[arch-general] Change Arch's default crond
We all know the situation with dcron (it can't keep time properly) and it still is broken. No fix (or any changes for that matter) have gone into its upstream git for over a year now. There have been multiple yeah-I'll-take-a-looks from various people as well as its upstream maintainer and no work was done. I certainly don't want to offend anybody but I think it is time another crond was made quasi default by swapping it for dcron in base group. I know that users can do that themselves but the we shouldn't suggest packages we know are broken by putting them into the base group. Perhaps fcron is a fine choice. Bug report for reference: https://bugs.archlinux.org/task/18681 -- Sven-Hendrik
I can think of three considerations for a cron daemon: 1 . Minimal - its a cron daemon, it does not need to be complex 2. Active development 3. Anacron functionality As far as I can see this leaves us with fcron, dcron and cronie. Cronie probably has the highest assurance for upstream development because it is backed by redhat. But I think that having a cron daemon as default that has issues executing jobs on time and as they are defined is highly questionable.
Am 05.04.2011 09:19, schrieb Thomas S Hatch:
I can think of three considerations for a cron daemon: 1 . Minimal - its a cron daemon, it does not need to be complex 2. Active development 3. Anacron functionality
As far as I can see this leaves us with fcron, dcron and cronie. Cronie probably has the highest assurance for upstream development because it is backed by redhat. But I think that having a cron daemon as default that has issues executing jobs on time and as they are defined is highly questionable.
Before the current maintainer took over dcron, we had that same discussion. Aaron even contacted the fcron maintainer (he posted the reply to arch-general or arch-dev-public, if anyone could find the link in the archives, please post it). The author responded that he considered fcron feature-complete, so didn't develop it anymore. However, he would fix bugs when they are reported, and I think there are no known bugs right now. That said, fcron lacks /etc/cron.d/ functionality which was the most important argument against it. I personally don't need that and I like fcron a lot. As for your conditions: 1) It is very small software, 1.2MB installed, and it has lots of features. It is by no means minimal though. 2) I commented on that above. 3) dcron has @daily, @hourly and so on. In fcron, you can use standard crontab entries and add &bootrun to the beginning of the line to repeat "missed" cronjobs. I don't know cronie, so maybe you can elaborate more.
Am Wed, 06 Apr 2011 22:27:27 +0200 schrieb Thomas Bächler <thomas@archlinux.org>:
That said, fcron lacks /etc/cron.d/ functionality which was the most important argument against it. I personally don't need that and I like fcron a lot.
Are you sure about that? I mean, I didn't need /etc/cron.d, yet. So I don't know exactly, but somehow I think it has this functionality. But don't nail me down on it. I can be totally wrong regarding this. And I bet I am. ;-) Nevertheless is this feature really a knockout argument? Is this feature really necessary? Can't things in /etc/cron.d be transferred into /etc/cron.{hourly,...} or the usual fcrontab? Btw., people who really need /etc/cron.d for whatever reason can easily install a different cron daemon. The question is not to putting fcron into [core] and removing every other cron from the repos. The question is which cron shall be the default cron.
As for your conditions: 1) It is very small software, 1.2MB installed, and it has lots of features. It is by no means minimal though. 2) I commented on that above. 3) dcron has @daily, @hourly and so on. In fcron, you can use standard crontab entries and add &bootrun to the beginning of the line to repeat "missed" cronjobs.
And it runs those missed jobs reliably as soon as it's started at boot time. And I would say that this reliability is much more important than /etc/cron.d.
I don't know cronie, so maybe you can elaborate more.
As far as I know cronie doesn't have anacron features (&bootrun) like fcron has. Heiko
On Wed, Apr 6, 2011 at 2:49 PM, Heiko Baums <lists@baums-on-web.de> wrote:
Am Wed, 06 Apr 2011 22:27:27 +0200 schrieb Thomas Bächler <thomas@archlinux.org>:
That said, fcron lacks /etc/cron.d/ functionality which was the most important argument against it. I personally don't need that and I like fcron a lot.
Are you sure about that? I mean, I didn't need /etc/cron.d, yet. So I don't know exactly, but somehow I think it has this functionality. But don't nail me down on it. I can be totally wrong regarding this. And I bet I am. ;-)
Nevertheless is this feature really a knockout argument? Is this feature really necessary? Can't things in /etc/cron.d be transferred into /etc/cron.{hourly,...} or the usual fcrontab?
Btw., people who really need /etc/cron.d for whatever reason can easily install a different cron daemon. The question is not to putting fcron into [core] and removing every other cron from the repos. The question is which cron shall be the default cron.
As for your conditions: 1) It is very small software, 1.2MB installed, and it has lots of features. It is by no means minimal though. 2) I commented on that above. 3) dcron has @daily, @hourly and so on. In fcron, you can use standard crontab entries and add &bootrun to the beginning of the line to repeat "missed" cronjobs.
And it runs those missed jobs reliably as soon as it's started at boot time.
And I would say that this reliability is much more important than /etc/cron.d.
I don't know cronie, so maybe you can elaborate more.
As far as I know cronie doesn't have anacron features (&bootrun) like fcron has.
Heiko
Well, seems I am invested... :) Ok, I think that cronie is worth advanced investigation... dcron and fcron are not under active development, cronie is cronie is small - 0.20MB installed cronie is developed by Red Hat - it is not going anywhere and we have a guaranteed upgrade path As far as I can tell cronie has no deps beyond glibc and pam cronie has /etc/cron.d support cronie has configurable anacron support via an anacrontab config file cronie extends the original vixie cron package so the syntax, core feature set, etc are stable cronie implements advanced security hooks as well and can integrate with SELINUX (I am saving the "include SELINUX support in base for a latter date") At the outset I think that cronie looks to be the most viable option, but merits further investigation. -Thomas S Hatch -Arch Linux Trusted User
On Wed, Apr 6, 2011 at 4:30 PM, Thomas S Hatch <thatch45@gmail.com> wrote:
On Wed, Apr 6, 2011 at 2:49 PM, Heiko Baums <lists@baums-on-web.de> wrote:
Am Wed, 06 Apr 2011 22:27:27 +0200 schrieb Thomas Bächler <thomas@archlinux.org>:
That said, fcron lacks /etc/cron.d/ functionality which was the most important argument against it. I personally don't need that and I like fcron a lot.
Are you sure about that? I mean, I didn't need /etc/cron.d, yet. So I don't know exactly, but somehow I think it has this functionality. But don't nail me down on it. I can be totally wrong regarding this. And I bet I am. ;-)
Nevertheless is this feature really a knockout argument? Is this feature really necessary? Can't things in /etc/cron.d be transferred into /etc/cron.{hourly,...} or the usual fcrontab?
Btw., people who really need /etc/cron.d for whatever reason can easily install a different cron daemon. The question is not to putting fcron into [core] and removing every other cron from the repos. The question is which cron shall be the default cron.
As for your conditions: 1) It is very small software, 1.2MB installed, and it has lots of features. It is by no means minimal though. 2) I commented on that above. 3) dcron has @daily, @hourly and so on. In fcron, you can use standard crontab entries and add &bootrun to the beginning of the line to repeat "missed" cronjobs.
And it runs those missed jobs reliably as soon as it's started at boot time.
And I would say that this reliability is much more important than /etc/cron.d.
I don't know cronie, so maybe you can elaborate more.
As far as I know cronie doesn't have anacron features (&bootrun) like fcron has.
Heiko
Well, seems I am invested... :)
Ok, I think that cronie is worth advanced investigation...
dcron and fcron are not under active development, cronie is cronie is small - 0.20MB installed cronie is developed by Red Hat - it is not going anywhere and we have a guaranteed upgrade path As far as I can tell cronie has no deps beyond glibc and pam cronie has /etc/cron.d support cronie has configurable anacron support via an anacrontab config file cronie extends the original vixie cron package so the syntax, core feature set, etc are stable cronie implements advanced security hooks as well and can integrate with SELINUX (I am saving the "include SELINUX support in base for a latter date")
At the outset I think that cronie looks to be the most viable option, but merits further investigation.
This seems to be a monthly recurring discussion. How about not providing any default, just put all the different cron(s) in extra? I think eventually systemd will provide a cron-like service :) Cheers, Sander
On Wed, Apr 6, 2011 at 3:43 PM, Sander Jansen <s.jansen@gmail.com> wrote:
On Wed, Apr 6, 2011 at 4:30 PM, Thomas S Hatch <thatch45@gmail.com> wrote:
On Wed, Apr 6, 2011 at 2:49 PM, Heiko Baums <lists@baums-on-web.de> wrote:
Am Wed, 06 Apr 2011 22:27:27 +0200 schrieb Thomas Bächler <thomas@archlinux.org>:
That said, fcron lacks /etc/cron.d/ functionality which was the most important argument against it. I personally don't need that and I like fcron a lot.
Are you sure about that? I mean, I didn't need /etc/cron.d, yet. So I don't know exactly, but somehow I think it has this functionality. But don't nail me down on it. I can be totally wrong regarding this. And I bet I am. ;-)
Nevertheless is this feature really a knockout argument? Is this feature really necessary? Can't things in /etc/cron.d be transferred into /etc/cron.{hourly,...} or the usual fcrontab?
Btw., people who really need /etc/cron.d for whatever reason can easily install a different cron daemon. The question is not to putting fcron into [core] and removing every other cron from the repos. The question is which cron shall be the default cron.
As for your conditions: 1) It is very small software, 1.2MB installed, and it has lots of features. It is by no means minimal though. 2) I commented on that above. 3) dcron has @daily, @hourly and so on. In fcron, you can use standard crontab entries and add &bootrun to the beginning of the line to repeat "missed" cronjobs.
And it runs those missed jobs reliably as soon as it's started at boot time.
And I would say that this reliability is much more important than /etc/cron.d.
I don't know cronie, so maybe you can elaborate more.
As far as I know cronie doesn't have anacron features (&bootrun) like fcron has.
Heiko
Well, seems I am invested... :)
Ok, I think that cronie is worth advanced investigation...
dcron and fcron are not under active development, cronie is cronie is small - 0.20MB installed cronie is developed by Red Hat - it is not going anywhere and we have a guaranteed upgrade path As far as I can tell cronie has no deps beyond glibc and pam cronie has /etc/cron.d support cronie has configurable anacron support via an anacrontab config file cronie extends the original vixie cron package so the syntax, core feature set, etc are stable cronie implements advanced security hooks as well and can integrate with SELINUX (I am saving the "include SELINUX support in base for a latter date")
At the outset I think that cronie looks to be the most viable option, but merits further investigation.
This seems to be a monthly recurring discussion. How about not providing any default, just put all the different cron(s) in extra? I think eventually systemd will provide a cron-like service :)
Cheers,
Sander
Unfortunately this particular issue is not like the good ol' syslog-ng vs rsyslog debate, this one is about the present default having bugs that upstream is not fixing. I have nothing against dcron as a cron daemon, but if upstream bugs are not being fixed than a move needs to happen. And yes, someday systemd will change my baby's diapers, but it doesn't today :) (my understanding though is that the stated position of Arch was "no systemd" btw)
Thomas S Hatch wrote:
I am saving the "include SELINUX support in base for a latter date"
my understanding though is that the stated position of Arch was "no systemd"
s/was/is/g That is also my understanding in regards to selinux. Although i am not familiar with "stated positions" about either. PS. Ntp is fine application that will keep your clock synchronised. It seems to be 5 days off. :)
On Wed, Apr 6, 2011 at 4:16 PM, Grigorios Bouzakis <grbzks@xsmail.com>wrote:
Thomas S Hatch wrote:
I am saving the "include SELINUX support in base for a latter date"
my understanding though is that the stated position of Arch was "no systemd"
s/was/is/g
That is also my understanding in regards to selinux. Although i am not familiar with "stated positions" about either.
PS. Ntp is fine application that will keep your clock synchronised. It seems to be 5 days off. :)
Yes the systemd topic keeps popping up, right now we don't know if certain upstream changes are going to force Arch into using systemd or not. In my communications with the developers I have been continually placed under the understanding that while Arch will support systemd, it will not be part of base by default. As for adding SELinux support in base but keeping it turned off by default, +1
Am Wed, 6 Apr 2011 16:25:42 -0600 schrieb Thomas S Hatch <thatch45@gmail.com>:
As for adding SELinux support in base but keeping it turned off by default, +1
Then you mean adding it to [core]. (base) is supposed to be installed on every system. And SELinux is definitely not necessary for a minimal base Linux installation. Heiko
On Wed, Apr 6, 2011 at 4:32 PM, Heiko Baums <lists@baums-on-web.de> wrote:
Am Wed, 6 Apr 2011 16:25:42 -0600 schrieb Thomas S Hatch <thatch45@gmail.com>:
As for adding SELinux support in base but keeping it turned off by default, +1
Then you mean adding it to [core]. (base) is supposed to be installed on every system. And SELinux is definitely not necessary for a minimal base Linux installation.
Heiko
SELinux is a compile flag in the kernel and base utils, it is not required for a minimal system, but just adding the compile flags is a minor change and makes setting up more secure systems a possibility. I think that the only reason it is omitted is because most people are horrified by it, but if it is disabled by default then it is off and no one need know that support is compiled in.
On Thu, Apr 7, 2011 at 6:46 AM, Thomas S Hatch <thatch45@gmail.com> wrote:
On Wed, Apr 6, 2011 at 4:32 PM, Heiko Baums <lists@baums-on-web.de> wrote:
Am Wed, 6 Apr 2011 16:25:42 -0600 schrieb Thomas S Hatch <thatch45@gmail.com>:
As for adding SELinux support in base but keeping it turned off by default, +1
Then you mean adding it to [core]. (base) is supposed to be installed on every system. And SELinux is definitely not necessary for a minimal base Linux installation.
Heiko
SELinux is a compile flag in the kernel and base utils, it is not required for a minimal system, but just adding the compile flags is a minor change and makes setting up more secure systems a possibility.
I think that the only reason it is omitted is because most people are horrified by it, but if it is disabled by default then it is off and no one need know that support is compiled in.
I would just like to chime in and point out that if we want to allow selinux, then we would need someone committed to supporting it. I have never used it myself, but from what I hear it would need to be supported by things like initscripts to be used properly. If such support can be added elegantly and securely then I am not opposed to it. Cheers, Tom
2011/4/6 Tom Gundersen <teg@jklm.no>:
On Thu, Apr 7, 2011 at 6:46 AM, Thomas S Hatch <thatch45@gmail.com> wrote:
On Wed, Apr 6, 2011 at 4:32 PM, Heiko Baums <lists@baums-on-web.de> wrote:
Am Wed, 6 Apr 2011 16:25:42 -0600 schrieb Thomas S Hatch <thatch45@gmail.com>:
As for adding SELinux support in base but keeping it turned off by default, +1
Then you mean adding it to [core]. (base) is supposed to be installed on every system. And SELinux is definitely not necessary for a minimal base Linux installation.
Heiko
SELinux is a compile flag in the kernel and base utils, it is not required for a minimal system, but just adding the compile flags is a minor change and makes setting up more secure systems a possibility.
I think that the only reason it is omitted is because most people are horrified by it, but if it is disabled by default then it is off and no one need know that support is compiled in.
I would just like to chime in and point out that if we want to allow selinux, then we would need someone committed to supporting it. I have never used it myself, but from what I hear it would need to be supported by things like initscripts to be used properly. If such support can be added elegantly and securely then I am not opposed to it.
