How to manage package.keywords for greater system reliability?

classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|

How to manage package.keywords for greater system reliability?

Jorge Morais-3
Hi.   I  used to  think  it  was safe  to  use  ~arch packages  (through
package.keywords) on  a stable system until I saw bug  #257047 - GCC 4.3
didn't  have a strict enough glibc dependency.  And comment #15  in that
bug report is:
"[...] we don't test or support half-stable half-testing toolchains, and they
are likely to break, like in this case.  if you're going to use an ~arch
keyworded complier, you will need to use a ~arch libc."

OK, I will  avoid ~arch toolchain components. What worries  me is that I
never saw a warning about this.

Also, GCC 4.3.3 enables FORTIFY_SOURCE=2 by default and this breaks some
packages. A developer said on  2009-04-10 they were only processing bugs
that can be confirmed in ~arch.   So an arch system with ~arch toolchain
could hit many bugs and maybe  such a system would even be less reliable
than an entirely ~arch system.

So:
1) Certain  subsystems, like  the toolchain, need  to be  "harmonious" -
either all arch or all ~arch. What other subsystems have this need?

2)  With the  FORTIFY_SOURCE issues,  it seems  that an  ~arch toolchain
shouldn't  be used  in an  arch  system at  all.

Now my greatest practical concern: bugfix releases
3) Sometimes Gentoo takes a long time to stabilize a bugfix release like
media-gfx/gimp-2.6.6  (the latest arch-blessed  release is  2.6.4); this
release  fixes  many bugs  and  entered  Portage  in 2009-03-18  and  by
searching on b.g.o  I can't find any regressions;  and it entered Debian
testing in 2009-04-01. I don't know the cause of this delay; I guess the
arch testing teams are overworked.

I often put these bugfix releases in package.keywords.  Isn't it wise to
use the  latest bugfix release in  a given major version? For example, I
want to  use sys-kernel/vanilla-sources-2.6.27.x,  and since
the last arch version is  2.6.27.12, far from the latest upstream stable
version   (2.6.27.24),  I  put
=sys-kernel/vanilla-sources-2.6.27*
in
/etc/portage/package.keywords/shortterm.

When I see a new bugfix release of a package I care about, I look at the
changelog to see  the bug corrections. I decide how  much to wait before
putting the bugfix version in package.keywords depending on the severity
of the  fixed bugs (and I  look at bugs.gentoo.org  for any regressions,
and  I look  if the  version has  been accepted  in distros  like Debian
testing).    For   example,   I  put   mail-client/claws-mail-3.7.1   in
package.keywords nearly immediately due to the importance of the bug fixes.

Is it wise to do this for  any program? Maybe only for programs not part
of the  core base  system (such as  the toolchain, bash  or coreutils*),
relying on the developers for the base system?

Or maybe I  should just stick to all-stable, so as  to not be different,
and keep package.keywords  for those packages where I  really want a new
feature (like packages with no stable versions)?

* Speaking  of coreutils,  it  is  still at  7.1,  with upstream  having
  released 7.4, which fixes bugs in 7.1 .

Reply | Threaded
Open this post in threaded view
|

Re: How to manage package.keywords for greater system reliability?

Neil Bothwick
On Thu, 21 May 2009 21:41:22 -0300, Jorge Morais wrote:

> Or maybe I  should just stick to all-stable, so as  to not be different,
> and keep package.keywords  for those packages where I  really want a new
> feature (like packages with no stable versions)?

If you want so many up to date packages, maybe you should just run a
~arch system. It's been said many times that a mixed system is a
potential source of trouble. Your comparison of stable Gentoo with Debian
testing is strange, since the Gentoo equivalent is ~arch.


--
Neil Bothwick

If at first you don't succeed you'll get lots of advice.

signature.asc (205 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: How to manage package.keywords for greater system reliability?

Jorge Morais-3
On Fri, 22 May 2009 09:00:05 +0100
Neil Bothwick <[hidden email]> wrote:

> On Thu, 21 May 2009 21:41:22 -0300, Jorge Morais wrote:
>
> > Or maybe I  should just stick to all-stable, so as  to not be different,
> > and keep package.keywords  for those packages where I  really want a new
> > feature (like packages with no stable versions)?
>
> If you want so many up to date packages
It is  not so much.  My package.keywords/longterm lists 13  packages; my
package.keywords/shortterm lists 21 packages, many of which will get out
of there in the future, as the version I use become stable.
5 of these 21 packages would not be there if I always had my current
"it is better to avoid the bleeding edge" view.

> maybe you should just run a ~arch system.
I want a reliable system. Isn't ~arch quite less reliable than arch ?
(Also, newer software versions are often more bloated).

> It's been said many times that a mixed system is a
> potential source of trouble.
I didn't hear it.

> Your comparison of stable Gentoo with Debian
> testing is strange, since the Gentoo equivalent is ~arch.
I thought  Debian testing was more stringent  regarding reliability than
Gentoo ~arch; anyway, the point is  that when a new bugfix release (like
gimp 2.6.6)  is released, I  want to see  if other distros  consider the
bugfixes  important enough  to  pick it;  I  chose Debian  because I  am
somewhat  familiar with  it;  and Debian  testing  because AFAIK  Debian
stable  only rarely picks  updates that  are not  security-related. Some
people even say that Debian stable is for servers.

Reply | Threaded
Open this post in threaded view
|

Re: How to manage package.keywords for greater system reliability?

Neil Bothwick
On Fri, 22 May 2009 07:40:28 -0300, Jorge Morais wrote:

> > maybe you should just run a ~arch system.
> I want a reliable system. Isn't ~arch quite less reliable than arch ?

Not in my experience. ~arch only means the builds are in testing, the
software is as reliable as upstream makes it. You may hit the occasional
problem when updating, but once the software is installed it will be as
reliable as on any other distro.

> (Also, newer software versions are often more bloated).

That's a highly subjective view, and quite irrelevant. New versions can
be about adding features, or they can be about bug-fixing and optimising
existing features.

> > It's been said many times that a mixed system is a potential source
> > of trouble.

> I didn't hear it.

It comes up on this list frequently when discussions about problems
caused by mixing arch and ~arch are mentioned. I run mainly ~arch but a
couple of computers run arch plus some packages in package.keywords. I can
honestly say that the pure ~arch machines are just as reliable. The
reason I run the arch boxes is that stability is important for them; not
in the reliability sense (that's important everywhere) but in reducing
the number of updates needed on each box.


--
Neil Bothwick

Whats the difference between a magician and a brothel?
One has a cunning array of stunts,

signature.asc (205 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: How to manage package.keywords for greater system reliability?

Jorge Morais-3
On Fri, 22 May 2009 12:38:34 +0100
Neil Bothwick <[hidden email]> wrote:

> On Fri, 22 May 2009 07:40:28 -0300, Jorge Morais wrote:
>
> > > maybe you should just run a ~arch system.
> > I want a reliable system. Isn't ~arch quite less reliable than arch ?
>
> Not in my experience. ~arch only means the builds are in testing, the
> software is as reliable as upstream makes it. You may hit the occasional
> problem when updating, but once the software is installed it will be as
> reliable as on any other distro.

I find it hard to believe this.
~arch often releases a X.0 version soon after it is released. It
normally only enters stable after upstream has released the X.2 or
X.3 bugfix release.
Also, the Gentoo developers take some care to make the stable packages
harmonious. For example, stable GCC can compile other stable packages.
But a ~arch GCC seems to result in bugs (look at bug #198121,
"GCC 4.3 porting"). So ~arch users tend to eat more bugs.

I think my doubt is very important.
Pity that the Python-uninstallation thread stole all attention :(

Oh, and do you also think that the introduction of _FORTIFY_SOURCE
by default in GCC-4.3.3 without warning (no mention in the Changelog)
was bad manners of the developers? I think I should take this thread to
gentoo-dev