|
|
|
|
|
|
|
[Original]
[Print]
[Top]
|
During the last "emerge -uD world" samba was upgraded from
3.0.10-something to 3.014-something and after that I couldn't persuade
it to work. Deamons get executed and run and I can log on to the
network, but all shares are empty and if I try to write something, I get
some weird errors. I have tried all available releases and all behave
the same.
Funny thing is, there is no more ebuild for 3.0.10 (or anything except
3.0.14), so I can't simply downgrade.
At the moment I am running 3.0.20 which i compiled by hand-outside of
portage.
This brings me to another question- why is so urgent to trim portage
tree of any older versions ?
This is not the first time I have got bitten this way.
One would expect that once the old ebuilds are on the machine, they
present no additional burden to servers infrastructure...
Regards,
Branko
|
|
[Original]
[Print]
[Top]
|
|
[Original]
[Print]
[Top]
|
Brane2 wrote:
During the last "emerge -uD world" samba was upgraded from
3.0.10-something to 3.014-something and after that I couldn't persuade
it to work. Deamons get executed and run and I can log on to the
network, but all shares are empty and if I try to write something, I get
some weird errors. I have tried all available releases and all behave
the same.
Funny thing is, there is no more ebuild for 3.0.10 (or anything except
3.0.14), so I can't simply downgrade.
At the moment I am running 3.0.20 which i compiled by hand-outside of
portage.
This brings me to another question- why is so urgent to trim portage
tree of any older versions ?
This is not the first time I have got bitten this way.
One would expect that once the old ebuilds are on the machine, they
present no additional burden to servers infrastructure...
Regards,
Branko
I forgot to mention that I'm using systen with:
-Dual 240 Opteron s on Tyan's K8WE board
- 64-bit Gentoo system
-kernel 2.6.12-r9
|
|
[Original]
[Print]
[Top]
|
|
[Original]
[Print]
[Top]
|
Brane2 wrote:
During the last "emerge -uD world" samba was upgraded from
3.0.10-something to 3.014-something and after that I couldn't
persuade it to work.
Check /var/log/emerge.log to see what else you upgraded which might
affect samba.
At the moment I am running 3.0.20 which i compiled by hand-outside of
portage.
There is an ebuild being proposed at
http://bugs.gentoo.org/show_bug.cgi?id=103164
It is better to create an ebuild (however simple) than compile
manually, so portage can keep track of which files it needs to clean
out when upgrade time comes around again. Ebuild docs are at:
http://gentoo-wiki.com/HOWTO_Installing_3rd_Party_Ebuilds
http://www.gentoo.org/proj/en/devrel/handb...l?part=2&chap=1
This brings me to another question- why is so urgent to trim portage
tree of any older versions ?
Usually because of security problems found in the old versions.
This is not the first time I have got bitten this way.
Then do some research in future. Read http://packages.gentoo.org/ and
bugzilla and forums, and package changelogs. Gentoo is a bleeding-edge
distro, with different pros and cons to e.g. Debian Stable.
One would expect that once the old ebuilds are on the machine, they
present no additional burden to servers infrastructure...
Despite the wonders of rsync, the task of syncing the impressive list
of ebuilds in Gentoo does put a strain on bandwidth and CPU.
|
|
[Original]
[Print]
[Top]
|
|
[Original]
[Print]
[Top]
|
Brane2 wrote:
During the last "emerge -uD world" samba was upgraded from
3.0.10-something to 3.014-something and after that I couldn't persuade
it to work. Deamons get executed and run and I can log on to the
network, but all shares are empty and if I try to write something, I get
some weird errors. I have tried all available releases and all behave
the same.
Funny thing is, there is no more ebuild for 3.0.10 (or anything except
3.0.14), so I can't simply downgrade.
At the moment I am running 3.0.20 which i compiled by hand-outside of
portage.
This brings me to another question- why is so urgent to trim portage
tree of any older versions ?
This is not the first time I have got bitten this way.
One would expect that once the old ebuilds are on the machine, they
present no additional burden to servers infrastructure...