Cheers,
Tom
I personallly dislike SELinux, so -1 -- Angel Velásquez angvp @ irc.freenode.net Arch Linux Developer / Trusted User Linux Counter: #359909 http://www.angvp.com
Could you guys elaborate on why you dislike selinux. I would appreciate it. Do you prefer AppArmor, or do you dislike that as well? On Wed, Apr 6, 2011 at 7:13 PM, Grigorios Bouzakis <grbzks@xsmail.com> wrote:
As for adding SELinux support in base but keeping it turned off by default, +1
Although this isnt a vote, mine was for no selinux at all, so its just 1. :)
2011/4/6 Ángel Velásquez <angvp@archlinux.org>:
I personallly dislike SELinux, so -1
On Wed, Apr 6, 2011 at 9:01 PM, DrCR <drcrlinux@gmail.com> wrote:
Could you guys elaborate on why you dislike selinux. I would appreciate it. Do you prefer AppArmor, or do you dislike that as well?
On Wed, Apr 6, 2011 at 7:13 PM, Grigorios Bouzakis <grbzks@xsmail.com> wrote:
As for adding SELinux support in base but keeping it turned off by default, +1
Although this isnt a vote, mine was for no selinux at all, so its just 1. :)
2011/4/6 Ángel Velásquez <angvp@archlinux.org>:
I personallly dislike SELinux, so -1
I spent quite some time as a trainer for Red Hat and taught classes on SELinux. Normally when someone disliked SELinux it was because it gave them trouble setting up a particular service. I was fed a never ending stream of stories about how SELinux had caused somebody pain. All this did was reaffirm my respect for SELinux, because it was a security layer that seasoned engineers could not bypass. But it also helped me understand when, where and how to deploy SELinux so that it was a functional security layer without becoming cumbersome. SELinux is superior to app armor in that the secity layer is cleaner and much more secure, you cannot bypass SELinux without root access, while AppArmor can be bypassed simply by discovering violations in the security. AppArmor is easier to use, but SELinux is far more secure. I think that Arch would benefit from inducing SELinux as an option because it expands the venues available for Arch Linux systems, I also think that inclusion in base of SELinux requires a minimal amount of maintenance and SELinux is completely non-intrusive if it is disabled. If you want an easy to use, yet thin layer of application level security, use AppArmor, if you want a solid security layer, learn SELinux.
On Wed, 6 Apr 2011 21:22:14 -0600 Thomas S Hatch <thatch45@gmail.com> wrote:
I think that Arch would benefit from inducing SELinux as an option because it expands the venues available for Arch Linux systems, I also think that inclusion in base of SELinux requires a minimal amount of maintenance and SELinux is completely non-intrusive if it is disabled.
It's not because some folks might benefit from SELinux, that all of a sudden it should go into base. That's really not what base is for. Dieter
On Wed, Apr 6, 2011 at 7:53 PM, Tom Gundersen <teg@jklm.no> wrote:
On Thu, Apr 7, 2011 at 6:46 AM, Thomas S Hatch <thatch45@gmail.com> wrote:
On Wed, Apr 6, 2011 at 4:32 PM, Heiko Baums <lists@baums-on-web.de> wrote:
Am Wed, 6 Apr 2011 16:25:42 -0600 schrieb Thomas S Hatch <thatch45@gmail.com>:
As for adding SELinux support in base but keeping it turned off by default, +1
Then you mean adding it to [core]. (base) is supposed to be installed on every system. And SELinux is definitely not necessary for a minimal base Linux installation.
Heiko
SELinux is a compile flag in the kernel and base utils, it is not required for a minimal system, but just adding the compile flags is a minor change and makes setting up more secure systems a possibility.
I think that the only reason it is omitted is because most people are horrified by it, but if it is disabled by default then it is off and no one need know that support is compiled in.
I would just like to chime in and point out that if we want to allow selinux, then we would need someone committed to supporting it. I have never used it myself, but from what I hear it would need to be supported by things like initscripts to be used properly. If such support can be added elegantly and securely then I am not opposed to it.
Cheers,
Tom
I like to hear that Tom! Unfortunately many people think that having SELinux compiled in means that it is running, having SELinux compiled into the core utils and the kernel but leaving it turned off has 0 negative effect on the system. Adding support for SELinux into Arch does not, in any way force anyone use it, if that were the case I would be %100 against it. I will need to set up SELinux in my datacenters very soon, because it is a very fundamental security layer, when I have it running I will give you all of the patches that the initscripts may need and make sure that they are non intrusive.
Am 07.04.2011 04:36, schrieb Thomas S Hatch:
I like to hear that Tom! Unfortunately many people think that having SELinux compiled in means that it is running, having SELinux compiled into the core utils and the kernel but leaving it turned off has 0 negative effect on the system.
If that just were true. I think we compiled SELinux into our kernel once or twice, just to remove it again. It caused random stuff to fail even though it was not enabled - at least this is what I remember (I'd have to look up the ML threads related to this).
On Thu, Apr 7, 2011 at 2:08 AM, Thomas Bächler <thomas@archlinux.org> wrote:
I like to hear that Tom! Unfortunately many people think that having SELinux compiled in means
Am 07.04.2011 04:36, schrieb Thomas S Hatch: that
it is running, having SELinux compiled into the core utils and the kernel but leaving it turned off has 0 negative effect on the system.
If that just were true. I think we compiled SELinux into our kernel once or twice, just to remove it again. It caused random stuff to fail even though it was not enabled - at least this is what I remember (I'd have to look up the ML threads related to this).
If you find those threads please forward them to me, because I will be enabling SELinux in my environment and will need to work out these issues, thanks Thomas!
Thomas S Hatch <thatch45@gmail.com> wrote:
On Wed, Apr 6, 2011 at 4:16 PM, Grigorios Bouzakis <grbzks@xsmail.com>wrote:
Thomas S Hatch wrote:
I am saving the "include SELINUX support in base for a latter date"
my understanding though is that the stated position of Arch was "no systemd"
s/was/is/g
That is also my understanding in regards to selinux. Although i am not familiar with "stated positions" about either.
PS. Ntp is fine application that will keep your clock synchronised. It seems to be 5 days off. :)
Yes the systemd topic keeps popping up, right now we don't know if certain upstream changes are going to force Arch into using systemd or not.
I dont think such a topic keeps popping up. In fact I dont remember reading a discussion between Arch developers about it, ever. I could probably go on ranting about stuff thats been shoved down users mouths the last years for months but its futile and a waste of time.
As for adding SELinux support in base but keeping it turned off by default, +1
Although this isnt a vote, mine was for no selinux at all, so its just 1. :)
On Wednesday, April 06, 2011 18:13:04 Grigorios Bouzakis wrote:
Thomas S Hatch <thatch45@gmail.com> wrote:
On Wed, Apr 6, 2011 at 4:16 PM, Grigorios Bouzakis <grbzks@xsmail.com>wrote:
Thomas S Hatch wrote:
I am saving the "include SELINUX support in base for a latter date"
my understanding though is that the stated position of Arch was "no systemd"
s/was/is/g
That is also my understanding in regards to selinux. Although i am not familiar with "stated positions" about either.
PS. Ntp is fine application that will keep your clock synchronised. It seems to be 5 days off. :)
Yes the systemd topic keeps popping up, right now we don't know if certain upstream changes are going to force Arch into using systemd or not.
I dont think such a topic keeps popping up. In fact I dont remember reading a discussion between Arch developers about it, ever. I could probably go on ranting about stuff thats been shoved down users mouths the last years for months but its futile and a waste of time.
It was a discussion that popped up here, a debate between users who felt replacing sysvinit was completely unneeded to those who seemed to want to use systemd for some useless, unneeded feature maybe less than 1% of Arch users were going to actually use.
As for adding SELinux support in base but keeping it turned off by default, +1
Although this isnt a vote, mine was for no selinux at all, so its just 1. :)
Selinux is another unneeded thing, but even worse is that it practically requires a doctorate in computer science to manipulate. Can't deny its security, though. +1 to leaving it out of Arch, not that anyone's asking Arch to.
Am Thu, 7 Apr 2011 11:08:39 -0500 schrieb Yaro Kasear <yaro@marupa.net>:
Selinux is another unneeded thing, but even worse is that it practically requires a doctorate in computer science to manipulate. Can't deny its security, though. +1 to leaving it out of Arch, not that anyone's asking Arch to.
For people who are really curious enough to deal with selinux, here you go: http://aur.archlinux.org/packages.php?O=0&K=selinux&do_Search=Suche I guess no need to add it to (base) particularly every software which shall run with SELinux needs to be compiled with SELinux support. So probably more unnecessary dependencies for most of the users who don't want SELinux, etc. People who need SELinux can easily install those packages from AUR. I had no concerns about including SELinux packages into [community]. Or there could be made a new [selinux] repository. But SELinux definitely doesn't belong into [core] and still less into (base). Heiko
On Thursday 07 April 2011 18:08:39 Yaro Kasear wrote:
Selinux is another unneeded thing, but even worse is that it practically requires a doctorate in computer science to manipulate. Can't deny its security, though. +1 to leaving it out of Arch, not that anyone's asking Arch to.
I don't see the harm in have proper SELinux support. It would make it easier to learn SELinux if one could have it officially supported and working well on everyone's Arch laptop. Plus added security is a good practice. Not sure why having official SELinux should stir some to vote against it when one can easily disable it. -- Divan Santana
Yaro Kasear wrote:
On Wednesday, April 06, 2011 18:13:04 Grigorios Bouzakis wrote:
Thomas S Hatch <thatch45@gmail.com> wrote:
Yes the systemd topic keeps popping up, right now we don't know if certain upstream changes are going to force Arch into using systemd
or
not.
I dont think such a topic keeps popping up. In fact I dont remember reading a discussion between Arch developers about it, ever. I could probably go on ranting about stuff thats been shoved down users mouths the last years for months but its futile and a waste of time.
It was a discussion that popped up here, a debate between users who felt replacing sysvinit was completely unneeded to those who seemed to want to use systemd for some useless, unneeded feature maybe less than 1% of Arch users were going to actually use.
I guess you mean http://thread.gmane.org/gmane.linux.arch.general/32759 Didnt enjoy skimming through it much, except maybe this part: http://article.gmane.org/gmane.linux.arch.general/32874 And indeed, it was just user talk. The only developer who got even remotely interested in participating got flamed.
As for adding SELinux support in base but keeping it turned off by default, +1
Although this isnt a vote, mine was for no selinux at all, so its just 1. :)
Selinux is another unneeded thing, but even worse is that it practically requires a doctorate in computer science to manipulate. Can't deny its security, though. +1 to leaving it out of Arch, not that anyone's asking Arch to.
All these seem like the natural sideffects of Arch's growth along with the (d)evolution (as in degeneration) of Linux. ---- Greg
On Thu, Apr 7, 2011 at 12:51 PM, Grigorios Bouzakis <grbzks@xsmail.com>wrote:
Yaro Kasear wrote:
On Wednesday, April 06, 2011 18:13:04 Grigorios Bouzakis wrote:
Thomas S Hatch <thatch45@gmail.com> wrote:
Yes the systemd topic keeps popping up, right now we don't know if certain upstream changes are going to force Arch into using systemd
or
not.
I dont think such a topic keeps popping up. In fact I dont remember reading a discussion between Arch developers about it, ever. I could probably go on ranting about stuff thats been shoved down users mouths the last years for months but its futile and a waste of time.
It was a discussion that popped up here, a debate between users who felt replacing sysvinit was completely unneeded to those who seemed to want to use systemd for some useless, unneeded feature maybe less than 1% of Arch users were going to actually use.
I guess you mean http://thread.gmane.org/gmane.linux.arch.general/32759 Didnt enjoy skimming through it much, except maybe this part: http://article.gmane.org/gmane.linux.arch.general/32874 And indeed, it was just user talk. The only developer who got even remotely interested in participating got flamed.
As for adding SELinux support in base but keeping it turned off by default, +1
Although this isnt a vote, mine was for no selinux at all, so its just
:)
Selinux is another unneeded thing, but even worse is that it practically requires a doctorate in computer science to manipulate. Can't deny its security, though. +1 to leaving it out of Arch, not that anyone's asking Arch to.
All these seem like the natural sideffects of Arch's growth along with the (d)evolution (as in degeneration) of Linux.
---- Greg
Thanks for the link, I did not want to bring up SELinux yet, because I will not be getting to it for a few months, but this will help a great deal! -Thomas S Hatch
Thomas S Hatch wrote:
On Thu, Apr 7, 2011 at 12:51 PM, Grigorios Bouzakis <grbzks@xsmail.com>wrote:
I guess you mean http://thread.gmane.org/gmane.linux.arch.general/32759
Thanks for the link, I did not want to bring up SELinux yet, because I will not be getting to it for a few months, but this will help a great deal!
-Thomas S Hatch
Glad i could help :) ---- Greg
On Thu, 2011-04-07 at 22:31 +0300, Grigorios Bouzakis wrote:
Thomas S Hatch wrote:
On Thu, Apr 7, 2011 at 12:51 PM, Grigorios Bouzakis <grbzks@xsmail.com>wrote:
I guess you mean http://thread.gmane.org/gmane.linux.arch.general/32759
Thanks for the link, I did not want to bring up SELinux yet, because I will not be getting to it for a few months, but this will help a great deal!
-Thomas S Hatch
Glad i could help :)
---- Greg
SELinux would maybe bring extra security too archlinux, but what I don't see in this thread is how much harder / more bugs it would make for developers/TU's to package if you use SELinux. So in general what is the benefits / costs for SELinux? And on a side note, I don't like archlinux forcing users to use SELinux because users should have a choice to use any MAC software they want. That's why AppArmor /Tomoyo are nicer solutions cause they don't require recompiling of packages -> increasing bugs/problems. -- Jelle van der Waa
On Friday 08 April 2011 09:44:14 Jelle van der Waa wrote:
SELinux would maybe bring extra security too archlinux, but what I don't see in this thread is how much harder / more bugs it would make for developers/TU's to package if you use SELinux.
Good point.
So in general what is the benefits / costs for SELinux?
And on a side note, I don't like archlinux forcing users to use SELinux because users should have a choice to use any MAC software they want. That's why AppArmor /Tomoyo are nicer solutions cause they don't require recompiling of packages -> increasing bugs/problems.
Unfortunately no MAC software is officially supported in Arch Linux. I wouldn't mind using AppArmor /Tomoyo instead. -- Divan Santana
On Fri, Apr 8, 2011 at 3:44 AM, Jelle van der Waa <jelle@vdwaa.nl> wrote:
And on a side note, I don't like archlinux forcing users to use SELinux because users should have a choice to use any MAC software they want. That's why AppArmor /Tomoyo are nicer solutions cause they don't require recompiling of packages -> increasing bugs/problems.
If we compile our packages with SELinux support, does that force users to use SELinux? I was under the impression that these changes would be completely benign on non-SELinux enabled systems. --Kaiting. -- Kiwis and Limes: http://kaitocracy.blogspot.com/
On 08/04/11 20:43, Kaiting Chen wrote:
On Fri, Apr 8, 2011 at 3:44 AM, Jelle van der Waa<jelle@vdwaa.nl> wrote:
And on a side note, I don't like archlinux forcing users to use SELinux because users should have a choice to use any MAC software they want. That's why AppArmor /Tomoyo are nicer solutions cause they don't require recompiling of packages -> increasing bugs/problems.
If we compile our packages with SELinux support, does that force users to use SELinux? I was under the impression that these changes would be completely benign on non-SELinux enabled systems. --Kaiting.
If we compile with SELinux support then the developers need to support using SELinux. I certainly will not be supporting it with any of my packages (which includes ~1/4 of the [core] repo...) and I have not heard any other developer suggesting they will support it. In my opinion, SELinux would be better supported in a user provided repo. Work with the guy (whose name I can not remember...) who has done an awesome job getting this all done and into the AUR. Allan
On Fri, Apr 8, 2011 at 7:32 AM, Allan McRae <allan@archlinux.org> wrote:
In my opinion, SELinux would be better supported in a user provided repo. Work with the guy (whose name I can not remember...) who has done an awesome job getting this all done and into the AUR.
