[rdo-dev] openstack-newton rpm packages unavailable now

Phill. Whiteside phillwuk at gmail.com
Thu Jun 7 09:51:38 UTC 2018 

Hi,

also totally off topic. I was asked to gather up all the lubuntu
releases[1] as I also removed them at EoL. turns out that there are still
586 cpu's out there!! And, yes, I am still one missing - the very 1st one.

Regards,

Phill.
1. http://phillw.net/isos/lubuntu/





On 7 June 2018 at 10:17, Tobias Urdin <tobias.urdin at crystone.com> wrote:

> I'm not talking about quality, security or basically nothing in between
> either.
> Just the plain annoyance when packages are removed from mirrors.
>
> Lets just pretend for a while you're new at a job, and the most common
> thing is you inherit old setups.
>
> On that day you inherit an old OpenStack setup, on an old version, and
> the next version
> to upgrade does not exist in mirrors so you have no packages, and you
> cannot jump any more forward
> without a lot of work.
>
> We all know and have agreed in the community surveys so many times that
> upgrades are are hard.
> Well just let me end it with, I don't envy a person being in that
> situation...
>
> Best regards
>
> On 06/07/2018 10:38 AM, Matthias Runge wrote:
> > On Thu, Jun 07, 2018 at 05:13:06AM +0000, Tobias Urdin wrote:
> >> Just sliding in with my 2 cents which are off-topic to the discussion
> but...
> >>
> >> I've always found it fascinating why one would completely remove
> >> packages from official mirrors when the version is not supported
> anymore.
> >> There will probably always be somebody that might be looking for them,
> >> I've always had that feeling with RPMs compared to Debs.
> > Can you elaborate here on how RPMs are different to .debs?
> >
> > What do you expect, when you're installing these packages?
> > Do you expect them to work? Do you expect, they won't create
> > a security issue? Do you want to be able to use them in
> > production? Is there a value in distributing something, which
> > doesn't work (anymore)?
> >
> > What happens, if there is an issue, or a distributed rpm contains
> > a CVE? In that case, we'd actively distribute vulnerable software.
> > I always wondered, why someone would ask for software with
> > a vulnerability (or more).
> >
> > This is to get expectations right[1]. It might look good at the
> > beginning, but can turn bad quite quickly.
> >
> > Matthias
> >
> > [1] https://twitter.com/AwardsDarwin/status/1003934362403049472
>
> _______________________________________________
> dev mailing list
> dev at lists.rdoproject.org
> http://lists.rdoproject.org/mailman/listinfo/dev
>
> To unsubscribe: dev-unsubscribe at lists.rdoproject.org
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.rdoproject.org/pipermail/dev/attachments/20180607/78acfb26/attachment.html>

More information about the dev mailing list