1 |
On Mon, Jan 2, 2023 at 7:48 AM m1027 <m1027@××××××.net> wrote: |
2 |
> |
3 |
> When we create apps on Gentoo they become easily incompatible for |
4 |
> older Gentoo systems in production where unattended remote world |
5 |
> updates are risky. This is due to new glibc, openssl-3 etc. |
6 |
|
7 |
So, unless you're proposing some improvement this might be |
8 |
better-suited for the -user list. Officially Gentoo doesn't really |
9 |
"support" a stable/LTS/release-based environment. That isn't to say |
10 |
that it couldn't be made to do this, however, a more release-based |
11 |
process is one of the core competencies of most other distros, so I'm |
12 |
not sure how much Gentoo would add here vs just running something |
13 |
else. |
14 |
|
15 |
> (1) Keeping outdated developer boxes around and compile there. We |
16 |
> would freeze portage against accidental emerge sync by creating a |
17 |
> git branch in /var/db/repos/gentoo. This feels hacky and requires a |
18 |
> increating number of develper VMs. And sometimes we are hit by a |
19 |
> silent incompatibility we were not aware of. |
20 |
|
21 |
If you're running a large production environment and want a stable |
22 |
platform to target, I'd think you'd want to minimize the number of |
23 |
those you have. You wouldn't want every server running a different |
24 |
base OS, and then have a branch to target development at it. |
25 |
|
26 |
The idea of basing your own releases on Gentoo is probably something |
27 |
many companies do. All you need is to just host one repository and |
28 |
distfile mirror for it, and point all your production hosts at it. |
29 |
Then you could have staging/development environments, and promote the |
30 |
core OS as appropriate. Then your migration path is the same for all |
31 |
hosts and you can account for major vs minor changes. |
32 |
|
33 |
You do need to mirror distfiles as one of the weaknesses of Gentoo for |
34 |
a release-based strategy is that we do not have a solid solution for |
35 |
archiving things like patches/services/etc that are distributed |
36 |
outside of the repo. If a package is removed from the current repo no |
37 |
QA process ensures that the SRC_URIs for anything they used remain |
38 |
stable. |
39 |
|
40 |
Of course somebody would need to do the work but it shouldn't be THAT |
41 |
difficult to have a Gentoo Reference Release project that basically |
42 |
just snapshots the repository/distfiles at points in time and provides |
43 |
a guarantee of clean updates between milestones. Of course if you |
44 |
want backported security updates on top of that this would be quite a |
45 |
bit more effort. It would mainly be useful for those who aren't |
46 |
updating regularly, but completely ignoring all updates isn't a good |
47 |
practice regardless which is probably part of why this hasn't |
48 |
happened. You could greatly minimize the cost of backporting security |
49 |
updates if you only targeted packages of interest to you, or where the |
50 |
updates are low-risk to you, but that depends quite a bit on your own |
51 |
needs. |
52 |
|
53 |
> (3) Distributing apps as VMs or docker: Even those tools advance and |
54 |
> become incompatible, right? And not suitable when for smaller Arm |
55 |
> devices. |
56 |
|
57 |
I don't see why containers would be unsuitable for ARM. VMs certainly |
58 |
are memory hogs but well-designed containers don't really consume much |
59 |
more memory than the service they are hosting. Of course if you dump |
60 |
a whole OS in a container that will consume a fair bit of RAM. |
61 |
|
62 |
An advantage of containers is that they make the host OS less |
63 |
relevant. You could run a release-based distro with security-only |
64 |
updates on the host, and then application containers are low-risk to |
65 |
update remotely and can be built in whatever environment they are most |
66 |
suited to. |
67 |
|
68 |
There is a reason k8s is popular. |
69 |
|
70 |
-- |
71 |
Rich |