Re: [gentoo-dev] Large scale deployments - and portage - gentoo-dev

From:	Stuart Herbert <stuart@g.o>
To:	gentoo-dev@g.o
Subject:	Re: [gentoo-dev] Large scale deployments - and portage
Date:	Mon, 18 Aug 2003 14:16:56
Message-Id:	`200308181514.49195.stuart@gentoo.org`
In Reply to:	Re: [gentoo-dev] Large scale deployments - and portage by Matt Thrailkill

1

Matt, Ron,

2

3

I agree with you both - to a point.  The current CVS strategy has gotten 

4

Gentoo this far, but it needs to evolve if Gentoo is to become more friendly 

5

to large companies.  It is being talked about amongst key Gentoo developers, 

6

but at the moment I don't know the current status, or any timescales.

7

8

One thing I'd like to see is the eradication of the word 'stable' from 

9

anything to do with Portage.  Right now, I don't see any clear or consistent 

10

understanding of what 'stable' means, and I don't think that the term is 

11

actually very helpful.  Does 'stable' mean fit for production use?  Does it 

12

simply mean 'the ebuild works, and the app doesn't segfault when you fire it 

13

up'?  It's not helpful.

14

15

If Gentoo moves to a multiple-tree strategy, -CURRENT is fair enough I guess, 

16

as are -RELEASE branches (although the whole idea of a RELEASE needs 

17

re-considering too I believe).  But what would -STABLE in between actually 

18

mean?  We need a better word.  Heck, even -UNMASKED would be a better start - 

19

at least it's more accurate, and something that we could reach a clear 

20

definition on.

21

22

I believe that ebuilds *should* have a guaranteed minimum life expectency in 

23

the Portage tree; I also believe that developers *should* announce the 

24

removal of an ebuild before it is removed, to give time for any necessary 

25

debate or local archiving into /usr/local/portage.  Right now, a) it doesn't 

26

happen, and b) there's nowhere suitable to make the announcement anyway.  You 

27

can find out more about my opinion on managing individual ebuilds by reading 

28

a draft document on dev.gentoo.org/~stuart/sponsorship/.  You'll need a PDF 

29

reader to read it.

30

31

Getting back to managing the larger Portage tree ... I don't agree that 

32

providing support for 'tagged branches' is just as simple as making the 

33

tagged branches available for x period of time.  A 'tagged branch' wouldn't 

34

be suitable for any large software provider to certify against - because it's 

35

an incomplete target.  A tagged branch is just a bunch of ebuilds.  It 

36

doesn't include the compiler you used, the CFLAGS you used, or the 

37

architecture you're running on.  And the moment a branch is tagged, it 

38

becomes a liability.

39

40

Let's look at a traditional SCM (software change management) problem for a 

41

moment.  What happens to the 'tagged branch' when security problems are 

42

found?  What about when important bug fixes are needed?  Would we backport 

43

those ebuilds into the tagged branches?  Where would that effort come from?  

44

Who would do that work?

45

46

Look at the alternative - withdraw a particular tagged branch, and tell users 

47

to upgrade to a different tagged branch.  Unfortunately, you're going to have 

48

an unpredictable amount of change between those branches.  The effort of 

49

moving could be high, and would be difficult to plan for in advance.  We'd 

50

end up like - shall we say - certain older distributions, where from time to 

51

time wiping the box is less hassle than performing the upgrade.

52

53

What does a certification program involve?  Any QA practice that is more than 

54

cosmetic would include SCM, and the SCM team would require that the exact 

55

versions of libraries and supporting utilities are identified and documented.  

56

Which is exactly how ebuilds work in practice.  You'd have to throw in 

57

environmental factors - hardware, file systems & disk layouts, etc etc - but 

58

the ebuild is at the heart of it, and not the wider distribution.  If all the 

59

technical factors are satisfied, then the QA practice would approve 

60

certification.  Although a tag is a convenient way of saying that all these 

61

factors *should* be present, Gentoo's ebuilds provide a viable alternative.

62

63

I really don't see how the Gentoo approach is incompatible with that QA 

64

practice.  In reality, certifications are a political tool as much as a 

65

technical one - and there Gentoo will face new challenges for sure.

