Re: Debian private repositories

To: "Bernhard R. Link" <brlink@debian.org>
Cc: debian-enterprise@lists.debian.org
Subject: Re: Debian private repositories
From: Marc Haber <mh+debian-enterprise@zugschlus.de>
Date: Sat, 5 May 2012 22:30:37 +0200
Message-id: <[🔎] 20120505203037.GB30876@torres.zugschlus.de>
In-reply-to: <[🔎] 20120503090858.GA25025@server.brlink.eu>
References: <87aa1s6c6r.fsf@windlord.stanford.edu> <[🔎] 20120502185318.GE12547@torres.zugschlus.de> <[🔎] 20120503090858.GA25025@server.brlink.eu>

Hi,

On Thu, May 03, 2012 at 11:08:58AM +0200, Bernhard R. Link wrote:
> * Marc Haber <mh+debian-enterprise@zugschlus.de> [120502 21:36]:
> > I would like to know if and how you handle wishes of departments to
> > keep older versions of software around and aptable. Afaik, reprepro
> > cannot handle archives that have multiple versions of a program in the
> > same distribution/suite and cannot be easily adapted to handle this.
> 
> Indeed, that functionality is not yet there and will not be there
> before the next big database reorganisation.
> 
> But note that multiple versions will not solve every problem yet.
> Installing and older version when newer versions are available
> with apt-get can mean you need to explicitly list all dependencies
> with versions in the case of interrelasted packages.

The packages for which this feature is needed are catered to allow
this, so this is a non-issue.

> > It is, however, frequently demanded in enterprise that one needs to be
> > able to newly deploy a machine using old software to care for
> > reproducibility.
> 
> If you want full reproducibility, you can use snapshots to
> freeze one state of a distribution in a apt-gettable way.

If your setup is large enough, you would end up with literally
thousands of snapshots.

> But security updates should be more important than full
> reproducibility. So your workflow should really have some way
> to update stuff.

I am pretty well aware of this, but my job is not about educating
other parts of my client organization.

> When having multiple computers with the same software installed,
> I have successfully used additional distributions with exactly
> those packages in it those machines should get. Due to using
> a pool/, all that adds is the size of the dists/ directory
> (and about the same size in db/).

That would, as well, end up with thousands of distributions that would
be to 99 % identical but would need special handling each

Greetings
Marc

-- 
-----------------------------------------------------------------------------
Marc Haber         | "I don't trust Computers. They | Mailadresse im Header
Mannheim, Germany  |  lose things."    Winona Ryder | Fon: *49 621 31958061
Nordisch by Nature |  How to make an American Quilt | Fax: *49 621 31958062

Reply to:

References:
- Re: Debian private repositories
  - From: Marc Haber <mh+debian-enterprise@zugschlus.de>
- Re: Debian private repositories
  - From: "Bernhard R. Link" <brlink@debian.org>

Prev by Date: Re: Debian private repositories
Previous by thread: Re: Debian private repositories
Index(es):
- Date
- Thread