Regards,
Branko
Did the upgrade overwrite your smb.conf file? Have you checked the
samba log files to see if requests are coming in?
|
|
[Original]
[Print]
[Top]
|
|
[Original]
[Print]
[Top]
|
Paul Bredbury wrote:
Brane2 wrote:
During the last "emerge -uD world" samba was upgraded from
3.0.10-something to 3.014-something and after that I couldn't
persuade it to work.
Check /var/log/emerge.log to see what else you upgraded which might
affect samba.
On Linux, anything can affect anything special.
Besiedes, everything works after manual compilation of 3.0.20.
I guess, if anything changed, I would have problems after compiling
3.0.20, too...
I know. It doesn't work for me. Also, patches for that ebuild are
numerous and they don't seem to match. After downloading whole thing,
getting the right patching order (patch what to what) was a mess.
If developers expect someone to try their stuff, shouldn't they use
understandable language and materials in the manageable form ?
It would be nice and decent if someone made cumulative patch from all
those micro-patches for mere mortals to try out.
As it is now, one actually has to undestand ebuild infrastructure in
order to sew-up something working.
But when one does see "through the matrix" why does he need to waste
time with ebuild ? Manual compile is faster and does not preclude using
ebuild sometimes in the future, when it becomes useable...
It is better to create an ebuild (however simple) than compile
manually, so portage can keep track of which files it needs to clean
out when upgrade time comes around again. Ebuild docs are at:
Except when ebuild doesn't work for you...
I don't see that as being the case. Old ebuilds could simply be changed
to be without keywords of problematic architectures.
That way, if i need to override portage's decisions, I could still do so.
Also, we don't all use the same network configurations. Screw-up in some
pam-related module might be perfectly acceptable for me, especially
when compared to non-working alternative...
This is not the first time I have got bitten this way. Then do some research in future. Read http://packages.gentoo.org/ and bugzilla and forums, and package changelogs. /b
What is the point of that ? If I wanted to track everything manually,
why would I need Gentoo ? I would just use LFS.
And BTW: I just checked on that link for samba-3.0.10 and there is
nothing about security risk. Ebuild was deleted, because it is "old cruft".
Gentoo is a bleeding-edge
distro, with different pros and cons to e.g. Debian Stable.
It puts much more emphasis on bleeding than on leading these days, I'm
afraid...
I don't understand why one has to bleed every two days even if one has
practically all marked stable. Is it financed by vampire lobby ?
It seems that I will eventually have to consider some other distro.
There isn't a whole lot "leading" stuff that puts Gentoo in front of
decent distro like Suse, for example, these days...
Gentoo was my distro of choice for 2-3 years now, but now crap level is
rising slowly but surely to intolerable levels.
Since all my machines run Gentoo and some are on 24/7, I don't want to
make any sudden change if possible, and in the event that I'm forced
into it, I want to be sure I made the right choice.
I don't have the time right now to play with Suse, Ubuntu etc, but it
seems I will have to...
It is a waste to abandon a project that was once such bright light
amongst other choices, but when one has to...
One would expect that once the old ebuilds are on the machine, they
present no additional burden to servers infrastructure...
Despite the wonders of rsync, the task of syncing the impressive list
of ebuilds in Gentoo does put a strain on bandwidth and CPU.
1. I doubt that syncing a few more old files would put much of the
strain on the rsync process, especially when those files would
practically never be actually transferred over the line.
2. Even if so, why couldn't ebuilds be just movet to "/usr/portage/old"
or something.
3. Isn't the time to move from rsync to something else ?
It was a fine idea at the birth of portage system, but now it just looks
like it was duct-taped at the last moment...
|
|
|
[Original]
[Print]
[Top]
|
|
[Original]
[Print]
[Top]
|
Kenneth wrote:
Brane2 wrote:
During the last "emerge -uD world" samba was upgraded from
3.0.10-something to 3.014-something and after that I couldn't persuade
it to work. Deamons get executed and run and I can log on to the
network, but all shares are empty and if I try to write something, I
get some weird errors. I have tried all available releases and all
behave the same.
Funny thing is, there is no more ebuild for 3.0.10 (or anything except
3.0.14), so I can't simply downgrade.
At the moment I am running 3.0.20 which i compiled by hand-outside of
portage.
This brings me to another question- why is so urgent to trim portage
tree of any older versions ?
