7:45 a.m.
On Wed, Jun 6, 2018 at 1:44 PM, lucker zheng <lucker6666(a)gmail.com> wrote:
Sorry to trouble, I met a problem when I want to install RDO newton
version,
after installed the rdo-release-newton.rpm, it links to repo
http://mirror.centos.org/centos/7/cloud/x86_64/openstack-newton/
seems no rpm avaiable there, is this a mistake?
CentOS SIG repos are retired everytime when CentOS minor update is released,
and it's up to SIG to declare which of their releases should be retired.
In this case OpenStack Newton was EOLed upstream already Oct 2017:
https://releases.openstack.org/
Old packages are frozen at
http://vault.centos.org/centos/7.4.1708/cloud/x86_64/openstack-newton/
and are NOT receiving any updates, so please do not use them!
BTW I didn't find it in
https://repos.fedorapeople.org/repos/openstack/EOL/
Those are only archives of rdo-release RPMs only anyway and we should
probably get rid of that old hosting location in Fedora.
and I found the build system successful built newton jobs at
https://trunk.rdoproject.org/centos7-newton/report.html
Those are available to support Fast Forward Upgrades CI testing from
Newton to Queens, building project which did not push newton-eol tags
yet. Anything else is frozen at Newton EOL point.
Other than for CI, any other usage of those packages is not
recommended, best would be if you could upgrade to the latest RDO
Queens release ASAP.
Cheers,
Alan
12:13 a.m.
New subject: openstack-newton rpm packages unavailable now
Just sliding in with my 2 cents which are off-topic to the discussion but...
I've always found it fascinating why one would completely remove
packages from official mirrors when the version is not supported anymore.
There will probably always be somebody that might be looking for them,
I've always had that feeling with RPMs compared to Debs.
I guess this is why there's archive sites that store old packages... but
maybe this is just me
Best regards
On 06/06/2018 02:45 PM, Alan Pevec wrote:
On Wed, Jun 6, 2018 at 1:44 PM, lucker zheng
<lucker6666(a)gmail.com> wrote:
> Sorry to trouble, I met a problem when I want to install RDO newton version,
> after installed the rdo-release-newton.rpm, it links to repo
>
> http://mirror.centos.org/centos/7/cloud/x86_64/openstack-newton/
> seems no rpm avaiable there, is this a mistake?
CentOS SIG repos are retired everytime when CentOS minor update is released,
and it's up to SIG to declare which of their releases should be retired.
In this case OpenStack Newton was EOLed upstream already Oct 2017:
https://releases.openstack.org/
Old packages are frozen at
http://vault.centos.org/centos/7.4.1708/cloud/x86_64/openstack-newton/
and are NOT receiving any updates, so please do not use them!
> BTW I didn't find it in
> https://repos.fedorapeople.org/repos/openstack/EOL/
Those are only archives of rdo-release RPMs only anyway and we should
probably get rid of that old hosting location in Fedora.
> and I found the build system successful built newton jobs at
> https://trunk.rdoproject.org/centos7-newton/report.html
Those are available to support Fast Forward Upgrades CI testing from
Newton to Queens, building project which did not push newton-eol tags
yet. Anything else is frozen at Newton EOL point.
Other than for CI, any other usage of those packages is not
recommended, best would be if you could upgrade to the latest RDO
Queens release ASAP.
Cheers,
Alan
_______________________________________________
dev mailing list
dev(a)lists.rdoproject.org
http://lists.rdoproject.org/mailman/listinfo/dev
To unsubscribe: dev-unsubscribe(a)lists.rdoproject.org
3:38 a.m.
New subject: openstack-newton rpm packages unavailable now
On Thu, Jun 07, 2018 at 05:13:06AM +0000, Tobias Urdin wrote:
Just sliding in with my 2 cents which are off-topic to the discussion
but...
I've always found it fascinating why one would completely remove
packages from official mirrors when the version is not supported anymore.
There will probably always be somebody that might be looking for them,
I've always had that feeling with RPMs compared to Debs.
Can you elaborate here on how RPMs are different to .debs?
What do you expect, when you're installing these packages?
Do you expect them to work? Do you expect, they won't create
a security issue? Do you want to be able to use them in
production? Is there a value in distributing something, which
doesn't work (anymore)?
What happens, if there is an issue, or a distributed rpm contains
a CVE? In that case, we'd actively distribute vulnerable software.
I always wondered, why someone would ask for software with
a vulnerability (or more).
This is to get expectations right[1]. It might look good at the
beginning, but can turn bad quite quickly.
