<div dir="ltr">Hi,<div><br></div><div>also totally off topic. I was asked to gather up all the lubuntu releases[1] as I also removed them at EoL. turns out that there are still 586 cpu's out there!! And, yes, I am still one missing - the very 1st one.</div><div><br></div><div>Regards,</div><div><br></div><div>Phill.</div><div>1. <a href="http://phillw.net/isos/lubuntu/">http://phillw.net/isos/lubuntu/</a><br></div><div><br></div><div><br></div><div><br></div><div><br></div></div><div class="gmail_extra"><br><div class="gmail_quote">On 7 June 2018 at 10:17, Tobias Urdin <span dir="ltr"><<a href="mailto:tobias.urdin@crystone.com" target="_blank">tobias.urdin@crystone.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">I'm not talking about quality, security or basically nothing in between<br>
either.<br>
Just the plain annoyance when packages are removed from mirrors.<br>
<br>
Lets just pretend for a while you're new at a job, and the most common<br>
thing is you inherit old setups.<br>
<br>
On that day you inherit an old OpenStack setup, on an old version, and<br>
the next version<br>
to upgrade does not exist in mirrors so you have no packages, and you<br>
cannot jump any more forward<br>
without a lot of work.<br>
<br>
We all know and have agreed in the community surveys so many times that<br>
upgrades are are hard.<br>
Well just let me end it with, I don't envy a person being in that<br>
situation...<br>
<br>
Best regards<br>
<span class="im HOEnZb"><br>
On 06/07/2018 10:38 AM, Matthias Runge wrote:<br>
> On Thu, Jun 07, 2018 at 05:13:06AM +0000, Tobias Urdin wrote:<br>
>> Just sliding in with my 2 cents which are off-topic to the discussion but...<br>
>><br>
>> I've always found it fascinating why one would completely remove<br>
>> packages from official mirrors when the version is not supported anymore.<br>
>> There will probably always be somebody that might be looking for them,<br>
>> I've always had that feeling with RPMs compared to Debs.<br>
> Can you elaborate here on how RPMs are different to .debs?<br>
><br>
> What do you expect, when you're installing these packages?<br>
> Do you expect them to work? Do you expect, they won't create<br>
> a security issue? Do you want to be able to use them in<br>
> production? Is there a value in distributing something, which<br>
> doesn't work (anymore)?<br>
><br>
> What happens, if there is an issue, or a distributed rpm contains<br>
> a CVE? In that case, we'd actively distribute vulnerable software.<br>
> I always wondered, why someone would ask for software with<br>
> a vulnerability (or more).<br>
><br>
> This is to get expectations right[1]. It might look good at the<br>
> beginning, but can turn bad quite quickly.<br>
><br>
> Matthias<br>
><br>
> [1] <a href="https://twitter.com/AwardsDarwin/status/1003934362403049472" rel="noreferrer" target="_blank">https://twitter.com/<wbr>AwardsDarwin/status/<wbr>1003934362403049472</a><br>
<br>
</span><div class="HOEnZb"><div class="h5">______________________________<wbr>_________________<br>
dev mailing list<br>
<a href="mailto:dev@lists.rdoproject.org">dev@lists.rdoproject.org</a><br>
<a href="http://lists.rdoproject.org/mailman/listinfo/dev" rel="noreferrer" target="_blank">http://lists.rdoproject.org/<wbr>mailman/listinfo/dev</a><br>
<br>
To unsubscribe: <a href="mailto:dev-unsubscribe@lists.rdoproject.org">dev-unsubscribe@lists.<wbr>rdoproject.org</a><br>
</div></div></blockquote></div><br></div>