |
| 43 |
time you're well past the afflicted versions in any case. At least |
| 44 |
that's the case if you also do --deep by default when you upgrade, as I |
| 45 |
do. |
| 46 |
|
| 47 |
The parallel down-side, however, is that there's quite a bit more package |
| 48 |
churn on ~arch -- a package may go thru several -r versions and |
| 49 |
occasionally even several upstream releases for ~arch, before one is |
| 50 |
actually demonstrated to be stable enough to be keyworded straight arch. |
| 51 |
|
| 52 |
The packages I /do/ have listed in package.keywords are usually there so |
| 53 |
I can keyword them something else, perhaps ** if I'm testing a package |
| 54 |
that has no arch keywords at all yet (KEYWORDS="", the empty set). or |
| 55 |
occasionally x86 if I'm testing something that's keyworded for it but has |
| 56 |
no amd64 keyword at all, ~ or not. In theory it could be something else |
| 57 |
too, but it's relatively unlikely to be needed as long as x86 and amd64 |
| 58 |
are the majority archs. |
| 59 |
|
| 60 |
> I don't think that running 'stable' anymore really means stable. package |
| 61 |
> management has (IMO, really) gotten rather arbitrary over the last 2 |
| 62 |
> years to the extent that I know of multiple people who have left the |
| 63 |
> distro because stable packages are really broken. It's hard on some |
| 64 |
> people with certain workload models (say a professional recording |
| 65 |
> studio) to run stable, do updates, find new software is broken, and then |
| 66 |
> have to downgrade. Lost time is lost money. I know of at least 4 that |
| 67 |
> have moved onto other prepacked distros in the last year. Disappointing. |
| 68 |
|
| 69 |
I've heard that before, but as I run ~arch by default, I obviously have |
| 70 |
no personal experience to go on. What I believe happens is that devs by |
| 71 |
definition will be running ~arch on many of their boxes, and that while |
| 72 |
they are supposed to and I'm sure do actually test on a stable box before |
| 73 |
marking stable, the test sample size is by practical reality relatively |
| 74 |
small, and sometimes, when the package hits the larger stable user base, |
| 75 |
there /will/ be the occasional configuration that breaks, because there |
| 76 |
was simply no case of it in the tested sample base. |
| 77 |
|
| 78 |
Of course, there's also the occasional pure mistake, plain and simple, |
| 79 |
where some dev goofed and something got marked stable that shouldn't have |
| 80 |
been. |
| 81 |
|
| 82 |
But as I was explaining earlier, other than the occasional simply broken |
| 83 |
config that's normally caught before a package gets anywhere near stable, |
| 84 |
I believe someone running ~arch and regularly updating --deep is probably |
| 85 |
less likely to run into issues than somebody running who knows /how/ old |
| 86 |
and stale deep dependencies that simply haven't been upgraded in ages, |
| 87 |
because nothing required it, the user is on stable so they're behind |
| 88 |
upstream's development edge in any case, and the user normally doesn't |
| 89 |
use --deep when he does his upgrades so the dependencies tend to stay at |
| 90 |
the absolute minimum version necessary to work, which can as I said be |
| 91 |
years behind what the upstream provider of the package is working on, and |
| 92 |
broken in all sorts of ways against current versions of gcc and glibc and |
| 93 |
the various dependency libraries. |
| 94 |
|
| 95 |
Here's a bit of the upstream perspective. I'm not a dev per se but I'm |
| 96 |
relatively closely involved with the pan (nntp/newsgroup client) |
| 97 |
upstream, being AFAIK the oldest and most active regular on the pan user |
| 98 |
and developer lists. Most users on the lists will be using the latest |
| 99 |
version or close to it, and when a new version of gcc or glib or gtk |
| 100 |
comes out, we'll be working on patches to get pan working with the |
| 101 |
latest. Someone with better development skills than me usually gets a |
| 102 |
working patch relatively quickly, and we all submit it to our various |
| 103 |
distributions (I submit to Gentoo, of course, and have a working |
| 104 |
relationship with eva@gentoo, the Gentoo dev that usually handles pan) |
| 105 |
and the pan/gnome bugzilla itself, so Charles (the actual developer) can |
| 106 |
incorporate it in the next release when he gets around to doing one. |
| 107 |
|
| 108 |
Then six months or a year later, we get people coming in with the same |
| 109 |
problems we dealt with back then and have by now forgotten the details |
| 110 |
of, asking how to get two-year-old pan versions to compile. That's not |
| 111 |
even counting the ones still using the old and no longer updated pan |
| 112 |
0.14.x C language version, when upstream pan has for /years/ now been an |
| 113 |
entirely recoded in C++ version, starting with 0.90 and now on 0.133. |
| 114 |
(To be fair, the new C++ version hasn't had an official "stable" release |
| 115 |
upstream yet, but it works better than the old crufty code ever did, the |
| 116 |
old code is now broken on anything like a modern compiler or against |
| 117 |
modern glib or gtk, and despite the lack of an official stable new-code |
| 118 |
version, the old-code is officially unsupported now, with no further |
| 119 |
development taking place.) |
| 120 |
|
| 121 |
So I know first hand from an upstream perspective what it's like trying |
| 122 |
to deal with years outdated "stable" versions. |
| 123 |
|
| 124 |
Then there's the fact that with 0.132 released Aug. 1, 2007, and an |
| 125 |
updated 0.133 released exactly a year later, Aug. 1, 2008, the unpatched |
| 126 |
0.132 as STILL carried by Ubuntu even in their latest 2008.10 release, |
| 127 |
HAS A KNOWN SECURITY VULNERABILITY! This despite the fact that a patch |
| 128 |
was released in late May, and they've had a security bug open on it, just |
| 129 |
sitting there for nearly that long! (I personally filed the Gentoo bug |
| 130 |
in late May, the ~arch version was patched within two weeks, and an |
| 131 |
upgrade with the patch was stabilized and GLSA released by July, AFAIK.) |
| 132 |
Needless to say some of us pan upstream regulars are a bit irritated at |
| 133 |
Ubuntu right now, with who knows how many users not only from the 2008.4 |
| 134 |
release but now the 2008.10 release as well, left vulnerable to a |
| 135 |
publicly known security bug. |
| 136 |
|
| 137 |
At least Gentoo stable isn't /that/ bad! We got our updates and the GLSA |
| 138 |
out, and the old/vulnerable versions hard/security masked and then |
| 139 |
removed. But perhaps you get the idea why I don't find stable a choice |
| 140 |
particularly usable for me personally at least, now. Of course I'm |
| 141 |
closer to pan upstream than anything else, but knowing what I know about |
| 142 |
stale stable packages often lacking all the fixes (security and |
| 143 |
otherwise) of the latest upstream version with pan, it has only made me |
| 144 |
more of a confirmed ~arch user than I would have been otherwise. |
| 145 |
|
| 146 |
-- |
| 147 |
Duncan - List replies preferred. No HTML msgs. |
| 148 |
"Every nonfree program has a lord, a master -- |
| 149 |
and if you use the program, he is your master." Richard Stallman |
Archives