Matthias
[1] https://twitter.com/AwardsDarwin/status/1003934362403049472
--
Matthias Runge <mrunge(a)redhat.com>
Red Hat GmbH, http://www.de.redhat.com/, Registered seat: Grasbrunn,
Commercial register: Amtsgericht Muenchen, HRB 153243,
Managing Directors: Charles Cachera, Michael Cunningham,
Michael O'Neill, Eric Shander
4:17 a.m.
New subject: openstack-newton rpm packages unavailable now
I'm not talking about quality, security or basically nothing in between
either.
Just the plain annoyance when packages are removed from mirrors.
Lets just pretend for a while you're new at a job, and the most common
thing is you inherit old setups.
On that day you inherit an old OpenStack setup, on an old version, and
the next version
to upgrade does not exist in mirrors so you have no packages, and you
cannot jump any more forward
without a lot of work.
We all know and have agreed in the community surveys so many times that
upgrades are are hard.
Well just let me end it with, I don't envy a person being in that
situation...
Best regards
On 06/07/2018 10:38 AM, Matthias Runge wrote:
On Thu, Jun 07, 2018 at 05:13:06AM +0000, Tobias Urdin wrote:
> Just sliding in with my 2 cents which are off-topic to the discussion but...
>
> I've always found it fascinating why one would completely remove
> packages from official mirrors when the version is not supported anymore.
> There will probably always be somebody that might be looking for them,
> I've always had that feeling with RPMs compared to Debs.
Can you elaborate here on how RPMs are different to .debs?
What do you expect, when you're installing these packages?
Do you expect them to work? Do you expect, they won't create
a security issue? Do you want to be able to use them in
production? Is there a value in distributing something, which
doesn't work (anymore)?
What happens, if there is an issue, or a distributed rpm contains
a CVE? In that case, we'd actively distribute vulnerable software.
I always wondered, why someone would ask for software with
a vulnerability (or more).
This is to get expectations right[1]. It might look good at the
beginning, but can turn bad quite quickly.
Matthias
[1] https://twitter.com/AwardsDarwin/status/1003934362403049472
4:51 a.m.
New subject: openstack-newton rpm packages unavailable now
Hi,
also totally off topic. I was asked to gather up all the lubuntu
releases[1] as I also removed them at EoL. turns out that there are still
586 cpu's out there!! And, yes, I am still one missing - the very 1st one.
Regards,
Phill.
1. http://phillw.net/isos/lubuntu/
On 7 June 2018 at 10:17, Tobias Urdin <tobias.urdin(a)crystone.com> wrote:
I'm not talking about quality, security or basically nothing in
between
either.
Just the plain annoyance when packages are removed from mirrors.
Lets just pretend for a while you're new at a job, and the most common
thing is you inherit old setups.
On that day you inherit an old OpenStack setup, on an old version, and
the next version
to upgrade does not exist in mirrors so you have no packages, and you
cannot jump any more forward
without a lot of work.
We all know and have agreed in the community surveys so many times that
upgrades are are hard.
Well just let me end it with, I don't envy a person being in that
situation...
Best regards
On 06/07/2018 10:38 AM, Matthias Runge wrote:
> On Thu, Jun 07, 2018 at 05:13:06AM +0000, Tobias Urdin wrote:
>> Just sliding in with my 2 cents which are off-topic to the discussion
but...
>>
>> I've always found it fascinating why one would completely remove
>> packages from official mirrors when the version is not supported
anymore.
>> There will probably always be somebody that might be looking for them,
>> I've always had that feeling with RPMs compared to Debs.
> Can you elaborate here on how RPMs are different to .debs?
>
> What do you expect, when you're installing these packages?
> Do you expect them to work? Do you expect, they won't create
> a security issue? Do you want to be able to use them in
> production? Is there a value in distributing something, which
> doesn't work (anymore)?
>
> What happens, if there is an issue, or a distributed rpm contains
> a CVE? In that case, we'd actively distribute vulnerable software.
> I always wondered, why someone would ask for software with
> a vulnerability (or more).
>
> This is to get expectations right[1]. It might look good at the
> beginning, but can turn bad quite quickly.
>
> Matthias
>
> [1] https://twitter.com/AwardsDarwin/status/1003934362403049472
_______________________________________________
dev mailing list
dev(a)lists.rdoproject.org
http://lists.rdoproject.org/mailman/listinfo/dev
To unsubscribe: dev-unsubscribe(a)lists.rdoproject.org
2360
days inactive
2361
days old
4 comments
4 participants
participants (4)
-
Alan Pevec -
Matthias Runge -
Phill. Whiteside -
Tobias Urdin