This is not the first time I have got bitten this way.
One would expect that once the old ebuilds are on the machine, they
present no additional burden to servers infrastructure...
Regards,
Branko
Did the upgrade overwrite your smb.conf file? Have you checked the
samba log files to see if requests are coming in?
smb.conf is unchanged. I checked the logs and there was no trace of any
request except at the initial mounting of volumes (by the clients on the
network).
|
|
[Original]
[Print]
[Top]
|
|
[Original]
[Print]
[Top]
|
Brane2 wrote:
I know. It doesn't work for me. Also, patches for that ebuild are
numerous and they don't seem to match. After downloading whole thing,
getting the right patching order (patch what to what) was a mess.
Then state that on the bug report. Help out.
If developers expect someone to try their stuff, shouldn't they use
understandable language and materials in the manageable form ?
There is no "us and them" - Gentoo developers are unpaid volunteers,
mere mortals also. What language and materials are so bad? I referred
you to documentation. Every program has a learning curve attached to
it.
It would be nice and decent if someone made cumulative patch from all
those micro-patches for mere mortals to try out.
An individual patch is easy to disable in a custom ebuild.
As it is now, one actually has to undestand ebuild infrastructure in
order to sew-up something working.
You poor thing. That's the whole point of portage. Read the docs.
But when one does see "through the matrix" why does he need to waste
time with ebuild ? Manual compile is faster and does not preclude
using ebuild sometimes in the future, when it becomes useable...
What matrix? An ebuild is easy to create - it's just the initial
learning curve that's stopping you. You can then give a little help in
return to all the other people who have created ebuilds which you
benefit from.
It is better to create an ebuild (however simple) than compile
manually, so portage can keep track of which files it needs to clean
out when upgrade time comes around again. Ebuild docs are at:
Except when ebuild doesn't work for you...
Then submit an ebuild to bugzilla that does work for you, or at least
comment on someone else's proposal which you have tried and found buggy.
Also, we don't all use the same network configurations. Screw-up in
some pam-related module might be perfectly acceptable for me,
especially when compared to non-working alternative...
Indeed. That is why there is a "pam" USE flag.
http://gentoo-wiki.com/HOWTO_Remove_PAM
What is the point of that ? If I wanted to track everything manually,
why would I need Gentoo ? I would just use LFS.
I wasn't suggesting such extremism.
And BTW: I just checked on that link for samba-3.0.10 and there is
nothing about security risk. Ebuild was deleted, because it is "old
cruft".
True. I don't see an obvious reason why Samba currently has such a
limited range of stable ebuilds, apart from the Samba changelog:
http://us1.samba.org/samba/history/samba-3.0.14a.html
I don't understand why one has to bleed every two days even if one
has practically all marked stable. Is it financed by vampire lobby ?
Quit whining and help out. Don't blindly upgrade every 2 days. If you
did that on "Debian Unstable" for instance (my previous distro), I
expect you would have the same amount of breakages.
I don't have the time right now to play with Suse, Ubuntu etc, but it
seems I will have to...
That time could be more usefully spent in learning how to help Gentoo
become better. Other distros all have their own problems.
It is a waste to abandon a project that was once such bright light
amongst other choices, but when one has to...
A waste to whom? It's not a waste to us, if you couldn't be bothered
to help out.
1. I doubt that syncing a few more old files would put much of the
strain on the rsync process, especially when those files would
practically never be actually transferred over the line.
"A few more"? There are thousands of ebuilds in portage, consisting
of several files each. More current versions means more files. Rsync
has to synchronize *all* of them.
2. Even if so, why couldn't ebuilds be just movet to
"/usr/portage/old" or something.
Because Gentoo is continually evolving, just like every other distro.
Portage itself is evolving. Who would be bothered to *maintain*
this "old" subsection? It sounds like the "Gentoo Server" project idea:
http://www.gentoo.org/proj/en/server/
3. Isn't the time to move from rsync to something else ?
It was a fine idea at the birth of portage system, but now it just
looks like it was duct-taped at the last moment...
What other sync technology?
|
|
|
[Original]
[Print]
[Top]
|
|
[Original]
[Print]
[Top]
|
Brane2 wrote:
Paul Bredbury wrote:
Gentoo is a bleeding-edge distro, with different pros and cons to e.g.
Debian Stable.
It puts much more emphasis on bleeding than on leading these days, I'm
afraid...
I don't understand why one has to bleed every two days even if one has
practically all marked stable. Is it financed by vampire lobby ?
If stability is paramount on your production-servers then adhere to the
age-old Golden Rule: "If it ain't broke, don't fix it."
Applying this to a Gentoo production-server, only upgrade when something
is broken and don't do blanket 'emerge -u world' upgrades.
There you have it - simple stability and no painful bleeding edges.
Since all my machines run Gentoo and some are on 24/7,
Production servers?
I don't want to make any sudden change if possible,
Then don't.
and in the event that I'm forced into it, I want to be sure I made the
right choice.
Only way to do so (for anything in life) is to educate yourself:
Regards,
--
Ben M.
|
|
[Original]
[Print]
[Top]
|
|
[Original]
[Print]
[Top]
|
Ben Measures wrote:
Brane2 wrote:
Paul Bredbury wrote:
If stability is paramount on your production-servers then adhere to the
age-old Golden Rule: "If it ain't broke, don't fix it."
I have a small company with a few machines, one of them acts as a
router/firewall/NAT/DSL gateway/SAMBA/CUPS/etc server for others.
There is nothing that my life depends on being active every second of
every day, but every downtime costs me money. Before Gentoo, all
machines were running Windows and I was satisfied ( more or less).
So, stability is not of paramount importance on my machines, but
reasonable availability is important.
For me "reasonable" means in this context that I can live with
occasional breakage if the system enables me to "mop up" the damage and
undo some emerge in a matter of hours or less.
Also, when using "stable" keywords, I expect to see breakages only
exceptionally and its consequences to be minor.
I know this is not Debian and I don't work for NASA, so I don't need
anything exceptionally stable/stale.
As for the "rule"- this is nice in theory, but in practice with Linux
there is no such thing as "unbroken". All the time at least something
doesn't work, be it drivers for newest printer/scanner, driver for
onboard hardware etc.
So, this was my reason to join Gentoo- to have mostly stable systems,
but OTOH to get newest drivers where I need them ASAP, even if something
may break.
Applying this to a Gentoo production-server, only upgrade when something
is broken and don't do blanket 'emerge -u world' upgrades.
There you have it - simple stability and no painful bleeding edges.
And no working driver for latest hardware and etc. No, thanks.
Besides, as I said, I don't have production-servers.
No matter if something breaks as long as portage offers me way out...
Since all my machines run Gentoo and some are on 24/7,
Production servers?
I don't want to make any sudden change if possible,
Then don't.
So, what should I do when some security-related emerge demands that I
update samba-3.0.10 to something newer ?
Also, is it really so much to ask for STABLE system in Gentoo to really
be STABLE or shall we say rather GENTOO_STABLE (=not always working, but
without obvious bugs, sudden ireversible changes etc) ?
and in the event that I'm forced into it, I want to be sure I made the
right choice.
Only way to do so (for anything in life) is to educate yourself:
/b
Sure. I'm doing that all the time. But somehow i feel I'm not welcome as
a user unless I get to the knowledge level of developer, and even then
only to perpetually toy with python scripts, and not to use the system.
http://www.gentoo.org/security/en/glsa/
/b
What should I do with this ? Make it my daily chore to manually check
for security risks for every installed package ?
http://bugs.gentoo.org/
/b
I have tried that for several other things- mostly without resolution. I
don't criticize developers who were trying to help and I sure don't
demand anything from them.
But I still wish that process of reporting a bug would be more user
friendly. I suppose great percentage of bug reports is just lost due to
users no wanting to/not knowing how to wrestle through the bugzilla.
http://forums.gentoo.org/
/b
I'm using it and it is probably main reason I'm still using Gentoo.
|
|
|
[Original]
[Print]
[Top]
|
|
[Original]
[Print]
[Top]
|
Brane2 wrote:
So, this was my reason to join Gentoo- to have mostly stable systems,
but OTOH to get newest drivers where I need them ASAP, even if
something may break.
We all want the heaven of the latest software which works perfectly.
It doesn't happen, because programs need to go through a testing
process. This is why feedback on broken ebuilds is important - ebuilds
can work on one PC but not another. I am of course stating the obvious
here.
So, what should I do when some security-related emerge demands that I
update samba-3.0.10 to something newer ?
Portage does not "demand", it suggests. You are free to check
http://packages.gentoo.org and http://www.gentoo.org/security/en/glsa/
and then decide when and if you want to emerge. And if the emerge
breaks, you deal with it by checking http://bugs.gentoo.org/ and
http://forums.gentoo.org/ and IRC
( http://www.gentoo.org/main/en/irc.xml ), and hopefully helping out
some other people while you're there.
Sure. I'm doing that all the time. But somehow i feel I'm not welcome
as a user unless I get to the knowledge level of developer, and even
then only to perpetually toy with python scripts, and not to use the
system.
It's not that you're not welcome as a user. It's that no-one involved
in any distro likes a trolling whiner, which is what you're doing. In
stark contract, you will find that people will love you if you actually
read documentation first, then ask sensible questions second, then help
other people in return.
The proportion of users who will, if they're not treated with the
appropriate disdain, continually ask stupid questions which are
answered by the documentation if they would only *read* it, is
disappointingly high. I think that the proportion of users who
behave in this disappointing way is actually quite low in Gentoo,
compared to other distros, because of the relatively difficult and
time-consuming installation procedure.
What should I do with this ? Make it my daily chore to manually check
for security risks for every installed package ?
Are you suggesting that it takes more than a minute to check
http://www.gentoo.org/security/en/glsa/ once daily?
But I still wish that process of reporting a bug would be more user
friendly. I suppose great percentage of bug reports is just lost due
to users no wanting to/not knowing how to wrestle through the
bugzilla.
How could it be improved? As you say, user-laziness is a big problem,
for every distro.
|
|
[Original]
[Print]
[Top]
|
|
[Original]
[Print]
[Top]
|
Paul Bredbury wrote:
Then state that on the bug report. Help out.
_This_was_on_bugzilla_
What should I do ? State a bug report on bug report ?
It was obvious that developers took it as a internal conversation and no
one really wanted for someone else to try it out...
If developers expect someone to try their stuff, shouldn't they use
understandable language and materials in the manageable form ?
There is no "us and them" - Gentoo developers are unpaid volunteers,
mere mortals also. What language and materials are so bad? I referred
you to documentation. Every program has a learning curve attached to
it.
Gentoo is also used by non-programmers, me for example. If I am expected
to wrestle through this for example...
http://www.gentoo.org/security/en/glsa/
....just in order to see what happened with my old ebuild and why, then
I'm sorry to say that there indeed is "us" and "them".
If I just want to help and try out an ebuild, but folks expect me to
read a ton of literature just to be able to help the project by giving
some of my time then screw that.
I want to help, but my time has a price and availability tags.
I am trying to get into those things, but working at pace that suits me.
As it is now, one actually has to undestand ebuild infrastructure in
order to sew-up something working.
You poor thing. That's the whole point of portage. Read the docs.
Really ? What percentage of Gentoo users is able to roll-up an ebuild
manually whenever they need it ?
If they are not majority, did the portage missed its "point" ?
What matrix? An ebuild is easy to create - it's just the initial
learning curve that's stopping you. You can then give a little help in
return to all the other people who have created ebuilds which you
benefit from.
/b
If taht was wo easy, why then ebuild for samba3.0.20 wasn't working
after first or first several attempts ?
Also, we don't all use the same network configurations. Screw-up in some pam-related module might be perfectly acceptable for me, especially when compared to non-working alternative... Indeed. That is why there is a "pam" USE flag. http://gentoo-wiki.com/HOWTO_Remove_PAM
So there you have it. No need to kill samba ebuild just for some bad
module, especially if one doesn't have old, proven, working alternative
in the portage tree
I don't understand why one has to bleed every two days even if one
has practically all marked stable. Is it financed by vampire lobby ?
Quit whining and help out. Don't blindly upgrade every 2 days. If you
did that on "Debian Unstable" for instance (my previous distro), I
expect you would have the same amount of breakages.
I don't update blindly every few days. I always have a reason, because
I'm never in situation where _EVERYTHING_ works.
If it's not samba, its proftpd, or start scripts, or something totoally
different.
Besides, since when is a simple "emerge --sync" listed as a sin ?
Before doing it, one can never know what is new. After that, one can
just pray that everything he needs is still in portage tree...
That time could be more usefully spent in learning how to help Gentoo
become better. Other distros all have their own problems.
I am doing just that. But I don't want to be vocal about things I don't
know nothing about. I'll help on that level when I get comfortable with
ebuilds, all the csripts, python and perl in general, etc.
2. Even if so, why couldn't ebuilds be just movet to "/usr/portage/old" or something. Because Gentoo is continually evolving, just like every other distro. Portage itself is evolving. Who would be bothered to *maintain* this "old" subsection? It sounds like the "Gentoo Server" project idea: http://www.gentoo.org/proj/en/server/
Why would ANYONE mantain it ? Who maintains /usr/portage/local now ?
I was just proposing a scheme where system would just move ebuilds in
/usr/portage/old instead of killing them. This map should be exempted
from sync reach and be local. It is'nt even necessary (but would be
nice) to be seen by "emerge".
So user would have always cache of old ebuilds on the machine and if
disk space becomes the problem- "rm -Rf /usr/portage/old" or manual
cleanup would solve it.
It would be nice to have emerge option to delete everything in "old"
that is not currently emerged on the system, but not really neccesary...
Voilla ! Problem solved.
3. Isn't the time to move from rsync to something else ?
It was a fine idea at the birth of portage system, but now it just
looks like it was duct-taped at the last moment...
What other sync technology?
A few ideas come to mind:
.. why is it neccesary to sync whole portage tree every time ?
Why can't I sync just used maps of the packages, that are actually
installed ? Everything else could be empty as a sign that it hasn't been
synchronized with a global tree or something like that...
- why is portage tree in fs and not inside database ? Not necessarily
postgres/mysql or something similar, which could pose dependency
problem. Surely one could roll up some simple database server just for
this role...
-why the portage during emerge --sync needs to transfer ebuilds at all?
Couldn't notify the system only about news, regarding installed packages
? I mean like having ebuild name, keywords, architectures etc listed in
one line of the special file for that purpose, e.g
/etc/portage/newsync.por or something similar ?
So, when user would do "emerge -u XYZ", system would just grep hrough
the file, donloaded the needed ebuilds and emerged XYZ ?
|
|
|
[Original]
[Print]
[Top]
|
|
[Original]
[Print]
[Top]
|
Brane2 wrote:
_This_was_on_bugzilla_
I don't see it on http://bugs.gentoo.org/show_bug.cgi?id=103164
It was obvious that developers took it as a internal conversation and
no one really wanted for someone else to try it out...
Did you expect instant praise?
Gentoo is also used by non-programmers, me for example. If I am expected to wrestle through this for example... http://www.gentoo.org/security/en/glsa/...just in order to see what happened with my old ebuild and why, then I'm sorry to say that there indeed is "us" and "them".
"Wrestle"? Just look at the first few items - it's sorted by date.
If that's really your opinion, then you're not qualified to be
maintaining PCs which are exposed to the big bad Internet.
If I just want to help and try out an ebuild, but folks expect me to
read a ton of literature just to be able to help the project by
giving some of my time then screw that.
Hah, do you expect anyone apart from yourself to respect that attitude?
I want to help, but my time has a price and availability tags.
I am trying to get into those things, but working at pace that suits
me.
So, how do you think you differ from anyone else?
Really ? What percentage of Gentoo users is able to roll-up an ebuild
manually whenever they need it ?
Depends how many of them can be bothered to read the docs. It *could*
be all of them. It just takes an investment of time and effort.
If taht was wo easy, why then ebuild for samba3.0.20 wasn't working
after first or first several attempts ?
Because they're tweaking it, when they have the time and inclination.
There's no great rush to make it live.
I don't update blindly every few days. I always have a reason,
because I'm never in situation where _EVERYTHING_ works.
If it's not samba, its proftpd, or start scripts, or something
totoally different.
