From owner-freebsd-stable@FreeBSD.ORG Tue Sep 2 10:01:17 2014 Return-Path: Delivered-To: stable@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id EC1BF6DB; Tue, 2 Sep 2014 10:01:16 +0000 (UTC) Received: from mail-la0-x22d.google.com (mail-la0-x22d.google.com [IPv6:2a00:1450:4010:c03::22d]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 69BE11831; Tue, 2 Sep 2014 10:01:15 +0000 (UTC) Received: by mail-la0-f45.google.com with SMTP id pn19so7458516lab.18 for ; Tue, 02 Sep 2014 03:01:13 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=IC2n2vDgwapYwPjo9ewXT/200DplrWHAIg6ywc5jWb0=; b=YiWsA1yfE5vzxR63skZyZOEZCF5MKVlGjjbAZHwbAEGNEnSgP6QV6jpRqe/Jcu62uy 0Oz4a3AwoViYeeONA3voytwvXs15IhAuDSZTQkUWur47gGtkVVKSTLEYtr/upZUxnqKx KrGm74j3lKmqqwNByLntg+sQai40Yx9F7WNnKrcaBQ82yvy2HQW7o+t5HzVRsVP0ZbbH 5CRKa26RWqqdyfPOHw1UqVxNcX4KtZtIcM0QbElY3STRCbZitw/ahnApHONVR5xhMi7v u4nYRxLCJmA/86C3GSZ2aL3SmcVqa24BTuolCFWJiy4QsRiRg9bqNxVtgHD3GkZA+OTr En5w== MIME-Version: 1.0 X-Received: by 10.152.29.1 with SMTP id f1mr33160128lah.47.1409652073201; Tue, 02 Sep 2014 03:01:13 -0700 (PDT) Received: by 10.152.179.4 with HTTP; Tue, 2 Sep 2014 03:01:13 -0700 (PDT) In-Reply-To: <5405890F.8080804@freebsd.org> References: <20140901195520.GB77917@ivaldir.etoilebsd.net> <54050D07.4010404@sorbs.net> <540522A3.9050506@sorbs.net> <54052891.5000104@my.hennepintech.edu> <54052DFA.4030808@freebsd.org> <54053372.6020009@my.hennepintech.edu> <5405890F.8080804@freebsd.org> Date: Tue, 2 Sep 2014 12:01:13 +0200 Message-ID: Subject: Re: [HEADSUP] pkg(8) is now the only package management tool From: Alban Hertroys To: Julian Elischer Content-Type: text/plain; charset=UTF-8 Cc: pkg@freebsd.org, Baptiste Daroussin , Andrew Berg , FreeBSD Current , stable@freebsd.org, ports@freebsd.org, Michelle Sullivan , "Sam Fourman Jr." X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 02 Sep 2014 10:01:17 -0000 On 2 September 2014 11:08, Julian Elischer wrote: > On 9/1/14, 8:03 PM, Andrew Berg wrote: >> >> On 2014.09.01 21:39, Julian Elischer wrote: >>> >>> sigh.. when are we as a project, all going to learn that reality in >>> business is >>> that you often need to install stuff that is old. Its not always your >>> choice. >>> The custommers require it.. >>> You should try arguing with someone like Bank of Americas security and >>> operations >>> department some day about whether they want to suddenly upgrade 300 >>> machines >>> for no real reason (from their perspective). >> >> FreeBSD minor version upgrades are meant to be non-disruptive. However, I >> will >> admit that I have not performed any such upgrades in a critical >> environment, so >> if you think they are disruptive, please enlighten me with the details. >> Also, there are options out there for getting support for extended periods >> if >> you need it. Some companies are built around providing support for things >> that >> the original developers have long abandoned because some businesses need >> it. > > > It's not how disruptive they are technically. > it's how many months of shakedown testing you have to go through before they > allow you to put new software on any production system. Just adding here, in commercial environments things don't change quickly or easily. Whether this applies to the current issue with pkg is not for me to say. For example, certain commercial upstream software vendors require to go through a certification process before they even consider supporting the new software you intend to use with theirs. Admittedly we haven't run into this issue in relation to FreeBSD, but we certainly have with Firefox. As an example, the last version of Firefox that Information Builders' WebFOCUS 7.7 supports is 3.6.7 (currently available versions are 31 or 32!) and for Internet Explorer that's 7 (currently at 11). If you run into any kind of problem, the standard answer is to use a browser that they support. Good luck with that! Firefox 3.6.7 was released on July 20, 2010; over 4 years ago. In such cases you're more or less required to keep an old system around that still has such old packages, if only to see if you can reproduce any issues you encounter (with modern versions of your software) on those old versions. With the deprecation of the old pkg_* tools you run into a conflict; You can either update packages that are _not_ under certification for such a vendor and get security updates and fixes using the new pkg, or you have to stick with the certified software and _not_ get any security updates or fixes. It gets more interesting if you have to deal with manufacturing processes (something we're looking to use FreeBSD for to replace our current OpenVMS systems before they go out of support), as often automatons write data to external databases and such software resides in PLC's. Manufacturing equipment tends to age and the kind of external databases they support is limited to what was available when they were new and the capabilities of the PLC involved. I can totally understand that at some point it starts to get impossible to maintain two separate packaging systems and I understand that you think 2 years is enough time to shake things out, but software vendors aren't that quick. For many, 2 years is a short time. Just saying... -- If you can't see the forest for the trees, Cut the trees and you'll see there is no forest.