[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Temporal Release Strategy

On Wed, Apr 20, 2005 at 02:06:12PM -0700, Jeff Carr wrote:
> Adam M wrote:
> >Why? Why is there RHEL 2.0, 3.0.. Why not just RHEL 2005-01-01,
> >2005-01-02, etc..? 
> Because redhat makes money selling releases.
> > The releases are there to provide interface stability. Everyone does 
> this.
> Everyone being other distributions? I disagree. How many Fortune 500 
> customers have you deployed debian for? interface stablility? Anyone 
> that cares looks at packages that matter specifically if it's being 
> deployed commercially.
> It's much better for acceptance that you don't have to have 
> conversations with managers because someone explains to them that you 
> should be using redhat because you are using "Debian unstable" or 
> "Debian testing" and it's *dangerous* and *unstable*. Get rid of these 
> stupid symlinks; debian sid's been superior to fedora for years.

There are at least three different comparisons:

Debian sid is comparable to e.g. RedHat Fedora or Gentoo (which of these 
three is best is a different discussion).

Debian sid is for experienced computer users who always want the latest 
software and who can live with a bug here or there.

Debian stable is comparable to personal editions of other distributions 
like e.g. SuSE Professional.

These distributions are for users with few experience who simply want a 
running system. Debian is a bit behind in terms of being up-to-date and 
of userfriendlyness, but it's far superior in it's stability.

Debian stable is comparable to the enterprise products of e.g. RedHat or 

These distributions are usually installed on servers that are installed 
and intensively tested once. Security fixes are a must but mustn't cause 
any breakages. Updates to new upstream versions which might break 

Note that you can't cover the last use case without a long-living and 
non-changing stable.

> >Now, if you want to support snapshot of Debian with 36 month security,
> >well, be my guest :) In the last 36-months, there were about 30
> >uploads of Apache to unstable. 
> Excellent.
> > Now, if only 15 such versions
> >propagated to stable snapshots, then you find a remote hole, and
> >suddenly you have to backport a security fix for 15 versions of
> >Apache!
> What?
> Isn't the process:
> 1) make a patch
> 2) give it to the apache developers
> 3) new packaged apache versions have the patch
> 4) patch makes it upstream
> 5) patch no longer needed in debian package

Look at the third use case I explained above. For these users of Debian, 
long-living releases where the _only_ changes are security fixes are 
_very_ important.

> >In many ways, current testing is your stable.
> No kidding, so what the heck is the point of having a stable symlink to 
> woody. The stable, testing and unstable symlinks should be removed. They 
> are just being used as FUD by people against debian.

They are not (see above).

> >Extending the testing period from testing to your proposed candidate 
> >and then stable would do nothing about normals bugs. RC bugs are 
> >usually found quite quickly by people using unstable.
> Why not let people choose what they want to use "woody" "sarge" or "sid" 
> and never change the names again. I think lots of people are happy with 
> how things work now. No need to ever do a release again. Just remove the 
> old/arcane symlinks. Almost everyone I know uses sid; I don't think 
> anyone is going to switch to sarge once sid is out.

See above.

> Jeff



       "Is there not promise of rain?" Ling Tan asked suddenly out
        of the darkness. There had been need of rain for many days.
       "Only a promise," Lao Er said.
                                       Pearl S. Buck - Dragon Seed

Reply to: