Weekly Edition
Return to the Press page
| |||||||||||
Bitten by the Red Hat Perl bug (InfoWorld)
InfoWorld's Neil McAllister
investigates a bug with Perl's object instantiation
on Red Hat Linux.
"To make a long story short, he got rid of the Perl executable that came with his CentOS installation, compiled a new one from stock source code, and the bug disappeared. Clearly, the Perl hackers are blameless in this case. The fault lies squarely with Red Hat for distributing a buggy version of the interpreter.
What's more disturbing, however, is that it turns out that this Red Hat Perl performance issue is a known bug. It was documented and verified long before Prakash ever raised a stink about it. How long? Try 2006, according to Red Hat's own Bugzilla database."
(Log in to post comments)
Bitten by the Red Hat Perl bug (InfoWorld) Posted Aug 28, 2008 12:08 UTC (Thu) by pr1268 (subscriber, #24648) [Link] Seems like an argument against using RH/CentOS (or any big-name distro that makes significant changes to upstream code before distributing it themselves). I'm glad McAllister reported this issue as I suspect this isn't the first time this has happened. Is there any major distro that only packages unaltered code from the upstream developers? Linux From Scratch comes to mind, and Gentoo and Slackware seem close to this model. Disclosure: I am a Slackware user, and its philosophy of releasing upstream projects (relatively) unmodified is one of the main reasons I use it.
Giving credit where it's due Posted Aug 28, 2008 12:52 UTC (Thu) by pr1268 (subscriber, #24648) [Link] I'm glad McAllister reported this issue Correction of sorts: Neil McAllister was reporting for InfoWorld, and it's a decent read, but the original reporter was Vipul Ved Prakash in his blog (linked in McAllister's article). Prakash's article is also an interesting and enlightening article.
Bitten by the Red Hat Perl bug (InfoWorld) Posted Aug 29, 2008 1:35 UTC (Fri) by mikachu (guest, #5333) [Link]
Gentoo usually applies tons of patches to packages, examples that come to mind are php and xmms. Most packages have the patches in the package system in /usr/portage, but some have so many that they're bundled in patch archives that are on the distfiles mirrors.
Bitten by the Red Hat Perl bug (InfoWorld) Posted Aug 28, 2008 12:21 UTC (Thu) by arjan (subscriber, #36785) [Link]
Funny that he blames Red Hat for a bug in CentOS.....
even though it's probably a shared bug, it's just dishonest to blame a company who's product you don't even use for a bug, and who's support you haven't even consulted...
Bitten by the Red Hat Perl bug (InfoWorld) Posted Aug 28, 2008 12:37 UTC (Thu) by ncm (subscriber, #165) [Link]
It's not dishonest. If it's Red Hat's bug, blame Red Hat.
I remember when Red Hat broke sort(1), so that "sort -n" didn't work any more. Somebody I talked to from Red Hat thought that was OK, because they had also added a new feature which, I guess, worked. That was a long time ago. :-)
Bitten by the Red Hat Perl bug (InfoWorld) Posted Aug 28, 2008 12:39 UTC (Thu) by arjan (subscriber, #36785) [Link]
you were right if the OS used was an actual Red Hat OS.
It wasn't.
Bitten by the Red Hat Perl bug (InfoWorld) Posted Aug 28, 2008 12:45 UTC (Thu) by JoeBuck (subscriber, #2330) [Link] CentOS uses Red Hat's source RPMs. It is exceedingly unlikely that you'll find a CentOS bug that isn't a Red Hat bug.
Bitten by the Red Hat Perl bug (InfoWorld) Posted Aug 28, 2008 16:20 UTC (Thu) by rahulsundaram (subscriber, #21946) [Link]
I wouldn't call it exceeding unlikely and those issues are not necessarily the fault or rebuilders. Besides if you are a RHEL customer, you would have got a hotfix for this issue a while back
Bitten by the Red Hat Perl bug (InfoWorld) Posted Aug 28, 2008 18:03 UTC (Thu) by rise (subscriber, #5045) [Link]
Err, no - read the articles & posts. It's a Red Hat issue that CentOS inherited and if you check with current RHEL customers they can tell you that the fixes have been slow to come and insufficient. Cutting Perl performance by a factor of 100 and then "fixing" it to only a 50x performance drop (or even 10x) isn't good support.
Bitten by the Red Hat Perl bug (InfoWorld) Posted Aug 28, 2008 18:59 UTC (Thu) by qg6te2 (subscriber, #52587) [Link] [an] issue that CentOS inheritedCentOS is not commercially supported. Period. If the recent re-discoverer of the perl bug (Vipul Ved Prakash) had been using RHEL (and hence had a support contract) he may have had a more direct recourse to getting it fixed, notwithstanding Red Hat's (current) low priority on the bug. Instead of moaning about it on his blog, he would have had the right to raise a stink with Red Hat directly.
Bitten by the Red Hat Perl bug (InfoWorld) Posted Aug 29, 2008 3:29 UTC (Fri) by felixfix (subscriber, #242) [Link]
None of that changes the fact that if the CentOS perl is straight from RedHat, and that is where the bug originated, it is a RedHat bug. If the bug originated within Perl HQ, RedHat coped it, and CentOS copied RedHat, it would be a Perl bug. If CentOS modified what they got from RedHat and thereby introduced the bug, it would be a CentOS bug.
Bitten by the Red Hat Perl bug (InfoWorld) Posted Aug 29, 2008 8:58 UTC (Fri) by rsidd (subscriber, #2582) [Link]
Oh please. If it had been an upstream perl bug, and had been reported by a Red Hat user who found that the bug was reproducible from pristine perl sources, would you have called it "dishonest" to blame upstream, and asked Red Hat to accept blame?
Red Hat takes from the perl people. CentOS takes from Red Hat. This bug was introduced by Red Hat. CentOS does not do their own development and entirely piggybacks on Red Hat, (which is legal, though it's not a distribution I'd use).
Bitten by the Red Hat Perl bug (InfoWorld) Posted Aug 28, 2008 12:31 UTC (Thu) by aliguori (subscriber, #30636) [Link]
If you read through the bug report, it was only reported in RHEL in November of 2007. That's less than a year ago which was well past the RHEL5.1 timeline. The fix is scheduled for RHEL5.3.
So there was a single update that the bug wasn't fixed in after it was reported. It sucks that it affected this guy, but this isn't at all unreasonable.
Bitten by the Red Hat Perl bug (InfoWorld) Posted Aug 28, 2008 12:49 UTC (Thu) by gnb (subscriber, #5132) [Link]
Except that what appears to be the same bug (same symptoms and caused by
the RH patch for the same original problem) was first reported 2006-06-27, which makes it rather less reasonable. Either they've been very slow fixing it, or their regression testing is poor and they've reintroduced it.
Bitten by the Red Hat Perl bug (InfoWorld) Posted Aug 28, 2008 21:59 UTC (Thu) by mattdm (subscriber, #18) [Link]
Unfortunately, there's always been an issue of poor communication of bugs between RHEL and Fedora. And it goes both ways: a while ago, there was a trivial local root exploit that was fixed in the RHEL version of perl-suidperl, but it took months to get the corresponding fix into Fedora.
What a load of crap. Posted Aug 28, 2008 14:14 UTC (Thu) by smoogen (subscriber, #97) [Link]
The writers conclusion that no Linux distribution is up for the Enterprise and people should use Sun was real "fair and balanced" reporting. It has been my experience that usually takes 12-24 months for a performance issue to get fixed by Sun, IBM, or HP. It seemed the more money you paid in a service contract, the longer you had to wait.
The funny thing is the patch that breaks things looks to be an upstream patch to fix a real bug in 5.8.8.
http://rt.perl.org/rt3/Public/Bug/Display.html?id=34925
Whee.
What a load of crap. Posted Aug 28, 2008 14:40 UTC (Thu) by jwb (subscriber, #15467) [Link]
12-24 months? LUXURY! There are serious bugs in the Java bug database which have been unfixed since the mid 1990s. Now that the source code has been released, a lot of these serious bugs have been revealed for the low-hanging fruit everybody thought they were all along.
If the author wanted to pick an exemplar of fast bug fixing, he should have picked someone other than Sun.
What a load of crap. Posted Aug 28, 2008 14:45 UTC (Thu) by chromatic (subscriber, #26207) [Link] The funny thing is the patch that breaks things looks to be an upstream patch to fix a real bug in 5.8.8. Nicholas Clark, the release manager for Perl 5.8.x commented on this bug. In particular, this problem was never present in any released version of Perl. Red Hat incorporated a pre-release patch into their version of Perl and maintained it across stable Perl releases, even though it was no longer appropriate, without contacting upstream. Backporting and maintaining cherry-picked patches from upstream without contacting upstream is generally a bad idea.
Bitten by the Red Hat Perl bug (InfoWorld) Posted Aug 28, 2008 15:16 UTC (Thu) by trasz (guest, #45786) [Link]
FreeBSD ftw! ;-)
Bitten by the Red Hat Perl bug (InfoWorld) Posted Aug 28, 2008 16:09 UTC (Thu) by MattPerry (subscriber, #46341) [Link]
This is another example of what is wrong with having the distro vendors mucking about with software instead of shipping the stock software. First the Debian messes up OpenSSH because they tried to tweak something instead of leaving it alone. Now this. It makes me wonder how much other stuff is broken in these distros because the vendors wanted to fiddle with things.
Bitten by the Red Hat Perl bug (InfoWorld) Posted Aug 28, 2008 16:19 UTC (Thu) by Sutoka (guest, #43890) [Link]
On the other hand, theres probably at least as many cases where the Distro *fixes* problems that upstream hadn't dealt with, or maybe only in a version that can't be shipped *cough*Firefox*cough*.
I think the /real/ lesson to take from this is to try to work as closely with upstream as possible, trying to get any of your patchs upstream so you can stop worrying about them.
Bitten by the Red Hat Perl bug (InfoWorld) Posted Aug 28, 2008 16:37 UTC (Thu) by MattPerry (subscriber, #46341) [Link] On the other hand, theres probably at least as many cases where the Distro *fixes* problems that upstream hadn't dealt with, or maybe only in a version that can't be shipped *cough*Firefox*cough*.I agree, but I'd much rather see those patches make it into the upstream repository instead. Don't put the patches into the distro if they aren't in the upstream. As for Firefox, Mozilla should be encouraged to create their own debs and rpms. Then all users need to do is add the Mozilla repository to their sources list and apt-get (or yum) to install. It's already that easy for Windows users. I would hope that Linux users would have it just as easy in the future.
Bitten by the Red Hat Perl bug (InfoWorld) Posted Aug 28, 2008 17:21 UTC (Thu) by vmole (subscriber, #111) [Link] As for Firefox, Mozilla should be encouraged to create their own debs and rpms. PLEASE GHOD NO NO NO! There. I feel better. Upstream supplied .debs are almost always policy-ignoring disasters (excluding those where upstream is *also* a Debian developer). You may think Debian Policy is a lot of useless bureaucracy, but it's why several thousand random packages can work together.
Bitten by the Red Hat Perl bug (InfoWorld) Posted Aug 28, 2008 17:59 UTC (Thu) by MattPerry (subscriber, #46341) [Link]
Debs can be installed on more systems than just Debian. Could you elaborate on the policy-ignoring disasters portion? I'm not familiar with how independent debs have worked out in the past.
Bitten by the Red Hat Perl bug (InfoWorld) Posted Aug 29, 2008 6:07 UTC (Fri) by jengelh (subscriber, #33263) [Link]
Like 64-bit libraries put into /usr/lib instead of /usr/lib64. Nvidia's manual installer likes to do that sort of crap for example.
Or stuffing things in hilarious locations, like H-Sphere RPMs do.
Bitten by the Red Hat Perl bug (InfoWorld) Posted Aug 29, 2008 8:57 UTC (Fri) by spot (subscriber, #15640) [Link]
You know, like FHS says to do? Oh wait, I forgot Debian is continuing to pretend that part of the FHS doesn't exist.
http://www.pathname.com/fhs/pub/fhs-2.3.html#LIB64
P.S. It's not optional. It's only optional for that directory to exist on an architecture that doesn't need it.
Bitten by the Red Hat Perl bug (InfoWorld) Posted Aug 29, 2008 11:40 UTC (Fri) by vmole (subscriber, #111) [Link] Well, let's see: /lib64 and /lib32 : 64/32-bit libraries (architecture dependent) The 64-bit architectures PPC64, s390x, sparc64 and AMD64 must place 64-bit libraries in /lib64, and 32-bit (or 31-bit on s390) libraries in /lib. The 64-bit architecture IA64 must place 64-bit libraries in /lib. It's not even self-consistent: the title says "/lib32" but the text says "/lib". Anyway, the Debian folks are trying to get multiarch implemented so that we have a general long-term solution. In the meantime, the assumption is that Debian is about free software that can be packaged for a specific architecture.
multiarch is vaporware Posted Aug 29, 2008 13:55 UTC (Fri) by dlang (subscriber, #313) [Link]
we are about to hit the second major debian release since multiarch was trotted out as "no, we won't implement things the way everyone else does, we will do this instead", and as far as I can see it's still not fully defined, let alone implemented anywhere. it's not even in the unstable branch, which means that it's extremely unlikly to be in the next stable series after Lenny (which means that it won't matter to most people for several years more)
Bitten by the Red Hat Perl bug (InfoWorld) Posted Aug 31, 2008 17:24 UTC (Sun) by salimma (subscriber, #34460) [Link]
The current multiarch implementation is rather unfortunate. The GNUstep-esque solution is much nicer: have a sub-directory for each architecture under /usr/lib. Do the same for /usr/bin. And while at it, go the full distance and allow for application and framework (library) bundles as well.
The more self-contained applications can be, the less can go wrong with upstream-created packages.
Bitten by the Red Hat Perl bug (InfoWorld) Posted Sep 4, 2008 8:21 UTC (Thu) by pj (subscriber, #4506) [Link]
How 'GNUstep-esque' is Gobolinux?
Bitten by the Red Hat Perl bug (InfoWorld) Posted Aug 29, 2008 11:54 UTC (Fri) by vmole (subscriber, #111) [Link] Could you elaborate on the policy-ignoring disasters portion? Just a a random sample:
Which isn't to say that "official" Debian packages are always perfect, but they get fixed or dropped. My point is that not that upstreams are stupid or evil, they're not. They're just busy, and proper packaging for a distribution is more than just "the package installs on my system okay." Everybody (mostly) agrees that it's better to get your driver into the main kernel tree rather than keep it separate. Likewise, better to get your package into the main distribution archives.
Bitten by the Red Hat Perl bug (InfoWorld) Posted Sep 8, 2008 12:17 UTC (Mon) by cortana (subscriber, #24596) [Link]
Random example off the top of my head: Plesk. It's debs contain monstrous, 2000-line maintainer scripts that are hideously unreliable; making it pretty much impossible to ever remove them after the system has been touched by them.
Policy-respecting .debs? Posted Aug 28, 2008 20:02 UTC (Thu) by GreyWizard (subscriber, #1026) [Link]
As someone daft enough to try creating a policy-respecting Debian package I'm not surprised. Debian's policy guide is somniferous, the messages produced by the policy lint tool are inscrutable and the changes required are arcane. I find it hard to fathom how these elaborate rules actually help, especially now that Fedora is catching up in package count without comparable fuss.
Policy-respecting .debs? Posted Aug 30, 2008 11:34 UTC (Sat) by tzafrir (subscriber, #11501) [Link]
Could you please give an example to such a case where lintian gives messages you cannot understand?
Can you give example of an arcane rule that has actually bothered you?
Policy-respecting .debs? Posted Sep 1, 2008 12:22 UTC (Mon) by GreyWizard (subscriber, #1026) [Link]
Something is inscrutable when it is not readily understood, not merely when it's utterly incomprehensible. So I can't give you an example of a lintian error or warning I'm not able to comprehend after enough research. But I can give you examples that aren't obvious to someone who is not a Debian expert but is capable of building software packages:
E: <pkgname>: no-shlibs-control-file usr/lib/lib<pkgname>.so.0.0.0
Digging up the meaning of these is possible, and I've done it, but it's rather a lot of bother compared to the process of creating an RPM.
As for examples of the arcane I hardly know where to begin. Why should I need a shlibs control file for a simple libtool shared library? Aren't there reasonable default assumptions that could be made? Why is it forbidden to set the executable bit on such libraries? That's the way they come out of the build process after all and somehow RPM based distributions survive that calamity. Why is it wrong to ship .pyc files? Why should my .py files be executable when they are meant to be used only as libraries (I feed the files to python directly when running built-in unit tests)?
I'm sure there are answers to all of these questions for those with the fortitude to dig through the Debian Policy Guide -- and do enlighten me if you happen to know them. But the notion that such exhaustive policy is necessary to make a large distribution coherent just isn't credible.
Policy-respecting .debs? Posted Sep 1, 2008 14:44 UTC (Mon) by vmole (subscriber, #111) [Link] Digging up the meaning of these is possible, and I've done it, but it's rather a lot of bother compared to the process of creating an RPM. So the fact that Debian provides tools that point out mistakes in packaging is bad. Hmmm. Do you turn off compiler warnings that you don't understand? I can't speak to the shared library issues, but the reason you don't ship .pyc files is so that the install system can build the python version specific .pyc files according to which versions are on the user's system. Also, you don't ship preprocessed man pages, right? And I don't know why you think python library files have to be executable; the ones on my system aren't. Finally, if these are real issues, you should discuss them on the Debian python list, where the experts are. Finally, it should be noted that pretty much every item in Debian Policy is there for reason, for solving a real problem. They don't add stuff just to be difficult. Sometimes it's "do X because Y is wrong", and sometimes it's "We can do X or Y, either would be right, but we choose X." Consistency is worth something.
Policy-respecting .debs? Posted Sep 2, 2008 9:50 UTC (Tue) by GreyWizard (subscriber, #1026) [Link]
Where do you find evidence to support the absurd conclusion that I would prefer to have policy problems hidden from me? I'll go through this again using small words: the policy is complex, the lint tool mumbles and the documentation is poorly organized. Your explanation about .pyc files makes sense and I would thank you for it if not for the tone of the rest of your post. I don't know why .py files should be executable. All I know is that lintian complains when mine aren't. Perhaps there is some arcane incantation I haven't mastered which makes that acceptable. And yes, I know there are reasons for the policy -- in fact I said exactly that the message you replied to. (Consider reading posts before you reply to them in the future.)
But having a reason is not the same as having a good reason. From the perspective of an outsider who just wants to create a policy compliant package the documentation, tools and (at least if you are a representative example) developers are decidedly unfriendly. In light of that the fact that packages created by people who aren't committed Debian developers are "policy-ignoring disasters" is no surprise.
Policy-respecting .debs? Posted Sep 2, 2008 11:25 UTC (Tue) by vmole (subscriber, #111) [Link] And we are back to my original point: upstream developers often do not have the time or interest to create proper distribution packages. That's fine. Leave it to the experts. That's the whole point of a distribution: combine hundreds or thousands of disparate pieces of software into a coherent whole. Why would you expect that to be simpler than a writing a single program?
Policy-respecting .debs? Posted Sep 2, 2008 12:13 UTC (Tue) by GreyWizard (subscriber, #1026) [Link]
Attempting to create a policy compliant package (and even arguing about the obstacles) is a way of trying to contribute in a small way. You seem to be suggesting that anyone who isn't willing to make the large investment of time and effort to actually become a Debian developer shouldn't be bothering at all. I can live with that. It doesn't cost me anything to stop running lintian. But giving up community good will for .so files without executable bits seems like a poor trade to me.
Policy-respecting .debs? Posted Sep 2, 2008 12:49 UTC (Tue) by vmole (subscriber, #111) [Link] No, I'm suggesting that anyone who isn't willing to read the relevant parts of Policy, and fix the relevant lintian errors, should let someone else build the distro-specific packages. Supplying broken packages is NOT contributing. If you want to contribute to the Linux Kernel, then you are expected to understand how the parts work, and to follow the established coding conventions, even if you don't see the point of them. And just to be perfectly clear: I don't think you are a bad person for not wanting to invest the time. Lots of people can (and do) create distro packages. They're good at it. You should spend your time doing whatever it is you want to do, and do it well. Better you fix a bug in your code, or add a feature, than worry about Debian shared library permissions.
Policy-respecting .debs? Posted Sep 2, 2008 13:45 UTC (Tue) by GreyWizard (subscriber, #1026) [Link]
Why would I run lintian at all if I thought supplying broken packages was acceptable? I complained about a few specific cases where the policy is arcane because I was explicitly asked to do so above, not because I believe I shouldn't have to follow the established conventions.
I'm touched by your concern for how I spend my time, but arguing against points I haven't actually advanced is probably not a good use of yours.
Policy-respecting .debs? Posted Sep 2, 2008 3:58 UTC (Tue) by tzafrir (subscriber, #11501) [Link]
In that case you should run lintian with the option -i to provide you more information about those errors/warnings , as well as a reference to thew relevant section in the policy manual.
no-shlibs-control-file:
Although the package includes a shared library, the package does not
Section 8.6: http://www.debian.org/doc/debian-policy/ch-sharedlibs.htm...
non-dev-pkg-with-shlib-symlink:
Although this package is not a `-dev' package, it installs a
Shared libraries are supposed to place such symbolic links in their
However, if this is a small package which includes the runtime and the
Section 8.4: http://www.debian.org/doc/debian-policy/ch-sharedlibs.htm...
The executable bit should only be set where it is needed. For scripts. Shared libraries don't need to be executable. If you use the recommended toolchain this will mostly be done for you. I can't think of a specific problem caused by this, but this is the general rule here. Don't mistake /usr/lib for /usr/libexec .
As for the other issues you have raised:
I'm not sure I can easily answer all of your questions. But here's an example: you don't ship .pyc files because you can't tell in advance with what version of python (and potentially: with what other libraries) the code will build. So those are likely to change. See the python policy manual for the exact details:
Also, if the file is has a '#!', it is probably intended to be executable. If you have some python code that is only intended to be used as a module and not as an executable, remove the '#!' from the first line. Chances are you merely forgot to set a script as executable (note that lintian here gives you a warning rather thna an error). Actually python modules are often have a small main for a simple test driver.
Policy-respecting .debs? Posted Sep 2, 2008 10:02 UTC (Tue) by GreyWizard (subscriber, #1026) [Link]
That's quite helpful, thank you. Still, the point I'm trying to make is that all this is quite hard to master. There are surely things Debian can do to be more friendly to people who want to create packages that conform to their policies. One concrete suggestion is to make the more informative mode the default for lintian. Experts can set whatever switch is necessary to get more concise output.
Bitten by the Red Hat Perl bug (InfoWorld) Posted Aug 29, 2008 3:04 UTC (Fri) by epa (subscriber, #39769) [Link]
Well RPM version 3 is the LSB standard package format and doesn't carry the Debian-policy baggage, so surely Mozilla should just use that? Built against some suitably ancient distribution to make sure it works everywhere.
The one big black mark against using RPMs for distributing third-party software is that there is no easy way for a user to install the software in their own home directory. You have to be root.
Bitten by the Red Hat Perl bug (InfoWorld) Posted Aug 29, 2008 8:59 UTC (Fri) by spot (subscriber, #15640) [Link]
That's not entirely true. You can install to a rpm root in your homedir, it just won't be able to resolve dependencies sanely, and you'd need to add directories to your path.
Bitten by the Red Hat Perl bug (InfoWorld) Posted Sep 8, 2008 14:34 UTC (Mon) by epa (subscriber, #39769) [Link]
Yes... no easy way. And all RPMs, in practice, are built to install into / and nowhere else. It is a shame they are not relocatable.
Bitten by the Red Hat Perl bug (InfoWorld) Posted Aug 28, 2008 19:00 UTC (Thu) by Sutoka (guest, #43890) [Link]
>Don't put the patches into the distro if they aren't in the upstream.
So the distro will have to wait for a new release of the package before they could include it?
>As for Firefox, Mozilla should be encouraged to create their own
How is an extra step *easier*? I can't think of any distro thats not extremely niche that doesn't include Firefox in their default repositories. Mozilla also has a tendency to not support older versions of Firefox that some distros ship.
I can't possibly understand how having people that don't know much about your distro make packages for it, force you to manually add their repository to your lists, and then manually fetch it (post install) would be better than the people that know what they're doing making the package.
IMO, saying upstream should provide all packages (hell, for the application I write I don't even provide RPMs for the distro I run!) or banning distros from patching is simply a knee-jerk reaction to a quite rare occurrence.
Bitten by the Red Hat Perl bug (InfoWorld) Posted Aug 29, 2008 8:55 UTC (Fri) by MattPerry (subscriber, #46341) [Link]
> So the distro will have to wait for a new release of the package before
> they could include it?
Exactly. Ideally, distros shouldn't be shipping the software at all. If the vendor packages it, and you have the vendor's repository in your software update list, then you can update that package (or not) independent of the distro's time line.
> How is an extra step *easier*? I can't think of any distro thats not
In the following, let us assume that Firefox could be any application.
What is easier is that one can upgrade their operating system or the application independent of each other without having to learn the details of system administration. Right now, if I want a new version of Firefox, I have to upgrade my entire operating system which I do not want to do. This will also upgrade all of the other packages on my system. That's a big change just to get a new version of one program.
I could install Firefox from source, or install the binary from Mozilla, but then I am venturing into system administration territory. I have to open a shell and type commands, figure out where to put the files, adjust paths, etc.
Contrast this with Windows users who have the ease of just double-clicking the icon to start the installer. Windows users can upgrade software without having to upgrade everything else on their computer. Likewise, they can upgrade their OS and then reinstall older versions of application software with the same ease as installing the new.
Modern linux distros assume that everyone wants to run the latest versions of software on their systems. For people such as myself who may want to run a mix of software versions there is no easy way to do so. No current Linux distros cater to my desktop needs.
Bitten by the Red Hat Perl bug (InfoWorld) Posted Aug 29, 2008 9:28 UTC (Fri) by Sutoka (guest, #43890) [Link]
>Exactly. Ideally, distros shouldn't be shipping the software at
>all.
So we'd be abolishing Linux distros and relying on upstream to package their software against the magical combination of libraries on your system? Yeah, good luck with that happening.
>If the vendor packages it, and you have the vendor's
You'd need all the repositories for all of the dependencies. You'd also need the same repositories as upstream used, otherwise ABI incompatibilies might prevent it from working at all. You'd also have no way to be sure that your packages won't collide with each other, as theres no central authority making the packages to prevent that from happening.
Basically, it'd be an absolute nightmare.
>Modern linux distros assume that everyone wants to run the
Distros often include a backports repository for stuff like that. And just because the current distros don't fit *your* needs, doesn't mean they don't fit the needs of the most people as far as packaging is concerned.
Bitten by the Red Hat Perl bug (InfoWorld) Posted Aug 29, 2008 9:35 UTC (Fri) by MattPerry (subscriber, #46341) [Link]
> So we'd be abolishing Linux distros and relying on upstream to package
> their software against the magical combination of libraries on your > system? Yeah, good luck with that happening.
If a distro is LSB compliant and the package is built to work on LSB compliant system, then there won't be a problem.
> You'd need all the repositories for all of the dependencies. You'd also
Again, LSB compliance. The packages are built to a standard and the distros support this standard. This isn't rocket science.
> Distros often include a backports repository for stuff like that.
So I have to depend on the distro maintainers to support older versions? Are there backports of every package in the repository? Are the repositories in the sources list by default?
> And just because the current distros don't fit *your* needs, doesn't
Just because they do fit your needs doesn't mean they fit the needs of most people as far as packaging is concerned.
Bitten by the Red Hat Perl bug (InfoWorld) Posted Aug 29, 2008 15:11 UTC (Fri) by Sutoka (guest, #43890) [Link]
>If a distro is LSB compliant and the package is built
>to work on LSB compliant system, then there won't be a problem.
So now no software can have dependencies on software not included in the LSB? Or are all non-LSB dependencies going to have to be statically compiled in or shipped with the package in some way? Neither of those are a very nice solution... If you don't do either, you just push the problem up slightly higher.
>Just because they do fit your needs doesn't mean they fit
Quite few people complain about the current system, and lots of people tout the current system as being one of Linux's big advantages. This is while lots of people complain about how it works on Windows, with most software not having any auto update mechanism, and the developers that do each have their own implementation (Windows Update vs Adobe Updater vs Steam vs Firefox's vs etc).
Bitten by the Red Hat Perl bug (InfoWorld) Posted Aug 29, 2008 11:18 UTC (Fri) by vonbrand (subscriber, #4458) [Link] What is easier is that one can upgrade their operating system or the application independent of each other without having to learn the details of system administration. Right now, if I want a new version of Firefox, I have to upgrade my entire operating system which I do not want to do. This will also upgrade all of the other packages on my system. That's a big change just to get a new version of one program.
That's called "dependencies", i.e., shiny new <foo> package needs new The price you pay for fast, solid progress is that old code is just left behind. Just like a stable API in the kernel is nonsense, it applies in userland.
Bitten by the Red Hat Perl bug (InfoWorld) Posted Aug 28, 2008 19:32 UTC (Thu) by sbergman27 (subscriber, #10767) [Link]
Red Hat, and by extension, CentOS are very conservative about changes made during the course of a stable series, and certainly during an individual release. More so than a lot of Linux users are prepared for. However, I agree with their policies. A fix for some users may break things for others.
In, I believe, CentOS 4.1, the fuser command had some weird and extraneous debugging text appear on stdout or stderr when the "-n" option was used. Just a piece of a word, with a ":" after it, followed by the expected process id list. Looked quite confusing on the screen. I reported it, and included the trivial patch, but it was not immediately fixed because existing installations could very well have workarounds in scripts in place which could break if the bug was fixed mid-release. Actually, I don't think it was fixed in the 4.2 either, as they said that they already had enough changes going into that for one update.