Okay I don't know a thing about SELinux but if anyone wants to maintain a repo I'd be happy to host it. And I don't believe this is the first time I've made this offer. --Kaiting. -- Kiwis and Limes: http://kaitocracy.blogspot.com/
Dne pátek 08 dubna 2011 12:43:51 Kaiting Chen napsal(a):
On Fri, Apr 8, 2011 at 3:44 AM, Jelle van der Waa <jelle@vdwaa.nl> wrote:
And on a side note, I don't like archlinux forcing users to use SELinux because users should have a choice to use any MAC software they want. That's why AppArmor /Tomoyo are nicer solutions cause they don't require recompiling of packages -> increasing bugs/problems.
If we compile our packages with SELinux support, does that force users to use SELinux? I was under the impression that these changes would be completely benign on non-SELinux enabled systems. --Kaiting.
AFAIK selinux-userspace libraries then have to be installed, but SELinux itself can be disabled in its main configuration file. BTW I maintain SELinux enabled "packages" in the AUR and for most of them just recompile is needed, for some though some patching has to be done. If I may add more to this SELinux related thread, I would like to aply for TU and bring SELinux packages to community in the summer, to make using SELinux easier. Nicky726 -- Don't it always seem to go That you don't know what you've got Till it's gone (Joni Mitchell)
Nicky726 wrote:
If I may add more to this SELinux related thread, I would like to aply for TU and bring SELinux packages to community in the summer, to make using SELinux easier.
I dont think thats gonna work since you'll have to provide the same packages as in [core] built differently. See for example: http://article.gmane.org/gmane.linux.arch.tur.user/19324 ---- Greg
On 09/04/11 00:24, Grigorios Bouzakis wrote:
Nicky726 wrote:
If I may add more to this SELinux related thread, I would like to aply for TU and bring SELinux packages to community in the summer, to make using SELinux easier.
I dont think thats gonna work since you'll have to provide the same packages as in [core] built differently. See for example: http://article.gmane.org/gmane.linux.arch.tur.user/19324
Providing a set of packages that is configured/built for a different purpose is different that providing a package with a patch not supported upstream.
Allan McRae <allan@archlinux.org> wrote:
On 09/04/11 00:24, Grigorios Bouzakis wrote:
Nicky726 wrote:
If I may add more to this SELinux related thread, I would like to aply for TU and bring SELinux packages to community in the summer, to make using SELinux easier.
I dont think thats gonna work since you'll have to provide the same packages as in [core] built differently. See for example: http://article.gmane.org/gmane.linux.arch.tur.user/19324
Providing a set of packages that is configured/built for a different purpose is different that providing a package with a patch not supported upstream.
Nope, its exactly the same. The xcb cairo backend is part of the cairo source not a patch. Cairo can be configured to take advantage of it without messing with the xlib backend using the --enable-xcb & --disable-xlib_xcb same as pam for example needs the --enable-selinux in order to use selinux https://aur.archlinux.org/packages/selinux-pam/PKGBUILD ---- Greg
On 09/04/11 00:53, Grigorios Bouzakis wrote:
Allan McRae<allan@archlinux.org> wrote:
On 09/04/11 00:24, Grigorios Bouzakis wrote:
Nicky726 wrote:
If I may add more to this SELinux related thread, I would like to aply for TU and bring SELinux packages to community in the summer, to make using SELinux easier.
I dont think thats gonna work since you'll have to provide the same packages as in [core] built differently. See for example: http://article.gmane.org/gmane.linux.arch.tur.user/19324
Providing a set of packages that is configured/built for a different purpose is different that providing a package with a patch not supported upstream.
Nope, its exactly the same. The xcb cairo backend is part of the cairo source not a patch. Cairo can be configured to take advantage of it without messing with the xlib backend using the --enable-xcb& --disable-xlib_xcb same as pam for example needs the --enable-selinux in order to use selinux https://aur.archlinux.org/packages/selinux-pam/PKGBUILD
Hmm... I thought it was a a patch. Was it declared unstable/unsupported upstream then? There was something weird like that. Anyway, I still see nothing wrong with creating SELinux packages and having them available in [community], although I would like to see a separate repo at least for the start. Allan
On Fri, Apr 8, 2011 at 3:55 PM, Allan McRae <allan@archlinux.org> wrote:
On 09/04/11 00:53, Grigorios Bouzakis wrote:
Allan McRae<allan@archlinux.org> wrote:
On 09/04/11 00:24, Grigorios Bouzakis wrote:
Nicky726 wrote:
If I may add more to this SELinux related thread, I would like to aply for TU and bring SELinux packages to community in the summer, to make using SELinux easier.
I dont think thats gonna work since you'll have to provide the same packages as in [core] built differently. See for example: http://article.gmane.org/gmane.linux.arch.tur.user/19324
Providing a set of packages that is configured/built for a different purpose is different that providing a package with a patch not supported upstream.
Nope, its exactly the same. The xcb cairo backend is part of the cairo source not a patch. Cairo can be configured to take advantage of it without messing with the xlib backend using the --enable-xcb& --disable-xlib_xcb same as pam for example needs the --enable-selinux in order to use selinux https://aur.archlinux.org/packages/selinux-pam/PKGBUILD
Hmm... I thought it was a a patch. Was it declared unstable/unsupported upstream then? There was something weird like that.
Anyway, I still see nothing wrong with creating SELinux packages and having them available in [community], although I would like to see a separate repo at least for the start.
Allan
If thats the case, then I will look into working with Nicky726 (The maintainer of the SELinux packages in the AUR) and find a home for a third party SELinux repo. -Thomas S Hatch
On Sat, Apr 9, 2011 at 6:02 AM, Thomas S Hatch <thatch45@gmail.com> wrote:
On Fri, Apr 8, 2011 at 3:55 PM, Allan McRae <allan@archlinux.org> wrote:
Anyway, I still see nothing wrong with creating SELinux packages and having them available in [community], although I would like to see a separate repo at least for the start.
Allan
If thats the case, then I will look into working with Nicky726 (The maintainer of the SELinux packages in the AUR) and find a home for a third party SELinux repo.
-Thomas S Hatch
User comment, separate SELinux repo would be great. Primarily because Arch repo packages can remain as vanilla as possible =) (nope, not considering SELinux on my home laptop).
Dne So 9. dubna 2011 00:02:20 Thomas S Hatch napsal(a):
On Fri, Apr 8, 2011 at 3:55 PM, Allan McRae <allan@archlinux.org> wrote:
Hmm... I thought it was a a patch. Was it declared unstable/unsupported upstream then? There was something weird like that.
Anyway, I still see nothing wrong with creating SELinux packages and having them available in [community], although I would like to see a separate repo at least for the start.
Allan
If thats the case, then I will look into working with Nicky726 (The maintainer of the SELinux packages in the AUR) and find a home for a third party SELinux repo.
-Thomas S Hatch
OK, having the packages in binary form is imo better than in the AUR so I dont mind if it is in the [community] or in a separate repo that much. And of course I would be glad for any help from other Archers. Nicky -- Don't it always seem to go That you don't know what you've got Till it's gone (Joni Mitchell)
On Fri, Apr 8, 2011 at 8:17 AM, Nicky726 <Nicky726@gmail.com> wrote:
Dne pátek 08 dubna 2011 12:43:51 Kaiting Chen napsal(a):
On Fri, Apr 8, 2011 at 3:44 AM, Jelle van der Waa <jelle@vdwaa.nl> wrote:
And on a side note, I don't like archlinux forcing users to use SELinux because users should have a choice to use any MAC software they want. That's why AppArmor /Tomoyo are nicer solutions cause they don't require recompiling of packages -> increasing bugs/problems.
If we compile our packages with SELinux support, does that force users to use SELinux? I was under the impression that these changes would be completely benign on non-SELinux enabled systems. --Kaiting.
AFAIK selinux-userspace libraries then have to be installed, but SELinux itself can be disabled in its main configuration file.
BTW I maintain SELinux enabled "packages" in the AUR and for most of them just recompile is needed, for some though some patching has to be done.
If I may add more to this SELinux related thread, I would like to aply for TU and bring SELinux packages to community in the summer, to make using SELinux easier.
Nicky726
-- Don't it always seem to go That you don't know what you've got Till it's gone
(Joni Mitchell)
A lot of valid points have been made here :) Just to reiterate a few things. 1. Compiling in support for SELinux does not force a user to use it, it just makes it available 2. Adding SELinux enabled packages to community would be an excellent venue for enabling SELinux in a very benign way +1 3. Forcing core developers to maintain SELinux in their packages, as Allan has stated, would be problematic. 4. Adding the functionality to Community would allow us to flesh out SELinux problems and better gauge what problems would be involved in moving it to core, and how viable that process would be. Again, I don't want to sound like a madman on a soapbox screaming SELinux, and I had no intention to start this discussion when I mentioned this passively in the crazy cron thread :). But since it hit a nerve, I might as well comment :) -Thomas S Hatch
On Friday, April 08, 2011 05:43:51 Kaiting Chen wrote:
On Fri, Apr 8, 2011 at 3:44 AM, Jelle van der Waa <jelle@vdwaa.nl> wrote:
And on a side note, I don't like archlinux forcing users to use SELinux because users should have a choice to use any MAC software they want. That's why AppArmor /Tomoyo are nicer solutions cause they don't require recompiling of packages -> increasing bugs/problems.
If we compile our packages with SELinux support, does that force users to use SELinux? I was under the impression that these changes would be completely benign on non-SELinux enabled systems. --Kaiting.
No, SELinux-patched tools do not force one to use SELinux. But they can potentially have plenty of bugs introduced by the patches. And there's the fact that SELinux is not necessary and there's not point in putting it in the default Arch install just for the minority who'll actually use it. At most, it should be in [core]. At the very least, [community]. I definitely see no good reason to make it part of the base install, though.
On Fri, Apr 8, 2011 at 10:36 AM, Yaro Kasear <yaro@marupa.net> wrote:
On Friday, April 08, 2011 05:43:51 Kaiting Chen wrote:
On Fri, Apr 8, 2011 at 3:44 AM, Jelle van der Waa <jelle@vdwaa.nl> wrote:
And on a side note, I don't like archlinux forcing users to use SELinux because users should have a choice to use any MAC software they want. That's why AppArmor /Tomoyo are nicer solutions cause they don't require recompiling of packages -> increasing bugs/problems.
If we compile our packages with SELinux support, does that force users to use SELinux? I was under the impression that these changes would be completely benign on non-SELinux enabled systems. --Kaiting.
No, SELinux-patched tools do not force one to use SELinux. But they can potentially have plenty of bugs introduced by the patches. And there's the fact that SELinux is not necessary and there's not point in putting it in the default Arch install just for the minority who'll actually use it. At most, it should be in [core]. At the very least, [community]. I definitely see no good reason to make it part of the base install, though.
Yaro makes many good points, I think that my recommendation would be to allow someone to maintain support for SELinux in community. If SELinux support is deemed something that would be a good idea to move to core in the future than do so, otherwise leave it in community.
Am Fri, 8 Apr 2011 10:55:16 -0600 schrieb Thomas S Hatch <thatch45@gmail.com>:
Yaro makes many good points, I think that my recommendation would be to allow someone to maintain support for SELinux in community. If SELinux support is deemed something that would be a good idea to move to core in the future than do so, otherwise leave it in community.
I'd prefer a separate [selinux] repo. So that people know what they are doing. I know, packages with SELinux support could and should be named something like selinux-XXX or XXX-selinux, but I think a new repo would be better and more secure - not only from SELinux' view. This way SELinux users can just add [selinux] to pacman.conf above [core]. For the other users it should be deactivated by default. Heiko
On Fri, Apr 8, 2011 at 3:29 PM, Heiko Baums <lists@baums-on-web.de> wrote:
I'd prefer a separate [selinux] repo. So that people know what they are doing.
+1 from a users perspective, the changes in a machine's setup from non-SE to SE are non-trivial to the point that a separate repo would make things much easier and less cluttered/possibly confusing, not to mention reducing noise in results while looking for packages. I don't know how huge of a frustration that would be for package maintainers.
On Fri, 2011-04-08 at 16:08 -0400, Jeremiah Dodds wrote:
On Fri, Apr 8, 2011 at 3:29 PM, Heiko Baums <lists@baums-on-web.de> wrote:
I'd prefer a separate [selinux] repo. So that people know what they are doing.
+1 from a users perspective, the changes in a machine's setup from non-SE to SE are non-trivial to the point that a separate repo would make things much easier and less cluttered/possibly confusing, not to mention reducing noise in results while looking for packages.
I don't know how huge of a frustration that would be for package maintainers.
It's far *more* important to find a dev who is willing to introduce SELinux into archlinux. So for the time being you can create your own 3rd party repo and rebuild [core] with SELinux support. -- Jelle van der Waa
On Friday, April 08, 2011 14:29:34 Heiko Baums wrote:
Am Fri, 8 Apr 2011 10:55:16 -0600
schrieb Thomas S Hatch <thatch45@gmail.com>:
Yaro makes many good points, I think that my recommendation would be to allow someone to maintain support for SELinux in community. If SELinux support is deemed something that would be a good idea to move to core in the future than do so, otherwise leave it in community.
I'd prefer a separate [selinux] repo. So that people know what they are doing.
I know, packages with SELinux support could and should be named something like selinux-XXX or XXX-selinux, but I think a new repo would be better and more secure - not only from SELinux' view.
This way SELinux users can just add [selinux] to pacman.conf above [core]. For the other users it should be deactivated by default.
Heiko
Here's another question. Isn't it general packaging policy to not fully support packages that have unofficial upstream patches applied? Isn't SELinux "unofficial" to all the upstream?
On Sat, Apr 9, 2011 at 9:18 AM, Yaro Kasear <yaro@marupa.net> wrote:
On Friday, April 08, 2011 14:29:34 Heiko Baums wrote:
Am Fri, 8 Apr 2011 10:55:16 -0600
schrieb Thomas S Hatch <thatch45@gmail.com>:
Yaro makes many good points, I think that my recommendation would be to allow someone to maintain support for SELinux in community. If SELinux support is deemed something that would be a good idea to move to core in the future than do so, otherwise leave it in community.
I'd prefer a separate [selinux] repo. So that people know what they are doing.
I know, packages with SELinux support could and should be named something like selinux-XXX or XXX-selinux, but I think a new repo would be better and more secure - not only from SELinux' view.
This way SELinux users can just add [selinux] to pacman.conf above [core]. For the other users it should be deactivated by default.
Heiko
Here's another question. Isn't it general packaging policy to not fully support packages that have unofficial upstream patches applied? Isn't SELinux "unofficial" to all the upstream?
SELinux has been in the vanilla kernel for quite some time, say the 2.6.20 ish realm, and the majority of the core utils have had SELinux support built in for years. SELinux is official upstream. But I don't want to argue about this anymore :) I think that we have a solution, I will be putting up an SELinux third party repo for testing in the next month or two and then once we have an assurance that it is working well we look into moving SELinux support into community. This has been a great discussion, and I am excited to get some work done on improving SELinux support on Arch! -Thomas S Hatch
On Saturday, April 09, 2011 12:01:04 Thomas S Hatch wrote:
On Sat, Apr 9, 2011 at 9:18 AM, Yaro Kasear <yaro@marupa.net> wrote:
On Friday, April 08, 2011 14:29:34 Heiko Baums wrote:
Am Fri, 8 Apr 2011 10:55:16 -0600
schrieb Thomas S Hatch <thatch45@gmail.com>:
Yaro makes many good points, I think that my recommendation would
be
to allow someone to maintain support for SELinux in community. If SELinux support is deemed something that would be a good idea to
move
to core in the future than do so, otherwise leave it in community.
I'd prefer a separate [selinux] repo. So that people know what they are doing.
I know, packages with SELinux support could and should be named something like selinux-XXX or XXX-selinux, but I think a new repo would be better and more secure - not only from SELinux' view.
This way SELinux users can just add [selinux] to pacman.conf above [core]. For the other users it should be deactivated by default.
Heiko
Here's another question. Isn't it general packaging policy to not fully support packages that have unofficial upstream patches applied? Isn't SELinux "unofficial" to all the upstream?
SELinux has been in the vanilla kernel for quite some time, say the 2.6.20 ish realm, and the majority of the core utils have had SELinux support built in for years. SELinux is official upstream.
But I don't want to argue about this anymore :) I think that we have a solution, I will be putting up an SELinux third party repo for testing in the next month or two and then once we have an assurance that it is working well we look into moving SELinux support into community.
This has been a great discussion, and I am excited to get some work done on improving SELinux support on Arch!
-Thomas S Hatch
What about the SELinux patches for things other than the kernel? Are those "official" to upstream? This is not for an argument, now I'm just genuinely curious.
On Sat, Apr 9, 2011 at 11:49 AM, Yaro Kasear <yaro@marupa.net> wrote:
On Saturday, April 09, 2011 12:01:04 Thomas S Hatch wrote:
On Sat, Apr 9, 2011 at 9:18 AM, Yaro Kasear <yaro@marupa.net> wrote:
On Friday, April 08, 2011 14:29:34 Heiko Baums wrote:
Am Fri, 8 Apr 2011 10:55:16 -0600
schrieb Thomas S Hatch <thatch45@gmail.com>:
Yaro makes many good points, I think that my recommendation would
be
to allow someone to maintain support for SELinux in community. If SELinux support is deemed something that would be a good idea to
move
to core in the future than do so, otherwise leave it in community.
I'd prefer a separate [selinux] repo. So that people know what they are doing.
I know, packages with SELinux support could and should be named something like selinux-XXX or XXX-selinux, but I think a new repo would be better and more secure - not only from SELinux' view.
This way SELinux users can just add [selinux] to pacman.conf above [core]. For the other users it should be deactivated by default.
Heiko
Here's another question. Isn't it general packaging policy to not fully support packages that have unofficial upstream patches applied? Isn't SELinux "unofficial" to all the upstream?
SELinux has been in the vanilla kernel for quite some time, say the 2.6.20 ish realm, and the majority of the core utils have had SELinux support built in for years. SELinux is official upstream.
But I don't want to argue about this anymore :) I think that we have a solution, I will be putting up an SELinux third party repo for testing in the next month or two and then once we have an assurance that it is working well we look into moving SELinux support into community.
This has been a great discussion, and I am excited to get some work done on improving SELinux support on Arch!
-Thomas S Hatch
What about the SELinux patches for things other than the kernel? Are those "official" to upstream? This is not for an argument, now I'm just genuinely curious.
The vast majority are, but there are a few places where patches are needed, like in pam and ssh. So yes, there is a "half and half" going on. Basic SELinux support works without patches, but adding some of the more advanced features to some of the core applications require a few patches. -Thomas S Hatch
On Saturday, April 09, 2011 12:54:23 Thomas S Hatch wrote:
On Sat, Apr 9, 2011 at 11:49 AM, Yaro Kasear <yaro@marupa.net> wrote:
On Saturday, April 09, 2011 12:01:04 Thomas S Hatch wrote:
On Sat, Apr 9, 2011 at 9:18 AM, Yaro Kasear <yaro@marupa.net> wrote:
On Friday, April 08, 2011 14:29:34 Heiko Baums wrote:
Am Fri, 8 Apr 2011 10:55:16 -0600
schrieb Thomas S Hatch <thatch45@gmail.com>:
Yaro makes many good points, I think that my recommendation
would
be
to allow someone to maintain support for SELinux in community. If SELinux support is deemed something that would be a good idea to
move
to core in the future than do so, otherwise leave it in community.
I'd prefer a separate [selinux] repo. So that people know what they
are
doing.
I know, packages with SELinux support could and should be named something like selinux-XXX or XXX-selinux, but I think a new repo
would
be better and more secure - not only from SELinux' view.
This way SELinux users can just add [selinux] to pacman.conf above [core]. For the other users it should be deactivated by default.
Heiko
Here's another question. Isn't it general packaging policy to not fully support packages that have unofficial upstream patches applied? Isn't SELinux "unofficial" to all the upstream?
SELinux has been in the vanilla kernel for quite some time, say the
2.6.20
ish realm, and the majority of the core utils have had SELinux support built in for years. SELinux is official upstream.
But I don't want to argue about this anymore :) I think that we have a solution, I will be putting up an SELinux third party repo for testing in the next month or two and then once we have an assurance that it is
working
well we look into moving SELinux support into community.
This has been a great discussion, and I am excited to get some work done
on
improving SELinux support on Arch!
-Thomas S Hatch
What about the SELinux patches for things other than the kernel? Are those "official" to upstream? This is not for an argument, now I'm just genuinely curious.
The vast majority are, but there are a few places where patches are needed, like in pam and ssh.
So yes, there is a "half and half" going on. Basic SELinux support works without patches, but adding some of the more advanced features to some of the core applications require a few patches.
-Thomas S Hatch
Great! Well, I look forward to maybe testing out your repository. Maybe I'll actually get SELinux working.
On Sat, Apr 9, 2011 at 11:56 AM, Yaro Kasear <yaro@marupa.net> wrote:
On Sat, Apr 9, 2011 at 11:49 AM, Yaro Kasear <yaro@marupa.net> wrote:
On Saturday, April 09, 2011 12:01:04 Thomas S Hatch wrote:
On Sat, Apr 9, 2011 at 9:18 AM, Yaro Kasear <yaro@marupa.net> wrote:
On Friday, April 08, 2011 14:29:34 Heiko Baums wrote:
Am Fri, 8 Apr 2011 10:55:16 -0600
schrieb Thomas S Hatch <thatch45@gmail.com>: > Yaro makes many good points, I think that my recommendation
would
be
> to allow someone to maintain support for SELinux in community. If > SELinux support is deemed something that would be a good idea to
move
> to core in the future than do so, otherwise leave it in > community.
I'd prefer a separate [selinux] repo. So that people know what
On Saturday, April 09, 2011 12:54:23 Thomas S Hatch wrote: they
are
doing.
I know, packages with SELinux support could and should be
named
something like selinux-XXX or XXX-selinux, but I think a new repo
would
be better and more secure - not only from SELinux' view.
This way SELinux users can just add [selinux] to pacman.conf above [core]. For the other users it should be deactivated by default.
Heiko
Here's another question. Isn't it general packaging policy to not fully support packages that have unofficial upstream patches applied? Isn't SELinux "unofficial" to all the upstream?
SELinux has been in the vanilla kernel for quite some time, say the
2.6.20
ish realm, and the majority of the core utils have had SELinux support built in for years. SELinux is official upstream.
But I don't want to argue about this anymore :) I think that we have a solution, I will be putting up an SELinux third party repo for testing in the next month or two and then once we have an assurance that it is
working
well we look into moving SELinux support into community.
This has been a great discussion, and I am excited to get some work done
on
improving SELinux support on Arch!
-Thomas S Hatch
What about the SELinux patches for things other than the kernel? Are those "official" to upstream? This is not for an argument, now I'm just genuinely curious.
The vast majority are, but there are a few places where patches are needed, like in pam and ssh.
So yes, there is a "half and half" going on. Basic SELinux support works without patches, but adding some of the more advanced features to some of the core applications require a few patches.
-Thomas S Hatch
Great! Well, I look forward to maybe testing out your repository. Maybe I'll actually get SELinux working.
Thats good to hear! SELinux really is amazing stuff :)
So in general what is the benefits / costs for SELinux?
Benefits: Probably the most effective MAC for Linux. Once it runs it's arguably not too hard to allow/deny certain access due to some third party tools simplifying things a bit. You can't deny the NSA-grade security it brings which the U.S. military requires AT MINIMUM for critical infrastructure. Costs: Painfully overcomplicated. Painfully difficult to set up and configure. Requires well over half the core system to be patched to support it, potentially introducing bugs. There was a mondo security vulnerability a few years back that could actually use SELinux to grant unrestricted access to the system. Only a few filesystems actually have support for its attributes. Even its policies have to be recompiled if they have to change. Way too much can easily go wrong during set up without you having even the slightest clue how to figure out exactly what DID, turning "repairs" for SELinux into an almost weekend-long Google crawl. Benefits from a base Arch perspective: I can't honestly see how this would benefit Arch from putting it in the base group. Costs from a base Arch perspective: Big one being that it's entirely unnecessary, and base is meant to have ONLY what's needed to have a more or less FUNCTIONAL Linux system. Being secure is not a requirement of being functional. Other cost being that it would introduce an entirely new layer of configuration we don't need at install time, and would also guarantee that Arch would only be able to "officially" support the few filesystems that actually support SELinux's labelling. To sum up, it's GREAT when you actually NEED the security benefits it can bring, otherwise, it's better to seek out AppArmor (Which I believe is actually defunct.) or Tomoyo (Which I can never find any information on.), or just leave MAC off altogether if you're not doing anything altogether mission or security critical. Home desktop users would probably be better off ignoring MAC.
Yaro Kasear (2011-04-08 11:32):
So in general what is the benefits / costs for SELinux?
Benefits: Probably the most effective MAC for Linux. Once it runs it's arguably not too hard to allow/deny certain access due to some third party tools simplifying things a bit. You can't deny the NSA-grade security it brings which the U.S. military requires AT MINIMUM for critical infrastructure.
Costs: Painfully overcomplicated. Painfully difficult to set up and configure. Requires well over half the core system to be patched to support it, potentially introducing bugs. There was a mondo security vulnerability a few years back that could actually use SELinux to grant unrestricted access to the system. Only a few filesystems actually have support for its attributes. Even its policies have to be recompiled if they have to change. Way too much can easily go wrong during set up without you having even the slightest clue how to figure out exactly what DID, turning "repairs" for SELinux into an almost weekend-long Google crawl.
Benefits from a base Arch perspective: I can't honestly see how this would benefit Arch from putting it in the base group.
Costs from a base Arch perspective: Big one being that it's entirely unnecessary, and base is meant to have ONLY what's needed to have a more or less FUNCTIONAL Linux system. Being secure is not a requirement of being functional. Other cost being that it would introduce an entirely new layer of configuration we don't need at install time, and would also guarantee that Arch would only be able to "officially" support the few filesystems that actually support SELinux's labelling.
To sum up, it's GREAT when you actually NEED the security benefits it can bring, otherwise, it's better to seek out AppArmor (Which I believe is actually defunct.) or Tomoyo (Which I can never find any information on.), or just leave MAC off altogether if you're not doing anything altogether mission or security critical. Home desktop users would probably be better off ignoring MAC.
An interesting read, thanks. -- -- Rogutės Sparnuotos
On Thursday 07 April 2011 00:25:42 Thomas S Hatch wrote:
As for adding SELinux support in base but keeping it turned off by default, +1
+1 -- Divan Santana
On Thursday 07 April 2011 00:25:42 Thomas S Hatch wrote:
As for adding SELinux support in base but keeping it turned off by default, +1
+1 -- Divan Santana
Am Wed, 6 Apr 2011 15:54:00 -0600 schrieb Thomas S Hatch <thatch45@gmail.com>:
Unfortunately this particular issue is not like the good ol' syslog-ng vs rsyslog debate, this one is about the present default having bugs that upstream is not fixing.
No, this issue is worse than the syslog-ng vs. rsyslog debate as it indeed appears almost every month as Sander already said. It's a lot more trivial than syslog-ng vs. rsyslog. And this cron discussion is always the same, always the same people with always the same arguments and most of the people vote for fcron. So there needs to be made a decision by the devs, so that this discussion finally can stop. Maybe there could be a voting period - maybe in the forums - or just on this mailing list or wherever, so that every user can vote for the preferred default cron daemon. Heiko
On 04/06/2011 04:43 PM, Sander Jansen wrote:
This seems to be a monthly recurring discussion. How about not providing any default, just put all the different cron(s) in extra? I think eventually systemd will provide a cron-like service :)
Cheers,
Sander
Oh no, every distro needs a default cron -- matters not what it is called, it is fundamental to many server packages that require some type of cron functionality. It seems that keeping a default cron makes sense. To me, I don't need any of the advanced features, but I do need something to sweep for new addresses, faxes, etc.. From a user standpoint (not that Arch is an entry level distro by any stretch), but nevertheless, the new user working with Arch will be far better served by having a basic cron in place rather than not having one and experiencing dependency questions later in the install and be left scratching his head. Upstream stability makes sense. If redhat is behind cronie, then that seems like the logical choice. Otherwise, we are bound to repeat this discussion 12 months from now when fcron or dcron has problems that are not being fixed. -- David C. Rankin, J.D.,P.E.
Am Wed, 06 Apr 2011 22:24:45 -0500 schrieb "David C. Rankin" <drankinatty@suddenlinkmail.com>:
Upstream stability makes sense. If redhat is behind cronie, then that seems like the logical choice.
Why is this logical? Is it the developer what makes a software good or is it the features and the stability? If Redhat's cronie has less features than fcron then fcron is the logical choice, of course.
Otherwise, we are bound to repeat this discussion 12 months from now when fcron or dcron has problems that are not being fixed.
dcron has a lot of issues, while fcron works since years. There's no need to wait again 12 months. This discussion already takes more than a year. Heiko
On 04/06/2011 10:34 PM, Heiko Baums wrote:
Upstream stability makes sense. If redhat is behind cronie, then that
seems like the logical choice. Why is this logical? Is it the developer what makes a software good or is it the features and the stability? If Redhat's cronie has less features than fcron then fcron is the logical choice, of course.
Heiko, You are correct. The long term stability was just my thought. Like I said earlier in my message -- It doesn't matter to me which cron we have -- as long as we have one that works :) I have no say in the matter, so I will, of course, defer to whatever decision you guys reach. I just want to make sure we have a cron by default :) -- David C. Rankin, J.D.,P.E.
On Fri, Apr 8, 2011 at 11:32 AM, David C. Rankin < drankinatty@suddenlinkmail.com> wrote:
On 04/06/2011 10:34 PM, Heiko Baums wrote:
Upstream stability makes sense. If redhat is behind cronie, then that
seems like the logical choice.
Why is this logical? Is it the developer what makes a software good or is it the features and the stability? If Redhat's cronie has less features than fcron then fcron is the logical choice, of course.
You are correct. The long term stability was just my thought. Like I said earlier in my message -- It doesn't matter to me which cron we have -- as long as we have one that works :) I have no say in the matter, so I will, of course, defer to whatever decision you guys reach. I just want to make sure we have a cron by default :)
So what's the status here? I pulled cronie into [community-testing] a couple of days ago and will probably merge it into [community] soon. So that's the one I vote. But regardless of which one we choose in my opinion the sooner we get rid of dcron the better. --Kaiting. -- Kiwis and Limes: http://kaitocracy.blogspot.com/
On 21.04.2011 08:32, Kaiting Chen wrote:
On Fri, Apr 8, 2011 at 11:32 AM, David C. Rankin < drankinatty@suddenlinkmail.com> wrote:
On 04/06/2011 10:34 PM, Heiko Baums wrote:
Upstream stability makes sense. If redhat is behind cronie, then that
seems like the logical choice. Why is this logical? Is it the developer what makes a software good or is it the features and the stability? If Redhat's cronie has less features than fcron then fcron is the logical choice, of course.
You are correct. The long term stability was just my thought. Like I said earlier in my message -- It doesn't matter to me which cron we have -- as long as we have one that works :) I have no say in the matter, so I will, of course, defer to whatever decision you guys reach. I just want to make sure we have a cron by default :)
So what's the status here? I pulled cronie into [community-testing] a couple of days ago and will probably merge it into [community] soon. So that's the one I vote.
But regardless of which one we choose in my opinion the sooner we get rid of dcron the better. --Kaiting.
I second this suggestion. cronie upstream isn't dead at all. cronie is a drop-in unlike fcron which was favored earlier. Kaiting said he would even be willing to become a developer to maintain this in [core] himself in case no other developer was interested. Is there anything that would keep us from making it default and also replace dcron? -- Sven-Hendrik
Am Thu, 21 Apr 2011 08:48:04 +0200 schrieb Sven-Hendrik Haase <sh@lutzhaase.com>:
I second this suggestion. cronie upstream isn't dead at all. cronie is a drop-in unlike fcron which was favored earlier.
Is it such a drop-in like the new dcron when dcron upstream was adopted by this Arch user? Better look at the features and the use cases (don't only think of some 24/7 servers, but also think of the desktop users) and not at some small differences in the crontab syntax. It's definitely not such a big work to re-adjust a few crontab entries if this is necessary at all. And this work has to be done only once and can probably be done with sed. And cronie still has only 4 votes in AUR after one year! Why? Could have a reason as packages which are useful and/or necessary for several people are usually getting a lot more votes in much less time. I can be wrong, but I really have the feeling that switching the default cron daemon to cronie will be a big mistake. And wasn't there someone who wanted to test both daemons and write a feature comparison? Nothing heard about it anymore. Heiko
Am Thu, 21 Apr 2011 13:18:33 +0200 schrieb Heiko Baums <lists@baums-on-web.de>:
I can be wrong, but I really have the feeling that switching the default cron daemon to cronie will be a big mistake.
And, btw., what's about the licenses? fcron is GPL, cronie has a custom license called ISC. I don't know this ISC but this should be checked before. Heiko
On Thu, 21 Apr 2011 13:27:07 +0200, Heiko Baums wrote:
Am Thu, 21 Apr 2011 13:18:33 +0200 schrieb Heiko Baums <lists@baums-on-web.de>: And, btw., what's about the licenses? fcron is GPL, cronie has a custom license called ISC. I don't know this ISC but this should be checked before.
http://en.wikipedia.org/wiki/ISC_license I don't think these 3 lines need much checking. -- The best thing about a boolean is even if you are wrong, you are only off by a bit.
On 04/21/2011 02:18 PM, Heiko Baums wrote:
Am Thu, 21 Apr 2011 08:48:04 +0200 schrieb Sven-Hendrik Haase<sh@lutzhaase.com>:
I second this suggestion. cronie upstream isn't dead at all. cronie is a drop-in unlike fcron which was favored earlier.
Is it such a drop-in like the new dcron when dcron upstream was adopted by this Arch user?
Better look at the features and the use cases (don't only think of some 24/7 servers, but also think of the desktop users) and not at some small differences in the crontab syntax. It's definitely not such a big work to re-adjust a few crontab entries if this is necessary at all. And this work has to be done only once and can probably be done with sed.
i think you are not understanding the process. if cronie is moved in core, it won't have a replaces=dcron. Only new installations will get cronie by default instead of dcron. -- Ionuț
On Thu, Apr 21, 2011 at 2:33 PM, Ionut Biru <ibiru@archlinux.org> wrote:
On 04/21/2011 02:18 PM, Heiko Baums wrote:
Am Thu, 21 Apr 2011 08:48:04 +0200 schrieb Sven-Hendrik Haase<sh@lutzhaase.com>:
I second this suggestion. cronie upstream isn't dead at all. cronie is a drop-in unlike fcron which was favored earlier.
Is it such a drop-in like the new dcron when dcron upstream was adopted by this Arch user?
Better look at the features and the use cases (don't only think of some 24/7 servers, but also think of the desktop users) and not at some small differences in the crontab syntax. It's definitely not such a big work to re-adjust a few crontab entries if this is necessary at all. And this work has to be done only once and can probably be done with sed.
i think you are not understanding the process.
if cronie is moved in core, it won't have a replaces=dcron. Only new installations will get cronie by default instead of dcron.
personally i can't stand crons at all; IME they are usually used for hack job workarounds to other problems, and i avoid them at all costs, preferring boundary triggers or other event-based activation points. crons tend to end up forgotten and separated from other application logic. while i totally agree that a new one is needed if the current one has such fundamental problems, i'm with the guy that says systemd will obsolete it anyways. as far as i'm concerned, `cron` and `init` are the same program, differing only by _when_ they run stuff. the power and flexibility of systemd and it's configuration provide for unprecedented precision and control over your timed executions. let's make a smarter Arch ... init/cron are not smart. just the other day i had to tweak a debian sqeeze system (which uses upstart btw) and the LSB scripts + half-baked dependency system was rather painful IMO, and it made me appreciate the systemd readability even more ... Arch may end up being the only distro that cares about sysvinit :-( not trying to derail the conversation, i just think it's relevant ... when i: # tree /etc/systemd i get a nice neat view of what my system will do at boot time, or any other time. i haven't had a chance to try it yet, but i believe each user could potentially have their own ~/unit directory, and systemd could run stuff from there too. C Anthony
On Thu, Apr 21, 2011 at 9:33 PM, Ionut Biru <ibiru@archlinux.org> wrote:
Only new installations will get cronie by default instead of dcron.
+1 from me for replacing dcron like this, but with fcron, not cronie.
Ionut Biru wrote:
On 04/21/2011 02:18 PM, Heiko Baums wrote:
Am Thu, 21 Apr 2011 08:48:04 +0200 schrieb Sven-Hendrik Haase<sh@lutzhaase.com>:
I second this suggestion. cronie upstream isn't dead at all. cronie is a drop-in unlike fcron which was favored earlier.
Is it such a drop-in like the new dcron when dcron upstream was adopted by this Arch user?
Better look at the features and the use cases (don't only think of some 24/7 servers, but also think of the desktop users) and not at some small differences in the crontab syntax. It's definitely not such a big work to re-adjust a few crontab entries if this is necessary at all. And this work has to be done only once and can probably be done with sed.
i think you are not understanding the process.
if cronie is moved in core, it won't have a replaces=dcron. Only new installations will get cronie by default instead of dcron.
How is that possible? Are you saying that the broken dcron will stay in core and there will two packages for cron? Otherwise i dont understand how it wont be replaced (for all users). ---- Greg
On 04/22/2011 12:11 AM, Grigorios Bouzakis wrote:
Ionut Biru wrote:
On 04/21/2011 02:18 PM, Heiko Baums wrote:
Am Thu, 21 Apr 2011 08:48:04 +0200 schrieb Sven-Hendrik Haase<sh@lutzhaase.com>:
I second this suggestion. cronie upstream isn't dead at all. cronie is a drop-in unlike fcron which was favored earlier.
Is it such a drop-in like the new dcron when dcron upstream was adopted by this Arch user?
Better look at the features and the use cases (don't only think of some 24/7 servers, but also think of the desktop users) and not at some small differences in the crontab syntax. It's definitely not such a big work to re-adjust a few crontab entries if this is necessary at all. And this work has to be done only once and can probably be done with sed.
i think you are not understanding the process.
if cronie is moved in core, it won't have a replaces=dcron. Only new installations will get cronie by default instead of dcron.
How is that possible? Are you saying that the broken dcron will stay in core and there will two packages for cron? Otherwise i dont understand how it wont be replaced (for all users).
if this will happen, the steps are very simple 1) remove dcron from core 2) add cronie/fcron to core in base group and depending on the package, it might have conflicts=dcron but not replaces this way the existent systems will still have a "working" cron and new installations will have the new cron -- Ionuț
Ionut Biru wrote:
On 04/22/2011 12:11 AM, Grigorios Bouzakis wrote:
Ionut Biru wrote:
On 04/21/2011 02:18 PM, Heiko Baums wrote:
Am Thu, 21 Apr 2011 08:48:04 +0200 schrieb Sven-Hendrik Haase<sh@lutzhaase.com>:
I second this suggestion. cronie upstream isn't dead at all. cronie is a drop-in unlike fcron which was favored earlier.
Is it such a drop-in like the new dcron when dcron upstream was adopted by this Arch user?
Better look at the features and the use cases (don't only think of some 24/7 servers, but also think of the desktop users) and not at some small differences in the crontab syntax. It's definitely not such a big work to re-adjust a few crontab entries if this is necessary at all. And this work has to be done only once and can probably be done with sed.
i think you are not understanding the process.
if cronie is moved in core, it won't have a replaces=dcron. Only new installations will get cronie by default instead of dcron.
How is that possible? Are you saying that the broken dcron will stay in core and there will two packages for cron? Otherwise i dont understand how it wont be replaced (for all users).
if this will happen, the steps are very simple 1) remove dcron from core 2) add cronie/fcron to core in base group and depending on the package, it might have conflicts=dcron but not replaces
this way the existent systems will still have a "working" cron and new installations will have the new cron
Has that ever happened before? That means the existing systems will have a package from base thats not supported by the Arch developers. But since its not replaced, it would make it an infinite part of Arch so it should also be supported. Plus, the 2010.05 ISOs will still (try to) install it, but it wont be there, and there wont be an upgrade path either. Anyway, first time i've heard about such a plan. It makes absolutely no sense to me. I seriously doubt its gonna work. But good luck. ---- Greg
On Apr 21, 2011, at 17:30, Grigorios Bouzakis <grbzks@xsmail.com> wrote:
Ionut Biru wrote:
On 04/22/2011 12:11 AM, Grigorios Bouzakis wrote:
Ionut Biru wrote:
On 04/21/2011 02:18 PM, Heiko Baums wrote:
Am Thu, 21 Apr 2011 08:48:04 +0200 schrieb Sven-Hendrik Haase<sh@lutzhaase.com>:
I second this suggestion. cronie upstream isn't dead at all. cronie is a drop-in unlike fcron which was favored earlier.
Is it such a drop-in like the new dcron when dcron upstream was adopted by this Arch user?
Better look at the features and the use cases (don't only think of some 24/7 servers, but also think of the desktop users) and not at some small differences in the crontab syntax. It's definitely not such a big work to re-adjust a few crontab entries if this is necessary at all. And this work has to be done only once and can probably be done with sed.
i think you are not understanding the process.
if cronie is moved in core, it won't have a replaces=dcron. Only new installations will get cronie by default instead of dcron.
How is that possible? Are you saying that the broken dcron will stay in core and there will two packages for cron? Otherwise i dont understand how it wont be replaced (for all users).
if this will happen, the steps are very simple 1) remove dcron from core 2) add cronie/fcron to core in base group and depending on the package, it might have conflicts=dcron but not replaces
this way the existent systems will still have a "working" cron and new installations will have the new cron
Has that ever happened before? That means the existing systems will have a package from base thats not supported by the Arch developers. But since its not replaced, it would make it an infinite part of Arch so it should also be supported. Plus, the 2010.05 ISOs will still (try to) install it, but it wont be there, and there wont be an upgrade path either. Anyway, first time i've heard about such a plan. It makes absolutely no sense to me. I seriously doubt its gonna work. But good luck.
---- Greg
Things have got to be deprecated eventually. Why can't we keep dcron in [core] for a while longer? And remove it when any install media that requires it becomes unsupported? Kiwis and Limes: http://kaitocracy.blogspot.com/
Kaiting Chen wrote:
On Apr 21, 2011, at 17:30, Grigorios Bouzakis <grbzks@xsmail.com> wrote:
Ionut Biru wrote:
On 04/22/2011 12:11 AM, Grigorios Bouzakis wrote:
Ionut Biru wrote:
On 04/21/2011 02:18 PM, Heiko Baums wrote:
Am Thu, 21 Apr 2011 08:48:04 +0200 schrieb Sven-Hendrik Haase<sh@lutzhaase.com>:
> I second this suggestion. cronie upstream isn't dead at all. cronie > is a drop-in unlike fcron which was favored earlier.
Is it such a drop-in like the new dcron when dcron upstream was adopted by this Arch user?
Better look at the features and the use cases (don't only think of some 24/7 servers, but also think of the desktop users) and not at some small differences in the crontab syntax. It's definitely not such a big work to re-adjust a few crontab entries if this is necessary at all. And this work has to be done only once and can probably be done with sed.
i think you are not understanding the process.
if cronie is moved in core, it won't have a replaces=dcron. Only new installations will get cronie by default instead of dcron.
How is that possible? Are you saying that the broken dcron will stay in core and there will two packages for cron? Otherwise i dont understand how it wont be replaced (for all users).
if this will happen, the steps are very simple 1) remove dcron from core 2) add cronie/fcron to core in base group and depending on the package, it might have conflicts=dcron but not replaces
this way the existent systems will still have a "working" cron and new installations will have the new cron
Has that ever happened before? That means the existing systems will have a package from base thats not supported by the Arch developers. But since its not replaced, it would make it an infinite part of Arch so it should also be supported. Plus, the 2010.05 ISOs will still (try to) install it, but it wont be there, and there wont be an upgrade path either. Anyway, first time i've heard about such a plan. It makes absolutely no sense to me. I seriously doubt its gonna work. But good luck.
---- Greg
Things have got to be deprecated eventually.
If/when they cease to work, or simply don't cover people's needs, naturally.
Why can't we keep dcron in [core] for a while longer? And remove it when any install media that requires it becomes unsupported?
I didn't say you can't keep it in core. This discussion keeps coming up every few months because apparently dcron doesn't work correctly so the question should be "is there any reason to keep it?" and not the opposite. No matter how much time 'a while longer' is you'll always have to replace it with something that provides the same functionality in order to avoid the stuff i wrote above. Removing a package from the repos has happened many times before and will happen again but its very different removing eg. catalyst than removing a package from core, let alone base. A package from base is a package that you assume its present on every system. A package that part of base is obviously a very important part of the system. You can't just remove it or choose to ignore its there. Does dcron work? Yes? Then stick to it. No? Then replace it with something that works. PS. If cron is deprecated in favour of systemd which is so awesome, why is Red Hat paying someone to work on cronie? ---- Greg
On 22/04/11 00:30, Grigorios Bouzakis wrote:
Ionut Biru wrote:
if this will happen, the steps are very simple 1) remove dcron from core 2) add cronie/fcron to core in base group and depending on the package, it might have conflicts=dcron but not replaces
this way the existent systems will still have a "working" cron and new installations will have the new cron
Has that ever happened before? That means the existing systems will have a package from base thats not supported by the Arch developers.
The package will no longer be in the 'base' group, and most likely end up in the AUR. Therefore, it will not be a supported package, and the output of `pacman -Qm' will reflect that.
But since its not replaced, it would make it an infinite part of Arch so it should also be supported.
As I mention above, my understanding is that dcron will be moved to the AUR.
Plus, the 2010.05 ISOs will still (try to) install it, but it wont be there, and there wont be an upgrade path either.
In offline installations, the package will exist on the installation media. On netinstalls, the new cron daemon will get installed to the target system instead.
Anyway, first time i've heard about such a plan. It makes absolutely no sense to me. I seriously doubt its gonna work. But good luck.
Evangelos Foutras wrote:
On 22/04/11 00:30, Grigorios Bouzakis wrote:
Ionut Biru wrote:
if this will happen, the steps are very simple 1) remove dcron from core 2) add cronie/fcron to core in base group and depending on the package, it might have conflicts=dcron but not replaces
this way the existent systems will still have a "working" cron and new installations will have the new cron
Has that ever happened before? That means the existing systems will have a package from base thats not supported by the Arch developers.
