| 1 |
On Mon, Jan 2, 2023 at 7:48 AM m1027 <m1027@××××××.net> wrote: |
| 2 |
> |
| 3 |
> When we create apps on Gentoo they become easily incompatible for |
| 4 |
> older Gentoo systems in production where unattended remote world |
| 5 |
> updates are risky. This is due to new glibc, openssl-3 etc. |
| 6 |
|
| 7 |
So, unless you're proposing some improvement this might be |
| 8 |
better-suited for the -user list. Officially Gentoo doesn't really |
| 9 |
"support" a stable/LTS/release-based environment. That isn't to say |
| 10 |
that it couldn't be made to do this, however, a more release-based |
| 11 |
process is one of the core competencies of most other distros, so I'm |
| 12 |
not sure how much Gentoo would add here vs just running something |
| 13 |
else. |
| 14 |
|
| 15 |
> (1) Keeping outdated developer boxes around and compile there. We |
| 16 |
> would freeze portage against accidental emerge sync by creating a |
| 17 |
> git branch in /var/db/repos/gentoo. This feels hacky and requires a |
| 18 |
> increating number of develper VMs. And sometimes we are hit by a |
| 19 |
> silent incompatibility we were not aware of. |
| 20 |
|
| 21 |
If you're running a large production environment and want a stable |
| 22 |
platform to target, I'd think you'd want to minimize the number of |
| 23 |
those you have. You wouldn't want every server running a different |
| 24 |
base OS, and then have a branch to target development at it. |
| 25 |
|
| 26 |
The idea of basing your own releases on Gentoo is probably something |
| 27 |
many companies do. All you need is to just host one repository and |
| 28 |
distfile mirror for it, and point all your production hosts at it. |
| 29 |
Then you could have staging/development environments, and promote the |
| 30 |
core OS as appropriate. Then your migration path is the same for all |
| 31 |
hosts and you can account for major vs minor changes. |
| 32 |
|
| 33 |
You do need to mirror distfiles as one of the weaknesses of Gentoo for |
| 34 |
a release-based strategy is that we do not have a solid solution for |
| 35 |
archiving things like patches/services/etc that are distributed |
| 36 |
outside of the repo. If a package is removed from the current repo no |
| 37 |
QA process ensures that the SRC_URIs for anything they used remain |
| 38 |
stable. |
| 39 |
|
| 40 |
Of course somebody would need to do the work but it shouldn't be THAT |
| 41 |
difficult to have a Gentoo Reference Release project that basically |
| 42 |
just snapshots the repository/distfiles at points in time and provides |
| 43 |
a guarantee of clean updates between milestones. Of course if you |
| 44 |
want backported security updates on top of that this would be quite a |
| 45 |
bit more effort. It would mainly be useful for those who aren't |
| 46 |
updating regularly, but completely ignoring all updates isn't a good |
| 47 |
practice regardless which is probably part of why this hasn't |
| 48 |
happened. You could greatly minimize the cost of backporting security |
| 49 |
updates if you only targeted packages of interest to you, or where the |
| 50 |
updates are low-risk to you, but that depends quite a bit on your own |
| 51 |
needs. |
| 52 |
|
| 53 |
> (3) Distributing apps as VMs or docker: Even those tools advance and |
| 54 |
> become incompatible, right? And not suitable when for smaller Arm |
| 55 |
> devices. |
| 56 |
|
| 57 |
I don't see why containers would be unsuitable for ARM. VMs certainly |
| 58 |
are memory hogs but well-designed containers don't really consume much |
| 59 |
more memory than the service they are hosting. Of course if you dump |
| 60 |
a whole OS in a container that will consume a fair bit of RAM. |
| 61 |
|
| 62 |
An advantage of containers is that they make the host OS less |
| 63 |
relevant. You could run a release-based distro with security-only |
| 64 |
updates on the host, and then application containers are low-risk to |
| 65 |
update remotely and can be built in whatever environment they are most |
| 66 |
suited to. |
| 67 |
|
| 68 |
There is a reason k8s is popular. |
| 69 |
|
| 70 |
-- |
| 71 |
Rich |
Archives