Re: Temporal Release Strategy
On Wed, Apr 20, 2005 at 03:18:52PM -0700, Jeff Carr wrote:
> Adrian Bunk wrote:
> >Debian stable is comparable to the enterprise products of e.g. RedHat or
> >These distributions are usually installed on servers that are installed
> >and intensively tested once. Security fixes are a must but mustn't cause
> >any breakages. Updates to new upstream versions which might break
> Well, that is wishful thinking, but I've deployed debian sid against RH
> enterprise and commercial dists. Sometimes sid, sometimes sarge. It
> really depends on the customer and the competance of their staff.
> In any case, you are thinking wishfully here and I'm not sure you have
> deployed debian to large clients. The primary problem is the poor
> impression that:
> woody == stable == old
> sarge/sid == testing/unstable == broken == pain == my servers crash
> >Note that you can't cover the last use case without a long-living and
> >non-changing stable.
> I think the debian community would be better served if never again the
> words "stable" were tied to a particular release.
> How can you really say woody is any more "stable" than sid anyway? There
> are things so broken in the old versions of packages in woody that they
> can not be used anymore in a modern enviornment. Sure, it might be
> stable in the sense that it doesn't crash, but useless vs stable is
> undesirable. Having woody == stable is giving the false impression to
> people that don't know better that:
> debian stable == old == obsolete == something is wrong with this picture
> It just makes it hard to build confidence with decision makers that
> sid/sarge is safe to use over RHEL.
Let my try to explain it:
The "debian stable == obsolete" is a release management problem of
Debian. One release every year and it would be suitable for most
You say you've deployed Debian sarge and sid in server environments
(even sarge, although months old security fixes might be missing???).
Let me ask some questions:
- How many thousand people can't continue working if the server isn't
- How many million dollar does the customer lose every day the server is
- How many days without this server does it take until the company is
If the mail server of a small company isn't running for a few hours it's
not a problem - but there are also other environments.
Regarding things broken in woody:
In many environments, the important number is not the total number of
bugs but the number of regressions. Doing intensive tests once when you
install/upgrade the machine is acceptable, but requiring this every
month because it's required for the security updates that bring new
upstream releases is not acceptable.
> >Look at the third use case I explained above. For these users of Debian,
> >long-living releases where the _only_ changes are security fixes are
> >_very_ important.
> Again, I don't think you ever built a commercial product around Linux
> based on your statements here. No offence if you have, maybe it's just
> corporate culture differences between the EU and US?
There are reasons why companies pay several thousand dollars licence
fees for every computer they run the enterprise version of some
distribution on. E.g. RedHat supports each version of their enterprice
edition for seven years. A few thousand dollars are _nothing_ compared
to the support costs and man months that have to be put into setting up
and testing the system.
And I doubt these are only corporate culture differences between the EU
How many days does it take in the US until a bank is bankrupt after a
critical part of their computer infrastructure is broken?
> >>No kidding, so what the heck is the point of having a stable symlink to
> >>woody. The stable, testing and unstable symlinks should be removed. They
> >>are just being used as FUD by people against debian.
> >They are not (see above).
> I think I explained poorly what I meant by FUD. What I meant was that
> people that want other distributions to be used, use the FUD that sarge
> is "dangerous" and the only "stable" version of debian is ancient and
> too old to use.
I'd say both is not FUD - it's true.
Debian stable is ancient - but that's something you have to ask the
Debian release management about. If the officially announced release
date for sarge is now missed by more than one and a half years this is
the issue where investigation should take place.
I do personally know people who had serious mail loss due to #220983. At
the time I reported this bug, it was present in sarge. This problem
couldn't have happened in a Debian stable (because it would have been
discovered before the release would have been declared stable). This
kind of problems that can occur every day in sarge _are_ dangerous
"Is there not promise of rain?" Ling Tan asked suddenly out
of the darkness. There had been need of rain for many days.
"Only a promise," Lao Er said.
Pearl S. Buck - Dragon Seed