66

67

Best regards,

68

Stu

69

--

70

Stuart Herbert                                              stuart@g.o

71

Gentoo Developer                                       http://www.gentoo.org/

72

Beta packages for download            http://dev.gentoo.org/~stuart/packages/

73

Come and meet me in March 2004                 http://www.phparch.com/cruise/

74

75

GnuGP key id# F9AFC57C available from http://pgp.mit.edu

76

Key fingerprint = 31FB 50D4 1F88 E227 F319  C549 0C2F 80BA F9AF C57C

77

--

1	Matt, Ron,
2
3	I agree with you both - to a point. The current CVS strategy has gotten
4	Gentoo this far, but it needs to evolve if Gentoo is to become more friendly
5	to large companies. It is being talked about amongst key Gentoo developers,
6	but at the moment I don't know the current status, or any timescales.
7
8	One thing I'd like to see is the eradication of the word 'stable' from
9	anything to do with Portage. Right now, I don't see any clear or consistent
10	understanding of what 'stable' means, and I don't think that the term is
11	actually very helpful. Does 'stable' mean fit for production use? Does it
12	simply mean 'the ebuild works, and the app doesn't segfault when you fire it
13	up'? It's not helpful.
14
15	If Gentoo moves to a multiple-tree strategy, -CURRENT is fair enough I guess,
16	as are -RELEASE branches (although the whole idea of a RELEASE needs
17	re-considering too I believe). But what would -STABLE in between actually
18	mean? We need a better word. Heck, even -UNMASKED would be a better start -
19	at least it's more accurate, and something that we could reach a clear
20	definition on.
21
22	I believe that ebuilds should have a guaranteed minimum life expectency in
23	the Portage tree; I also believe that developers should announce the
24	removal of an ebuild before it is removed, to give time for any necessary
25	debate or local archiving into /usr/local/portage. Right now, a) it doesn't
26	happen, and b) there's nowhere suitable to make the announcement anyway. You
27	can find out more about my opinion on managing individual ebuilds by reading
28	a draft document on dev.gentoo.org/~stuart/sponsorship/. You'll need a PDF
29	reader to read it.
30
31	Getting back to managing the larger Portage tree ... I don't agree that
32	providing support for 'tagged branches' is just as simple as making the
33	tagged branches available for x period of time. A 'tagged branch' wouldn't
34	be suitable for any large software provider to certify against - because it's
35	an incomplete target. A tagged branch is just a bunch of ebuilds. It
36	doesn't include the compiler you used, the CFLAGS you used, or the
37	architecture you're running on. And the moment a branch is tagged, it
38	becomes a liability.
39
40	Let's look at a traditional SCM (software change management) problem for a
41	moment. What happens to the 'tagged branch' when security problems are
42	found? What about when important bug fixes are needed? Would we backport
43	those ebuilds into the tagged branches? Where would that effort come from?
44	Who would do that work?
45
46	Look at the alternative - withdraw a particular tagged branch, and tell users
47	to upgrade to a different tagged branch. Unfortunately, you're going to have
48	an unpredictable amount of change between those branches. The effort of
49	moving could be high, and would be difficult to plan for in advance. We'd
50	end up like - shall we say - certain older distributions, where from time to
51	time wiping the box is less hassle than performing the upgrade.
52
53	What does a certification program involve? Any QA practice that is more than
54	cosmetic would include SCM, and the SCM team would require that the exact
55	versions of libraries and supporting utilities are identified and documented.
56	Which is exactly how ebuilds work in practice. You'd have to throw in
57	environmental factors - hardware, file systems & disk layouts, etc etc - but
58	the ebuild is at the heart of it, and not the wider distribution. If all the
59	technical factors are satisfied, then the QA practice would approve
60	certification. Although a tag is a convenient way of saying that all these
61	factors should be present, Gentoo's ebuilds provide a viable alternative.
62
63	I really don't see how the Gentoo approach is incompatible with that QA
64	practice. In reality, certifications are a political tool as much as a
65	technical one - and there Gentoo will face new challenges for sure.
66
67	Best regards,
68	Stu
69	--
70	Stuart Herbert stuart@g.o
71	Gentoo Developer http://www.gentoo.org/
72	Beta packages for download http://dev.gentoo.org/~stuart/packages/
73	Come and meet me in March 2004 http://www.phparch.com/cruise/
74
75	GnuGP key id# F9AFC57C available from http://pgp.mit.edu
76	Key fingerprint = 31FB 50D4 1F88 E227 F319 C549 0C2F 80BA F9AF C57C
77	--

Gentoo Archives: gentoo-dev