Then get a stable version, then stop upgrading unless the upgrade is
for security reasons.
Besides, since when is a simple "emerge --sync" listed as a sin ?
It's not.
Before doing it, one can never know what is new. After that, one can
just pray that everything he needs is still in portage tree...
Such praying is rarely necessary. samba-3.0.14a-r3 works fine for me.
Perhaps you should check your config at
http://gentoo-wiki.com/Safe_Cflags
- why is portage tree in fs and not inside database ? Not necessarily
postgres/mysql or something similar, which could pose dependency
problem. Surely one could roll up some simple database server just
for this role...
See http://gentoo-wiki.com/TIP_speed_up_portage_with_cdb for a similar
idea. Having the ebuilds as text files makes them easy to look at
manually.
-why the portage during emerge --sync needs to transfer ebuilds at
all? Couldn't notify the system only about news, regarding installed
packages ? I mean like having ebuild name, keywords, architectures
etc listed in one line of the special file for that purpose, e.g
/etc/portage/newsync.por or something similar ?
So, when user would do "emerge -u XYZ", system would just grep hrough
the file, donloaded the needed ebuilds and emerged XYZ ?
I wonder whether *any* distro performs such partial updates.
I assume the all-in-one rsync text method ultimately stays because
portage is so *crucial* to the distro that any upgrades which
potentially break it will need lots of testing and feedback before they
are seriously considered.
|
|
|
[Original]
[Print]
[Top]
|
|
[Original]
[Print]
[Top]
|
Brane2 wrote:
Ben Measures wrote:
Brane2 wrote:
If stability is paramount on your production-servers then adhere to the
age-old Golden Rule: "If it ain't broke, don't fix it."
I have a small company with a few machines, one of them acts as a
router/firewall/NAT/DSL gateway/SAMBA/CUPS/etc server for others.
[...]
As for the "rule"- this is nice in theory, but in practice with Linux
there is no such thing as "unbroken". All the time at least something
doesn't work, be it drivers for newest printer/scanner, driver for
onboard hardware etc.
[...]
And no working driver for latest hardware and etc. No, thanks.
Drivers are your main concern on a firewall/router? You need to get your
priorities straight.
I don't want to make any sudden change if possible,
Then don't.
So, what should I do when some security-related emerge demands that I
update samba-3.0.10 to something newer ?
It didn't. You said so yourself in another post in this thread:
And BTW: I just checked on that link for samba-3.0.10 and there is
nothing about security risk. Ebuild was deleted, because it is "old
cruft".
http://www.gentoo.org/security/en/glsa/
What should I do with this ? Make it my daily chore to manually check
for security risks for every installed package ?
If you cannot take 5 minutes out of your day or month (0.35% or
~0.01%, resp.) to make sure that your firewall is responsibly secure
then you're a dictonary definition of lazy.
--
Ben M.
|
|
[Original]
[Print]
[Top]
|
|
[Original]
[Print]
[Top]
|
Brane2 wrote:
Ben Measures wrote:
If you cannot take 5 minutes out of your day or month (0.35% or
~0.01%, resp.) to make sure that your firewall is responsibly secure
then you're a dictonary definition of lazy.
Equeations are really not that simple. It's always something more. Some
things simply don't work, so I have to browse through forum for answer,
then have to wrestle with services scripts etc etc.
Definitely a risk when you do blanket upgrades.
So change - "don't fix what ain't broken". Use
http://www.gentoo.org/security/en/glsa/ to help you determine what is
broken. Make sure you give it a good look because you clearly haven't
done so yet (despite having it told you several times).
It's always something new. If it was just 5min/day, things would be
simpler...
Stop being stubborn and just try it. If you only knew of it before this
thread wouldn't have happened.
--
Ben M.
|
|
[Original]
[Print]
[Top]
|
|
[Original]
[Print]
[Top]
|
Ben Measures wrote:
Stop being stubborn and just try it. If you only knew of it before this
thread wouldn't have happened.
I _have_tried it. There is nothing there that mentions samba-3.0.10.
Have I overlooked something ?
|
|
[Original]
[Print]
[Top]
|
|
|
The content of this page is collected from Linux Forum, All copyrights and other associated rights are reserved by the original authors of the articles.