The package will no longer be in the 'base' group, and most likely end up in the AUR. Therefore, it will not be a supported package, and the output of `pacman -Qm' will reflect that.
But since its not replaced, it would make it an infinite part of Arch so it should also be supported.
As I mention above, my understanding is that dcron will be moved to the AUR.
Plus, the 2010.05 ISOs will still (try to) install it, but it wont be there, and there wont be an upgrade path either.
In offline installations, the package will exist on the installation media. On netinstalls, the new cron daemon will get installed to the target system instead.
An unsupported package installed by the official installation media. Like i said it doesnt make sense to me. But you got a plan. So just go with it. And hopefully there'll never be another debate about cron around here in the future. ---- Greg
On 22/04/11 10:18, Grigorios Bouzakis wrote:
An unsupported package installed by the official installation media. Like i said it doesnt make sense to me. But you got a plan. So just go with it. And hopefully there'll never be another debate about cron around here in the future.
There is actually a plan? I though there was just a bunch of talk so far...
Am Thu, 21 Apr 2011 22:33:57 +0300 schrieb Ionut Biru <ibiru@archlinux.org>:
i think you are not understanding the process.
if cronie is moved in core, it won't have a replaces=dcron. Only new installations will get cronie by default instead of dcron.
I understand this exactly. But I still have the feeling that making cronie as the default cron daemon could be a mistake. I also know that the question is just about a default for new installations and not about having just only one cron in the repos. Nevertheless those features and use cases should be taken into consideration because Arch Linux is not only installed on 24/7 servers but also on desktops. So a default cron daemon should fit both needs and not only one. Heiko
On Thursday, April 21, 2011 01:48:04 Sven-Hendrik Haase wrote:
On 21.04.2011 08:32, Kaiting Chen wrote:
On Fri, Apr 8, 2011 at 11:32 AM, David C. Rankin <
drankinatty@suddenlinkmail.com> wrote:
On 04/06/2011 10:34 PM, Heiko Baums wrote:
Upstream stability makes sense. If redhat is behind cronie, then that
seems like the logical choice.
Why is this logical? Is it the developer what makes a software good or is it the features and the stability? If Redhat's cronie has less features than fcron then fcron is the logical choice, of course.
You are correct. The long term stability was just my thought. Like I said
earlier in my message -- It doesn't matter to me which cron we have -- as long as we have one that works :) I have no say in the matter, so I will, of course, defer to whatever decision you guys reach. I just want to make sure we have a cron by default :)
So what's the status here? I pulled cronie into [community-testing] a couple of days ago and will probably merge it into [community] soon. So that's the one I vote.
But regardless of which one we choose in my opinion the sooner we get rid of dcron the better. --Kaiting.
I second this suggestion. cronie upstream isn't dead at all. cronie is a drop-in unlike fcron which was favored earlier. Kaiting said he would even be willing to become a developer to maintain this in [core] himself in case no other developer was interested.
Is there anything that would keep us from making it default and also replace dcron?
-- Sven-Hendrik
I'm still trying to understand WHY we suddenly feel the need to replace dcron when its not even broken. Replacing packages with other packages purely because they're new is something Fedora and Ubuntu would do, I though Arch wasn't about arbitrarily replacing its defaults but using what was simple and what works. Can someone explain to me why we think we need a new crond?
On Thu, Apr 21, 2011 at 9:37 AM, Yaro Kasear <yaro@marupa.net> wrote:
On Thursday, April 21, 2011 01:48:04 Sven-Hendrik Haase wrote:
On 21.04.2011 08:32, Kaiting Chen wrote:
On Fri, Apr 8, 2011 at 11:32 AM, David C. Rankin <
drankinatty@suddenlinkmail.com> wrote:
On 04/06/2011 10:34 PM, Heiko Baums wrote:
Upstream stability makes sense. If redhat is behind cronie, then that
> seems like the logical choice.
Why is this logical? Is it the developer what makes a software good or is it the features and the stability? If Redhat's cronie has less features than fcron then fcron is the logical choice, of course.
You are correct. The long term stability was just my thought. Like I said
earlier in my message -- It doesn't matter to me which cron we have -- as long as we have one that works :) I have no say in the matter, so I will, of course, defer to whatever decision you guys reach. I just want to make sure we have a cron by default :)
So what's the status here? I pulled cronie into [community-testing] a couple of days ago and will probably merge it into [community] soon. So that's the one I vote.
But regardless of which one we choose in my opinion the sooner we get rid of dcron the better. --Kaiting.
I second this suggestion. cronie upstream isn't dead at all. cronie is a drop-in unlike fcron which was favored earlier. Kaiting said he would even be willing to become a developer to maintain this in [core] himself in case no other developer was interested.
Is there anything that would keep us from making it default and also replace dcron?
-- Sven-Hendrik
I'm still trying to understand WHY we suddenly feel the need to replace dcron when its not even broken. Replacing packages with other packages purely because they're new is something Fedora and Ubuntu would do, I though Arch wasn't about arbitrarily replacing its defaults but using what was simple and what works.
Can someone explain to me why we think we need a new crond?
The discussion is based on upstream not responding to bugs in dcron and the overall lack of upstream development/responsiveness.
Yaro Kasear wrote:
I'm still trying to understand WHY we suddenly feel the need to replace dcron when its not even broken. Replacing packages with other packages purely because they're new is something Fedora and Ubuntu would do, I though Arch wasn't about arbitrarily replacing its defaults but using what was simple and what works.
Can someone explain to me why we think we need a new crond?
Because of these: https://bugs.archlinux.org/index.php?string=dcron&project=1 Mostly https://bugs.archlinux.org/task/18681 ---- Greg
On Thu, 21 Apr 2011, Grigorios Bouzakis wrote:
Because of these: https://bugs.archlinux.org/index.php?string=dcron&project=1 Mostly https://bugs.archlinux.org/task/18681
The "run many times per day" bug hasn't bitten me since months ago. And I used to see it really often. Maybe it is fixed? Dimitris
Dimitrios Apostolou [2011.04.22 0126 +0300]:
On Thu, 21 Apr 2011, Grigorios Bouzakis wrote:
Because of these: https://bugs.archlinux.org/index.php?string=dcron&project=1 Mostly https://bugs.archlinux.org/task/18681
The "run many times per day" bug hasn't bitten me since months ago. And I used to see it really often. Maybe it is fixed?
Nope. Just saw it yesterday. N.
I'm still trying to understand WHY we suddenly feel the need to replace dcron when its not even broken.
Actually dcron is broken quite badly. Sometimes the cron job is run several times in a row, sometimes it's not run at all. The dcron developer said he will fix it soon, but it was about a year ago and still nothing. Lukas
Kaiting Chen wrote:
So what's the status here? I pulled cronie into [community-testing] a couple of days ago and will probably merge it into [community] soon. So that's the one I vote.
But regardless of which one we choose in my opinion the sooner we get rid of dcron the better. --Kaiting.
You forgot to remove it from the AUR though: https://aur.archlinux.org/packages.php?ID=37260 No matter which cron implemention replaces dcron that means that most likely dcron will be dropped to the AUR, so it would be nice having 2 implementions in binary form, despite the fact that cronie only has 4 votes. Has anyone actually tested it as a dcron replacement on Arch, now that its built with anacron support? ---- Greg
On Thu, Apr 21, 2011 at 02:32:42AM -0400, Kaiting Chen wrote:
On Fri, Apr 8, 2011 at 11:32 AM, David C. Rankin < drankinatty@suddenlinkmail.com> wrote:
On 04/06/2011 10:34 PM, Heiko Baums wrote:
Upstream stability makes sense. If redhat is behind cronie, then that
seems like the logical choice.
Why is this logical? Is it the developer what makes a software good or is it the features and the stability? If Redhat's cronie has less features than fcron then fcron is the logical choice, of course.
You are correct. The long term stability was just my thought. Like I said earlier in my message -- It doesn't matter to me which cron we have -- as long as we have one that works :) I have no say in the matter, so I will, of course, defer to whatever decision you guys reach. I just want to make sure we have a cron by default :)
So what's the status here? I pulled cronie into [community-testing] a couple of days ago and will probably merge it into [community] soon. So that's the one I vote.
But regardless of which one we choose in my opinion the sooner we get rid of dcron the better. --Kaiting.
I don't want to be pedantic, but what's the point of that? Moving arbitrary cron daemons that no one uses to [community] is nonsense (according to the TU guidelines, you shouldn't even have moved it without prior discussion and consensus on aur-general at all - but as I said before, I don't want to be pedantic here...) Adding yet another cron daemon to our repositories makes sense as soon as there's a clear decision to switch default daemons. Just moving low usage stuff to [community] because you're able to do so definitely doesn't...
On Thu 21 Apr 2011 10:46 +0200, Lukas Fleischer wrote:
On Thu, Apr 21, 2011 at 02:32:42AM -0400, Kaiting Chen wrote:
So what's the status here? I pulled cronie into [community-testing] a couple of days ago and will probably merge it into [community] soon. So that's the one I vote.
But regardless of which one we choose in my opinion the sooner we get rid of dcron the better. --Kaiting.
I don't want to be pedantic, but what's the point of that? Moving arbitrary cron daemons that no one uses to [community] is nonsense (according to the TU guidelines, you shouldn't even have moved it without prior discussion and consensus on aur-general at all - but as I said before, I don't want to be pedantic here...)
This is supposed to be a rule, not just a guideline. The rule doesn't exactly apply to [community-testing]. Perhaps it should? https://wiki.archlinux.org/index.php/AUR_Trusted_User_Guidelines#Rules_for_P...
On Wed, Apr 6, 2011 at 9:24 PM, David C. Rankin < drankinatty@suddenlinkmail.com> wrote:
On 04/06/2011 04:43 PM, Sander Jansen wrote:
This seems to be a monthly recurring discussion. How about not providing any default, just put all the different cron(s) in extra? I think eventually systemd will provide a cron-like service :)
Cheers,
Sander
Oh no, every distro needs a default cron -- matters not what it is called, it is fundamental to many server packages that require some type of cron functionality.
It seems that keeping a default cron makes sense. To me, I don't need any of the advanced features, but I do need something to sweep for new addresses, faxes, etc..
From a user standpoint (not that Arch is an entry level distro by any stretch), but nevertheless, the new user working with Arch will be far better served by having a basic cron in place rather than not having one and experiencing dependency questions later in the install and be left scratching his head.
Upstream stability makes sense. If redhat is behind cronie, then that seems like the logical choice. Otherwise, we are bound to repeat this discussion 12 months from now when fcron or dcron has problems that are not being fixed.
-- David C. Rankin, J.D.,P.E.
Thanks for your input David, I think that it is very clear that we need to consider replacing dcron with either fcron or cronie, and we should evaluate what we want to see in the default cron daemon. I don't think that a debate about "is fcron better than cronie" is in order, but rather an evaluation of what experience we want to present the everyday Arch user to. There is no question that both cron daemons are viable options, and that a user can change between them if they want. So the question I would pose, what type of cron system should be present on an Arch system by default? I would say that we should consider compatibility with vixie cron syntax - this is and has been the expected syntax for the default cron daemon for a LONG time and avoids hindering Arch Linux adoption. What other things do we think should be presented to Arch users by default? I think that this question will better assist us in making a decision about a cron daemon. I have no doubt that fcron and cronie are capable and feature rich cron daemons, but what gives the Arch users the best experience by default?
Am Wed, 6 Apr 2011 22:03:23 -0600 schrieb Thomas S Hatch <thatch45@gmail.com>:
I would say that we should consider compatibility with vixie cron syntax - this is and has been the expected syntax for the default cron daemon for a LONG time and avoids hindering Arch Linux adoption.
Why do you need vixie cron syntax? Can't you migrate once to a new syntax? Btw., most of fcron's syntax is the same as the syntax of every cron daemon. You can easily take your previous crontabs. You probably have only to do some changes which could most likely be done by sed. In first place you need stability, reliability and useful features. And this is given by fcron. And don't tell me anything about compatibility. I would consider this argument if fcron was a new cron daemon and if it was totally incompatible. Fcron is known since years and it's known to be stable and reliable, while cronie seems to be pretty new. There are absolutely no informations about cronie's features, no documentations, no feature comparisons to other cron daemons, etc. on upstream's website. And it's still in AUR and has only 3 votes there.
I spent quite some time as a trainer for Red Hat and taught classes on SELinux.
Is this why you want to push cronie so heavily? Heiko
On Thursday 07 of April 2011 12:32:50 Heiko Baums wrote:
Am Wed, 6 Apr 2011 22:03:23 -0600
I spent quite some time as a trainer for Red Hat and taught classes on SELinux.
Is this why you want to push cronie so heavily?
Heiko Sorry to sound rude, but Heiko, it's you who is pushing fcron so unhealthily heavily. I wouldn't have no opinion on the two crons but after reading the discussion I'd stick to cronie. Just my 2c. Cheers, mark --
Marek Otahal :o)
Am Thu, 7 Apr 2011 21:53:58 +0200 schrieb Marek Otahal <markotahal@gmail.com>:
Sorry to sound rude, but Heiko, it's you who is pushing fcron so unhealthily heavily. I wouldn't have no opinion on the two crons but after reading the discussion I'd stick to cronie. Just my 2c.
Well, on the one hand yes, on the other hand no. But let's try to get objective again. dcron: Known to be buggy. fcron: Known to work reliably since years, works for 24/7 servers as well as for home desktop computers, features are known and well documented on upstream's website. cronie: Quite new, not known well, if at all, and at least I can't find neither a feature list nor a documentation on upstream's website. Doesn't seem to work for home desktop computers, at least not as easy as fcron (separate crontab and anacrontab), from what I read in this thread and from the very few descriptions on upstream's website. A feature comparison between all the cron daemons, at least between fcron and cronie would be nice. That are my concerns. Again, it's just a question about the default cron daemon, not the one and only in the repos. I wouldn't care, btw., if cronie would go into the repos, too, even if it has only 3 votes in AUR, yet. On the other hand this issue could be solved in a different way without any further discussions. There's a need for installing one cron daemon, but no need for a default cron daemon. It's pretty the same issue as with the bootloaders. There's no default bootloader anymore and currently it doesn't make sense anymore to define one bootloader as the default, because they all have different features and it depends on the system configuration which bootloader is the best. In the development isos AIF asks the user to choose one of currently two bootloaders (grub and syslinux), more (grub2 and lilo) could or should be added. And this bootloader is automatically chosen by AIF in the package selection. The same could be made for the cron daemons. Put every cron daemon into [core] and let the user choose his preferred cron daemon during installation. But if this shouldn't be done, and if there shall be a default cron daemon it must be a daemon which fulfills every use case and not only the needs of servers which are running 24/7. Heiko
Am Thu, 7 Apr 2011 23:16:46 +0200 schrieb Heiko Baums <lists@baums-on-web.de>:
But let's try to get objective again.
Btw., generally it doesn't really matter that much which cron daemon is installed by AIF. Another cron daemon can easily be installed afterwards. A cron daemon is not such an important and sensible software as a bootloader. So the question about a default cron daemon is rather a question of user-friendliness. Heiko
On Thu, 7 Apr 2011 23:16:46 +0200 Heiko Baums <lists@baums-on-web.de> wrote:
On the other hand this issue could be solved in a different way without any further discussions. There's a need for installing one cron daemon, but no need for a default cron daemon. It's pretty the same issue as with the bootloaders. There's no default bootloader anymore and currently it doesn't make sense anymore to define one bootloader as the default, because they all have different features and it depends on the system configuration which bootloader is the best. In the development isos AIF asks the user to choose one of currently two bootloaders (grub and syslinux), more (grub2 and lilo) could or should be added. And this bootloader is automatically chosen by AIF in the package selection. The same could be made for the cron daemons. Put every cron daemon into [core] and let the user choose his preferred cron daemon during installation.
Can we do the same thing for cron daemons? Don't other packages contain crontab files, or something like that? I.e. is it possible to just swap crons and keep a (stock) Arch system working? If so, it *could* be possible to do what you suggest, but don't forget, Arch primary objective is simplicity, not choice. If there is a cron daemon that does what we need, we should just make it the default, period. Dieter
On Fri, Apr 8, 2011 at 3:33 AM, Dieter Plaetinck <dieter@plaetinck.be>wrote:
On the other hand this issue could be solved in a different way without any further discussions. There's a need for installing one cron daemon, but no need for a default cron daemon. It's pretty the same issue as with the bootloaders. There's no default bootloader anymore and currently it doesn't make sense anymore to define one bootloader as the default, because they all have different features and it depends on the system configuration which bootloader is the best. In the development isos AIF asks the user to choose one of currently two bootloaders (grub and syslinux), more (grub2 and lilo) could or should be added. And this bootloader is automatically chosen by AIF in the package selection. The same could be made for the cron daemons. Put every cron daemon into [core] and let the user choose his preferred cron daemon during installation.
Can we do the same thing for cron daemons? Don't other packages contain crontab files, or something like that? I.e. is it possible to just swap crons and keep a (stock) Arch system working? If so, it *could* be possible to do what you suggest, but don't forget, Arch primary objective is simplicity, not choice.
If there is a cron daemon that does what we need, we should just make it the default, period.
I think we're talking about what the default daemon should be, as in the one that comes installed with the system on a clean install. Crazy idea but what if Arch just didn't come with a cron? --Kaiting. -- Kiwis and Limes: http://kaitocracy.blogspot.com/
On Fri, 8 Apr 2011 06:45:29 -0400 Kaiting Chen <kaitocracy@gmail.com> wrote:
On Fri, Apr 8, 2011 at 3:33 AM, Dieter Plaetinck <dieter@plaetinck.be>wrote:
On the other hand this issue could be solved in a different way without any further discussions. There's a need for installing one cron daemon, but no need for a default cron daemon. It's pretty the same issue as with the bootloaders. There's no default bootloader anymore and currently it doesn't make sense anymore to define one bootloader as the default, because they all have different features and it depends on the system configuration which bootloader is the best. In the development isos AIF asks the user to choose one of currently two bootloaders (grub and syslinux), more (grub2 and lilo) could or should be added. And this bootloader is automatically chosen by AIF in the package selection. The same could be made for the cron daemons. Put every cron daemon into [core] and let the user choose his preferred cron daemon during installation.
Can we do the same thing for cron daemons? Don't other packages contain crontab files, or something like that? I.e. is it possible to just swap crons and keep a (stock) Arch system working? If so, it *could* be possible to do what you suggest, but don't forget, Arch primary objective is simplicity, not choice.
If there is a cron daemon that does what we need, we should just make it the default, period.
I think we're talking about what the default daemon should be, as in the one that comes installed with the system on a clean install.
Maybe you should actually read the text I quoted. Just a thought. Dieter
On Fri, Apr 8, 2011 at 6:46 AM, Dieter Plaetinck <dieter@plaetinck.be>wrote:
On Fri, 8 Apr 2011 06:45:29 -0400 Kaiting Chen <kaitocracy@gmail.com> wrote:
On Fri, Apr 8, 2011 at 3:33 AM, Dieter Plaetinck <dieter@plaetinck.be>wrote:
On the other hand this issue could be solved in a different way without any further discussions. There's a need for installing one cron daemon, but no need for a default cron daemon. It's pretty the same issue as with the bootloaders. There's no default bootloader anymore and currently it doesn't make sense anymore to define one bootloader as the default, because they all have different features and it depends on the system configuration which bootloader is the best. In the development isos AIF asks the user to choose one of currently two bootloaders (grub and syslinux), more (grub2 and lilo) could or should be added. And this bootloader is automatically chosen by AIF in the package selection. The same could be made for the cron daemons. Put every cron daemon into [core] and let the user choose his preferred cron daemon during installation.
Can we do the same thing for cron daemons? Don't other packages contain crontab files, or something like that? I.e. is it possible to just swap crons and keep a (stock) Arch system working? If so, it *could* be possible to do what you suggest, but don't forget, Arch primary objective is simplicity, not choice.
If there is a cron daemon that does what we need, we should just make it the default, period.
I think we're talking about what the default daemon should be, as in the one that comes installed with the system on a clean install.
Maybe you should actually read the text I quoted. Just a thought.
My mistake, sort of glanced over it too quickly. --Kaiting. -- Kiwis and Limes: http://kaitocracy.blogspot.com/
On Fri, Apr 8, 2011 at 1:33 AM, Dieter Plaetinck <dieter@plaetinck.be>wrote:
On Thu, 7 Apr 2011 23:16:46 +0200 Heiko Baums <lists@baums-on-web.de> wrote:
On the other hand this issue could be solved in a different way without any further discussions. There's a need for installing one cron daemon, but no need for a default cron daemon. It's pretty the same issue as with the bootloaders. There's no default bootloader anymore and currently it doesn't make sense anymore to define one bootloader as the default, because they all have different features and it depends on the system configuration which bootloader is the best. In the development isos AIF asks the user to choose one of currently two bootloaders (grub and syslinux), more (grub2 and lilo) could or should be added. And this bootloader is automatically chosen by AIF in the package selection. The same could be made for the cron daemons. Put every cron daemon into [core] and let the user choose his preferred cron daemon during installation.
Can we do the same thing for cron daemons? Don't other packages contain crontab files, or something like that? I.e. is it possible to just swap crons and keep a (stock) Arch system working? If so, it *could* be possible to do what you suggest, but don't forget, Arch primary objective is simplicity, not choice.
If there is a cron daemon that does what we need, we should just make it the default, period.
Dieter
Yes, If we start making the user pick all of these things in the installer than we end up with a bit of a can of worms, we would end up with making more installer level choices, like system logger, systemd and many other cumbersome questions that I don't think belong in the installer. My vote on this concept is simplicity. Just provide a default.
On 08/04/11 07:16, Heiko Baums wrote:
But let's try to get objective again.
No need. A new cron for [core] has to pass only one condition... :) 1) a developer is willing to maintain it. So far that seems to be Thomas and fcron. Anyway, I recall mention in our bug report of a patch being submitted upstream that fixed the dcron timing issue. Would this be "solved" - at least in the short term - if we got a copy of that patch and fixed dcron? Allan
On Fri, Apr 8, 2011 at 5:42 AM, Allan McRae <allan@archlinux.org> wrote:
On 08/04/11 07:16, Heiko Baums wrote:
But let's try to get objective again.
No need. A new cron for [core] has to pass only one condition... :)
1) a developer is willing to maintain it.
So far that seems to be Thomas and fcron.
Anyway, I recall mention in our bug report of a patch being submitted upstream that fixed the dcron timing issue. Would this be "solved" - at least in the short term - if we got a copy of that patch and fixed dcron?
Allan
My only concern with the continued use of dcron is the fact that this bug took well over a year to be fixed, and we don't know if it is fixed with the patch. As for finding a maintainer, I hope that would not be too difficult, cronie and fcron are not complex packages.
On Thu, Apr 7, 2011 at 6:32 AM, Heiko Baums <lists@baums-on-web.de> wrote:
Why do you need vixie cron syntax? Can't you migrate once to a new syntax? Btw., most of fcron's syntax is the same as the syntax of every cron daemon. You can easily take your previous crontabs. You probably have only to do some changes which could most likely be done by sed.
In first place you need stability, reliability and useful features. And this is given by fcron. And don't tell me anything about compatibility. I would consider this argument if fcron was a new cron daemon and if it was totally incompatible.
Fcron is known since years and it's known to be stable and reliable, while cronie seems to be pretty new. There are absolutely no informations about cronie's features, no documentations, no feature comparisons to other cron daemons, etc. on upstream's website. And it's still in AUR and has only 3 votes there.
The thing is that cronie is forked from vixie-cron which is much older than fcron. And I would venture to say that vixie-cron or some derivative is the default crond for the vast majority of distributions out there. --Kaiting. -- Kiwis and Limes: http://kaitocracy.blogspot.com/
On 08.04.2011 00:15, Kaiting Chen wrote:
On Thu, Apr 7, 2011 at 6:32 AM, Heiko Baums <lists@baums-on-web.de> wrote:
Why do you need vixie cron syntax? Can't you migrate once to a new syntax? Btw., most of fcron's syntax is the same as the syntax of every cron daemon. You can easily take your previous crontabs. You probably have only to do some changes which could most likely be done by sed.
In first place you need stability, reliability and useful features. And this is given by fcron. And don't tell me anything about compatibility. I would consider this argument if fcron was a new cron daemon and if it was totally incompatible.
Fcron is known since years and it's known to be stable and reliable, while cronie seems to be pretty new. There are absolutely no informations about cronie's features, no documentations, no feature comparisons to other cron daemons, etc. on upstream's website. And it's still in AUR and has only 3 votes there.
The thing is that cronie is forked from vixie-cron which is much older than fcron. And I would venture to say that vixie-cron or some derivative is the default crond for the vast majority of distributions out there. --Kaiting.
cronie also appears to be the nicest migration choice for users who are not used to fcron. It seems to support anachron features, cron.d, daily/weekly/etc, is able to actually keep time and works just like expected whereas fcron has fcrontab with a slightly different syntax. We could actually make cronie replace dcron. fcron would be nice but it is not a drop in like cronie. What do you say? If you agree, I shall make (or somebody who steps up) a plan to the replacement and that's that. -- Sven-Hendrik
cronie also appears to be the nicest migration choice for users who are not used to fcron. It seems to support anachron features, cron.d, daily/weekly/etc, is able to actually keep time and works just like expected whereas fcron has fcrontab with a slightly different syntax. We could actually make cronie replace dcron.
fcron would be nice but it is not a drop in like cronie. What do you say? If you agree, I shall make (or somebody who steps up) a plan to the replacement and that's that.
-- Sven-Hendrik
I agree with Sven, the more I look into it the more I think that cronie is the right way to go for a default cron daemon. With that said, the more I have learned about fcron the more I have liked it! +1
On Fri, 08 Apr 2011 00:34:42 +0200 Sven-Hendrik Haase wrote:
cronie also appears to be the nicest migration choice for users who are not used to fcron. It seems to support anachron features, cron.d, daily/weekly/etc, is able to actually keep time and works just like expected whereas fcron has fcrontab with a slightly different syntax. We could actually make cronie replace dcron.
I agree with this instead i'm a fcron user. But because it is say so much often, is there really anyone who have something in /etc/cron.d? See you, Attila
Kaiting Chen wrote:
The thing is that cronie is forked from vixie-cron which is much older than fcron. And I would venture to say that vixie-cron or some derivative is the default crond for the vast majority of distributions out there. --Kaiting.
Why do you have --disable-anacron in the build in the AUR? That probably makes it as useless as vixie-cron or the old dcron (3.x versions). Do you use a seperate anacron? Is there something wrong with cronie's anacron? ---- Greg
Am Wed, 6 Apr 2011 15:30:26 -0600 schrieb Thomas S Hatch <thatch45@gmail.com>:
dcron and fcron are not under active development,
fcron is under active development. It's just feature complete and therefore not developed anymore, but bugs are still fixed if they occur. So don't mix it up with a "dead" project. I guess dcron most likely can be assumed to be dead.
cronie is cronie is small - 0.20MB installed cronie is developed by Red Hat - it is not going anywhere and we have a guaranteed upgrade path
What does that mean? Look at the size and you can see that it can't be as feature rich as fcron.
As far as I can tell cronie has no deps beyond glibc and pam cronie has /etc/cron.d support cronie has configurable anacron support via an anacrontab config file
But you need a separate anacrontab. So it's the same as having installed a cron and a separate anacron. With fcron you just need one cron daemon which has anacron features integrated. This means you don't need to have a separate anacrontab. So you don't need to decide if a task needs to be run by cron or by anacron. You just can add every task into one single crontab resp. fcrontab and just put &bootrun at the beginning of the line as Thomas already explained. This means that this task is run at the desired time if the system is up and the cron is running, and if not then this task is automagically run as soon as fcron is started the next time and that very reliably. So this is much easier and much more flexible than a separate cron/anacron solution. That's why fcron is still the best. And neither /etc/cron.d support nor the fact that cronie is developed by Redhat is an argument in my opinion. /etc/cron.d can easily be moved to /etc/cron.{hourly,daily,weekly,monthly} or to fcrontab. So /etc/cron.d is not needed. So this is not an argument in my opinion. I guess this transition takes about 5 to 10 minutes maximum if at all.
cronie extends the original vixie cron package so the syntax, core feature set, etc are stable cronie implements advanced security hooks as well and can integrate with SELINUX (I am saving the "include SELINUX support in base for a latter date")
Well, is SELinux really a default? Does SELinux run on Arch at all? Is this really an argument regarding the decision which cron shall be the default. As said before, the question is not having removed every other cron from the repos. The question is about the default cron. Most people who are regularly discussing this topic here on the mailing list tend to fcron for a lot of good reasons. And the few people who really need /etc/cron.d or SELinux support - I'm not sure if fcron is not able to run with SELinux - can easily install another cron daemon. dcron was just kept as the default, because the formerly dead project was adopted by an Arch user who said, that he wants do keep developing it and to fixing the bugs. As already said the most important bug wasn't fixed in a year. And in the meantime it was nothing heard from this Arch user anymore. So it can be assumed dead in my opinion.
At the outset I think that cronie looks to be the most viable option, but merits further investigation.
I definitely still vote for fcron for reason which have been explained many times here on the list - not only by me. Alternatively it can be done as it is already done with the boot manager in AIF that every cron is listed in the package list so that the user can decide which one to install or AIF brings a separate dialog which asks the user which cron daemon to install with a small or a bit more detailed description of the daemons. Heiko
On Wed, Apr 6, 2011 at 4:29 PM, Heiko Baums <lists@baums-on-web.de> wrote:
Am Wed, 6 Apr 2011 15:30:26 -0600 schrieb Thomas S Hatch <thatch45@gmail.com>:
dcron and fcron are not under active development,
fcron is under active development. It's just feature complete and therefore not developed anymore, but bugs are still fixed if they occur. So don't mix it up with a "dead" project. I guess dcron most likely can be assumed to be dead.
cronie is cronie is small - 0.20MB installed cronie is developed by Red Hat - it is not going anywhere and we have a guaranteed upgrade path
What does that mean? Look at the size and you can see that it can't be as feature rich as fcron.
As far as I can tell cronie has no deps beyond glibc and pam cronie has /etc/cron.d support cronie has configurable anacron support via an anacrontab config file
But you need a separate anacrontab. So it's the same as having installed a cron and a separate anacron. With fcron you just need one cron daemon which has anacron features integrated. This means you don't need to have a separate anacrontab. So you don't need to decide if a task needs to be run by cron or by anacron. You just can add every task into one single crontab resp. fcrontab and just put &bootrun at the beginning of the line as Thomas already explained. This means that this task is run at the desired time if the system is up and the cron is running, and if not then this task is automagically run as soon as fcron is started the next time and that very reliably.
So this is much easier and much more flexible than a separate cron/anacron solution.
That's why fcron is still the best.
And neither /etc/cron.d support nor the fact that cronie is developed by Redhat is an argument in my opinion.
/etc/cron.d can easily be moved to /etc/cron.{hourly,daily,weekly,monthly} or to fcrontab. So /etc/cron.d is not needed. So this is not an argument in my opinion. I guess this transition takes about 5 to 10 minutes maximum if at all.
cronie extends the original vixie cron package so the syntax, core feature set, etc are stable cronie implements advanced security hooks as well and can integrate with SELINUX (I am saving the "include SELINUX support in base for a latter date")
Well, is SELinux really a default? Does SELinux run on Arch at all? Is this really an argument regarding the decision which cron shall be the default.