Such things can be a slight bummer and force one to apply workarounds. But I very *rarely* have a nightly CentOS server yum update surprise me unpleasantly or unexpectedly.
Bitten by the Red Hat Perl bug (InfoWorld) Posted Aug 29, 2008 1:02 UTC (Fri) by zlynx (subscriber, #2285) [Link]
Yes, they can be conservative about change. I'm OK with that, usually. The thing that gets me is that the RedHat guys seem to have a habit of ignoring bugs filed against previous releases. So what happens is the bug gets put off during stable and ignored when they rev the version.
For one example: I had a bug report filed way back in 2000 against RedHat's customized versions of useradd,passwd,chsh,etc. Later I saw someone else file a bug for the exact same problem in 2004! No one had fixed it. The bug was still open, filed against RH 7.3. RH 8 and 9 and AS2.1 had come and gone in the meantime.
There was another one against mkinitrd that I remember. I looked at the changelog a couple years later and that problem had been fixed, purely by accident I believe. The bug hadn't been closed.
If only they'd read their Bugzilla from 2001 I bet they'd find a lot of things to fix.
Bitten by the Red Hat Perl bug (InfoWorld) Posted Aug 29, 2008 9:07 UTC (Fri) by charlieb (subscriber, #23340) [Link]
> The thing that gets me is that the RedHat guys seem to have a habit of
> ignoring bugs filed against previous releases.
That's probably true of nearly every busy software distributor.
> If only they'd read their Bugzilla from 2001 I bet they'd find a
That's also probably true of nearly every busy software distributor. It's an expensive process to re-triage every old bug report against every new version of software. Squeaky wheels get the oil.
Bitten by the Red Hat Perl bug (InfoWorld) Posted Aug 29, 2008 11:10 UTC (Fri) by zlynx (subscriber, #2285) [Link]
"Squeaky wheels get the oil."
I guess that's a problem when developers file bugs. I had already fixed my problems and built customized RPMs, so I had no reason to be squeaky.
Stable distro policy and what is important Posted Aug 29, 2008 1:49 UTC (Fri) by MilanKerslager (guest, #53653) [Link]
If this is a real problem, the fix should be available in FastTrack channel in RHN. Anybody is free to use the source RPM to rebuild package with pre-fix. CentOS does not do this (does not utilize FastTrack to help users) and they are not willing to make fix if RH does not, but in the same time they are "fixing" even RH does not.
In both cases the problem is in the question "what is really importatnt for us" and the answer could be different for distro maker, paying user, user or developer. At the end we have to ask if the problem is really major for major part of RH/CentOS users.
Stable distro policy and what is important Posted Aug 29, 2008 10:34 UTC (Fri) by skvidal (subscriber, #3094) [Link]
Centos does have fasttrack:
http://mirror.centos.org/centos-5/5.2/fasttrack/
Just like in rhel, it's not enabled by default.
Stable distro policy and what is important Posted Aug 30, 2008 12:44 UTC (Sat) by MilanKerslager (guest, #53653) [Link]
Yes, but is EMPTY :-(
Bitten by the Red Hat Perl bug (InfoWorld) Posted Aug 29, 2008 3:20 UTC (Fri) by slef (subscriber, #14720) [Link]
Small note for all those blaming Red Hat or Linux or whatever and saying "it would never happen with $FAVOURITE_PROPRIETARY_SYSTEM" - I think I've found a pretty basic build bug in Apple's Perl build supplied with MacOS X 10.5 on Intel but we're still investigating.
Bitten by the Red Hat Perl bug (InfoWorld) Posted Sep 1, 2008 15:47 UTC (Mon) by lmb (subscriber, #39048) [Link]
It is unrealistic for distributors to ship pristine upstream, always. Upstream and the distributors are not synchronized (and don't anyone mention the idea of synchronicity), and might also have different priorities about which patches to include since the last release or not.
Over the lifetime of a distribution, only selective backports are feasible, and the priority will be given to bugs reported by or affecting paying customers, or security. That a CentOS user has no pull with RHT should not really strike anyone as surprising.
Users who want sources which include the most recent bugfixes and upstream code should follow the Raw Hide or Factory versions. If you're running CentOS, RHEL, SLES, you are expecting something stable and "mature", that is to say: better the devil you know than unexpected regressions. If that's not what you want, chose differently.
|
|||||||||||