As said before, the question is not having removed every other cron from the repos. The question is about the default cron.
Most people who are regularly discussing this topic here on the mailing list tend to fcron for a lot of good reasons.
And the few people who really need /etc/cron.d or SELinux support - I'm not sure if fcron is not able to run with SELinux - can easily install another cron daemon.
dcron was just kept as the default, because the formerly dead project was adopted by an Arch user who said, that he wants do keep developing it and to fixing the bugs. As already said the most important bug wasn't fixed in a year. And in the meantime it was nothing heard from this Arch user anymore. So it can be assumed dead in my opinion.
At the outset I think that cronie looks to be the most viable option, but merits further investigation.
I definitely still vote for fcron for reason which have been explained many times here on the list - not only by me.
Alternatively it can be done as it is already done with the boot manager in AIF that every cron is listed in the package list so that the user can decide which one to install or AIF brings a separate dialog which asks the user which cron daemon to install with a small or a bit more detailed description of the daemons.
Heiko
All I said what that cronie merits investigation, and that there are good reasons to investigate. Also, the size of a package != feature set. The argument that Red Hat develops it is only a plus in that is ensures ongoing development of the project of provisions to migrate to something else in the future, just because Red Hat develops something is not alone a viable reason to use it over other things, but it is a topic for consideration when making a decision. All I want is a good decision to be made and have a crond that is not buggy. Therefore I think that it is foolish not to present the available options in an accurate light.
Am Wed, 6 Apr 2011 16:57:58 -0600 schrieb Thomas S Hatch <thatch45@gmail.com>:
All I want is a good decision to be made and have a crond that is not buggy. Therefore I think that it is foolish not to present the available options in an accurate light.
fcron is absolutely not buggy as far as I can tell. I'm using it since years now and it always did what it should do. I tried dcron when it was adopted by this Arch user, but switched back to fcron pretty soon, because dcron was indeed not reliable. cronie is no option for me because of the lack of integrated anacron features. But all those arguments including not having a buggy crond have been discussed many times before by a lot of users, TUs and devs. But then dcron's new developer said that he wanted to fix those bugs and so dcron was kept as the default. This was the only reason as far as I recall. I understand Sven-Hendriks e-mail just as a reminder of this fact and that dcron's upstream still hasn't fixed the issue. I don't think that Sven-Hendrik wanted to start a new discussion about that even if it started again nevertheless. Heiko
On Wed, Apr 6, 2011 at 5:06 PM, Heiko Baums <lists@baums-on-web.de> wrote:
Am Wed, 6 Apr 2011 16:57:58 -0600 schrieb Thomas S Hatch <thatch45@gmail.com>:
All I want is a good decision to be made and have a crond that is not buggy. Therefore I think that it is foolish not to present the available options in an accurate light.
fcron is absolutely not buggy as far as I can tell. I'm using it since years now and it always did what it should do. I tried dcron when it was adopted by this Arch user, but switched back to fcron pretty soon, because dcron was indeed not reliable.
cronie is no option for me because of the lack of integrated anacron features.
But all those arguments including not having a buggy crond have been discussed many times before by a lot of users, TUs and devs.
But then dcron's new developer said that he wanted to fix those bugs and so dcron was kept as the default. This was the only reason as far as I recall.
I understand Sven-Hendriks e-mail just as a reminder of this fact and that dcron's upstream still hasn't fixed the issue. I don't think that Sven-Hendrik wanted to start a new discussion about that even if it started again nevertheless.
Heiko
Look, I agree with you, fcron is not buggy, and I did not call fcron buggy. I called dcron buggy. cronie has anacron features and I think is a good option. fcron looks like a good option too, I just think they should both be considered, thats all I am saying.
On Wed, Apr 6, 2011 at 7:13 PM, Thomas S Hatch <thatch45@gmail.com> wrote:
cronie has anacron features and I think is a good option.
Unfortunately cronie isn't even in [community] yet. I've been trying to get it there for a while. Also, in what way is another crond + anacron inferior to fcron? --Kaiting. -- Kiwis and Limes: http://kaitocracy.blogspot.com/
On Wed, Apr 6, 2011 at 7:34 PM, Kaiting Chen <kaitocracy@gmail.com> wrote:
On Wed, Apr 6, 2011 at 7:13 PM, Thomas S Hatch <thatch45@gmail.com> wrote:
cronie has anacron features and I think is a good option.
Unfortunately cronie isn't even in [community] yet. I've been trying to get it there for a while. Also, in what way is another crond + anacron inferior to fcron? --Kaiting.
-- Kiwis and Limes: http://kaitocracy.blogspot.com/
Right, both are viable choices, btw I will be migrating my datacenters away from dcron in the near future and doing a series of tests on cronie and fcron, I will post my findings to the list.
On 06/04/11, Thomas S Hatch wrote: | Right, both are viable choices, btw I will be migrating my datacenters away | from dcron in the near future and doing a series of tests on cronie and | fcron, I will post my findings to the list. Here's one reason I stopped using fcron and went to cronie: | 2.2.12. How can I emulate a Vixie cron @reboot entry? | | You should use a line similar to the following one: | | @volatile,first(1) BIG-period /your/command | | This will run /your/command one minute after every reboot. Bizarre. -- Simon Perry (aka Pezz)
Am Thu, 7 Apr 2011 13:07:17 +1000 schrieb Simon Perry <arch@sanxion.net>:
On 06/04/11, Thomas S Hatch wrote:
| Right, both are viable choices, btw I will be migrating my datacenters away | from dcron in the near future and doing a series of tests on cronie and | fcron, I will post my findings to the list.
Here's one reason I stopped using fcron and went to cronie:
| 2.2.12. How can I emulate a Vixie cron @reboot entry? | | You should use a line similar to the following one: | | @volatile,first(1) BIG-period /your/command | | This will run /your/command one minute after every reboot.
Bizarre.
And this doesn't work in dcron, at least not as reliable as the equivalent &bootrun of fcron. And that's one point why fcron is much better than dcron. Are you sure that this is working in cronie? If yes, are you sure that this works in cronie as reliable as in fcron? Heiko
On 07/04/11, Heiko Baums wrote: | And this doesn't work in dcron, at least not as reliable as | the equivalent &bootrun of fcron. And that's one point why fcron is | much better than dcron. Are you sure that this is working in cronie? If | yes, are you sure that this works in cronie as reliable as in fcron? It's been a while, but from what I remember bootrun is not equivalent to @reboot. The only way to get @reboot behaviour was using that weird volatile method. @reboot works perfectly in cronie. -- Simon Perry (aka Pezz)
Am 07.04.2011 04:30, schrieb Thomas S Hatch:
Right, both are viable choices, btw I will be migrating my datacenters away from dcron in the near future and doing a series of tests on cronie and fcron, I will post my findings to the list.
I think that will be more valuable than any continuation of this discussion, and it would be very much appreciated. Right now, cronie looks like a better candidate, although I am still a fan of fcron.
On Thu, Apr 7, 2011 at 2:16 AM, Thomas Bächler <thomas@archlinux.org> wrote:
Am 07.04.2011 04:30, schrieb Thomas S Hatch:
Right, both are viable choices, btw I will be migrating my datacenters away from dcron in the near future and doing a series of tests on cronie and fcron, I will post my findings to the list.
I think that will be more valuable than any continuation of this discussion, and it would be very much appreciated.
Right now, cronie looks like a better candidate, although I am still a fan of fcron.
Thanks Thomas, as you know I am very busy, but I will post my findings when I am done. As always, I hope I can help Arch get better!
Am Wed, 6 Apr 2011 20:30:46 -0600 schrieb Thomas S Hatch <thatch45@gmail.com>:
Right, both are viable choices, btw I will be migrating my datacenters away from dcron in the near future and doing a series of tests on cronie and fcron, I will post my findings to the list.
Data center? So the systems are running 24/7? But you take into consideration that there are home users whose computers are not running 24/7 and that they also need to have their cron tasks run reliably? So I hope you test this, too. See &bootrun. Heiko
On Thu, 7 Apr 2011 00:29:36 +0200 Heiko Baums wrote:
cronie extends the original vixie cron package so the syntax, core feature set, etc are stable cronie implements advanced security hooks as well and can integrate with SELINUX (I am saving the "include SELINUX support in base for a latter date")
Well, is SELinux really a default? Does SELinux run on Arch at all? Is this really an argument regarding the decision which cron shall be the default.
Only for the stats, this is shown from the fcron configure: --with-selinux=yes|no Use (or not) SELinux (default: yes). Okay, now only the size and the "/etc/cron.d" support is on the list. :) See you, Attila
On Wednesday, April 06, 2011 15:27:27 Thomas Bächler wrote:
Am 05.04.2011 09:19, schrieb Thomas S Hatch:
I can think of three considerations for a cron daemon: 1 . Minimal - its a cron daemon, it does not need to be complex 2. Active development 3. Anacron functionality
As far as I can see this leaves us with fcron, dcron and cronie. Cronie probably has the highest assurance for upstream development because it is backed by redhat. But I think that having a cron daemon as default that has issues executing jobs on time and as they are defined is highly questionable.
Before the current maintainer took over dcron, we had that same discussion. Aaron even contacted the fcron maintainer (he posted the reply to arch-general or arch-dev-public, if anyone could find the link in the archives, please post it). The author responded that he considered fcron feature-complete, so didn't develop it anymore. However, he would fix bugs when they are reported, and I think there are no known bugs right now.
That said, fcron lacks /etc/cron.d/ functionality which was the most important argument against it. I personally don't need that and I like fcron a lot.
As for your conditions: 1) It is very small software, 1.2MB installed, and it has lots of features. It is by no means minimal though. 2) I commented on that above. 3) dcron has @daily, @hourly and so on. In fcron, you can use standard crontab entries and add &bootrun to the beginning of the line to repeat "missed" cronjobs.
I don't know cronie, so maybe you can elaborate more.
Losing /etc/cron.d support is a bit of a dealbreaker for me. I think that's a rather huge feature to leave out of a crond.
Am Tue, 05 Apr 2011 08:41:13 +0200 schrieb Sven-Hendrik Haase <sh@lutzhaase.com>:
We all know the situation with dcron (it can't keep time properly) and it still is broken. No fix (or any changes for that matter) have gone into its upstream git for over a year now. There have been multiple yeah-I'll-take-a-looks from various people as well as its upstream maintainer and no work was done.
I certainly don't want to offend anybody but I think it is time another crond was made quasi default by swapping it for dcron in base group. I know that users can do that themselves but the we shouldn't suggest packages we know are broken by putting them into the base group. Perhaps fcron is a fine choice.
Bug report for reference: https://bugs.archlinux.org/task/18681
I always voted for fcron in these discussions. It has cron and anacron features combined and can be used for every use case as far as I know. And it just works. In my opinion fcron is the best choice and making it the default cron daemon is long overdue. Heiko
On Tue, 05 Apr 2011 08:41:13 +0200 Sven-Hendrik Haase <sh@lutzhaase.com> wrote:
We all know the situation with dcron (it can't keep time properly) and it still is broken. No fix (or any changes for that matter) have gone into its upstream git for over a year now. There have been multiple yeah-I'll-take-a-looks from various people as well as its upstream maintainer and no work was done.
I certainly don't want to offend anybody but I think it is time another crond was made quasi default by swapping it for dcron in base group. I know that users can do that themselves but the we shouldn't suggest packages we know are broken by putting them into the base group. Perhaps fcron is a fine choice.
Bug report for reference: https://bugs.archlinux.org/task/18681
-- Sven-Hendrik
As I maintain fcron in [community]: I won't mind if it's decided to replace dcron as default. If I remember correctly, this is the third thread about a replacement because of this bug, so I'd welcome a clear "Yes, we decide to replace it with X." or a "No, now stop to annoy us.". Still I'm TU not Dev so that's a plain beg. However just as a notice: it's not a plain package replacement, as one other package has to be modified for this, if not there are currently some problems with fcron's build process if that's not done. fcron needs the user and group 'cron' which are later used at the system to exist already at build time, to create these in the chroots is currently not possible to do with devtools, because of missing PAM Authorization within the chroots. Long story short: If it's moved to [core] don't forget to provide a cron user and a cron group[1] with the filesystem package. Regards, Thorsten [1]https://wiki.archlinux.org/index.php/DeveloperWiki:UID_/_GID_Database -- Jabber: atsutane@freethoughts.de Blog: http://atsutane.freethoughts.de/ Key: 295AFBF4 FP: 39F8 80E5 0E49 A4D1 1341 E8F9 39E4 F17F 295A FBF4
On Tue, Apr 05, 2011 at 08:41:13AM +0200, Sven-Hendrik Haase wrote:
packages we know are broken by putting them into the base group. Perhaps fcron is a fine choice.
Bug report for reference: https://bugs.archlinux.org/task/18681
It surely would be great for fcron to replace dcron, since being lightweight in size or footprint fcron is not much different from dcron (that is, if cut off the HTML manuals). Plus that fcron has much richer facility and configurability than dcron as well. One could set whether to mail or not, or use a literal english word to specify a time or date period. And, it has really GOOD manual. -- Li Ian-Xue http://b4283.ath.cx
fcron is pretty much the de facto cron of choice for anyone needing a cron without special case needs. A nice general cron program. I do wonder about the bureaucratic processes in place to facillitate such a switch, though.
On Wed, Apr 6, 2011 at 10:19 AM, Corey Johns <lists@n-co.de> wrote:
fcron is pretty much the de facto cron of choice for anyone needing a cron without special case needs. A nice general cron program.
I do wonder about the bureaucratic processes in place to facillitate such a switch, though.
The thing to do is contact the package maintainer and present the idea, and ask what needs to be done to make the change. I for one +1 to the move, I like dcron, but when it takes this long to fix bugs upstream we need to unfortunately consider alternatives.
Am Wed, 6 Apr 2011 10:24:42 -0600 schrieb Thomas S Hatch <thatch45@gmail.com>:
The thing to do is contact the package maintainer and present the idea, and ask what needs to be done to make the change.
I for one +1 to the move, I like dcron, but when it takes this long to fix bugs upstream we need to unfortunately consider alternatives.
If you like dcron you will like fcron considerably more. I don't like dcron, because it at least feals somewhat immature and incomplete while fcron is absolutely complete and works perfectly as far as I can tell. All the features and the pros and cons, if there are any, have been mentioned many times here on the list. So I won't repeat them. +1 from me, too, for making fcron the default cron daemon as soon as possible. Heiko
participants (37)
-
Allan McRae
-
Attila
-
C Anthony Risinger
-
Corey Johns
-
David C. Rankin
-
Dieter Plaetinck
-
Dimitrios Apostolou
-
Divan Santana
-
DrCR
-
Evangelos Foutras
-
Grigorios Bouzakis
-
Heiko Baums
-
Ian-Xue Li
-
Ionut Biru
-
Jan Steffens
-
Jelle van der Waa
-
Jeremiah Dodds
-
Kaiting Chen
-
Loui Chang
-
Lukas Fleischer
-
Lukáš Jirkovský
-
Marek Otahal
-
Nicky726
-
Nicky726
-
Norbert Zeh
-
Oon-Ee Ng
-
Rogutės Sparnuotos
-
Sander Jansen
-
Sebastian Köhler
-
Simon Perry
-
Sven-Hendrik Haase
-
Thomas Bächler
-
Thomas S Hatch
-
Thorsten Töpper
-
Tom Gundersen
-
Yaro Kasear
-
Ángel Velásquez