[arch-general] People that depend on Arch, etc deserve to die? - Allan McRae - Clarifications
Hello everyone, I was reading the package signing discussion that was going on over at the [pacman-dev] mailing list http://mailman.archlinux.org/pipermail/pacman-dev/2011-February/012483.html and Allan said the following: "I think I know every distribution using pacman as a package manager and (unless there is an enterprise level distro I am missing) if peoples lives depend on one of these distros, then I am sorry to say it but in my opinion they are stupid and deserve to die." I wanted to know what was he trying to say? Is he saying that Arch and other Arch-like distros aren't serious distros that aren't meant for production? I mean I understand that Arch is rolling release and all that, but it's packages are marked stable by their corresponding upstreams. What are your opinions about this? -- Jonathan Vasquez
2011/12/23 Jonathan Vasquez <jvasquez1011@gmail.com>:
Hello everyone,
I was reading the package signing discussion that was going on over at the [pacman-dev] mailing list http://mailman.archlinux.org/pipermail/pacman-dev/2011-February/012483.html
and Allan said the following:
"I think I know every distribution using pacman as a package manager and
(unless there is an enterprise level distro I am missing) if peoples lives depend on one of these distros, then I am sorry to say it but in my opinion they are stupid and deserve to die."
I wanted to know what was he trying to say? Is he saying that Arch and other Arch-like distros aren't serious distros that aren't meant for production? I mean I understand that Arch is rolling release and all that, but it's packages are marked stable by their corresponding upstreams.
What are your opinions about this?
-- Jonathan Vasquez
Surely Allan intended to point out the idiocy of the idea that lives may depend on the key signing implementation for pacman. Somebody saying, quote: "When you work with any area of cryptography, remember that lives and certainly livelihoods can literally depend on your keystrokes (even though you may not want or expect them to), so get behind your work or don't do it. This isn't just a toy, free though it may be." has lost perspective.
On Friday 23 Dec 2011 05:32:25 Jonathan Vasquez wrote:
I wanted to know what was he trying to say? Is he saying that Arch and other Arch-like distros aren't serious distros that aren't meant for production? I mean I understand that Arch is rolling release and all that, but it's packages are marked stable by their corresponding upstreams.
I think the point is that it can be dangerous to use ArchLinux for critical applications, because there are occasional breakages during updates. That's simply because Arch doesn't have a development cycle including a QA phase. Distributions such as Debian can make certain guarantees about the stability of their software, because they only use older and thoroughly-tested software by default. However, I believe ArchLinux is a perfectly sensible choice for critical production environments, so long as appropriate measures are taken. For instance, there should be a failover server, or in a cluster configuration an Arch box should be removed from the cluster for updating, and tested before being reintegrated. It's just about being sensible. Arch is awesome for servers, though. It's light and easy to maintain. It's a lot more hands-on for more of the time than more "stable" distros, but doesn't have the pain of upgrades. I think it that balances it out. Paul
On Fri 23 Dec 2011 10:42 +0000, Paul Gideon Dann wrote:
On Friday 23 Dec 2011 05:32:25 Jonathan Vasquez wrote:
I wanted to know what was he trying to say? Is he saying that Arch and other Arch-like distros aren't serious distros that aren't meant for production? I mean I understand that Arch is rolling release and all that, but it's packages are marked stable by their corresponding upstreams.
I think the point is that it can be dangerous to use ArchLinux for critical applications, because there are occasional breakages during updates. That's simply because Arch doesn't have a development cycle including a QA phase. Distributions such as Debian can make certain guarantees about the stability of their software, because they only use older and thoroughly-tested software by default.
QA like when Debian broke SSL? I would rather trust Arch Linux for critical applications.
Let's not forget Loui, We are all human and make mistakes. A QA process is definitely a good thing. On Fri, Dec 23, 2011 at 3:48 PM, Loui Chang <louipc.ist@gmail.com> wrote:
On Fri 23 Dec 2011 10:42 +0000, Paul Gideon Dann wrote:
On Friday 23 Dec 2011 05:32:25 Jonathan Vasquez wrote:
I wanted to know what was he trying to say? Is he saying that Arch and other Arch-like distros aren't serious distros that aren't meant for production? I mean I understand that Arch is rolling release and all that, but it's packages are marked stable by their corresponding upstreams.
I think the point is that it can be dangerous to use ArchLinux for critical applications, because there are occasional breakages during updates. That's simply because Arch doesn't have a development cycle including a QA phase. Distributions such as Debian can make certain guarantees about the stability of their software, because they only use older and thoroughly-tested software by default.
QA like when Debian broke SSL? I would rather trust Arch Linux for critical applications.
-- Jonathan Vasquez
However, I think Arch is a good distro for every purpose, from desktop to server, because of it's usercentricness. If you break something, you can fall back and most of the times, if you broke a system component, it's your fault. There's [testing] and maintainers don't push unattended dangerous upgrades to extra and core. ;) But let's focus on topic, we are discussing about stability :P Salud, Ale
Am Fri, 23 Dec 2011 15:52:13 -0500 schrieb Jonathan Vasquez <jvasquez1011@gmail.com>:
Let's not forget Loui, We are all human and make mistakes. A QA process is definitely a good thing.
Is QA the thing what makes Debian so bleeding edge? *SCNR* I haven't had any stability issues with Arch Linux, yet, neither with Gentoo. And in these very rare cases in which something unforeseen happens with an update it can easily be fixed by either downgrading or waiting a few days for an update which fixes the issue. Or it can be fixed or worked around in other ways. So Arch Linux is absolutely stable and bleeding edge in my opinion and can indeed be used in a production environment. And, btw., isn't the testing done by the devs in the git tree and in [testing] not QA? Heiko
Yup it is QA for Arch's model which is what I was going to yell you when I started reading your response ;). It depends how you implement QA. On Dec 23, 2011 4:31 PM, "Heiko Baums" <lists@baums-on-web.de> wrote:
Am Fri, 23 Dec 2011 15:52:13 -0500 schrieb Jonathan Vasquez <jvasquez1011@gmail.com>:
Let's not forget Loui, We are all human and make mistakes. A QA process is definitely a good thing.
Is QA the thing what makes Debian so bleeding edge? *SCNR*
I haven't had any stability issues with Arch Linux, yet, neither with Gentoo. And in these very rare cases in which something unforeseen happens with an update it can easily be fixed by either downgrading or waiting a few days for an update which fixes the issue. Or it can be fixed or worked around in other ways.
So Arch Linux is absolutely stable and bleeding edge in my opinion and can indeed be used in a production environment.
And, btw., isn't the testing done by the devs in the git tree and in [testing] not QA?
Heiko
On Fri, Dec 23, 2011 at 10:30 PM, Heiko Baums <lists@baums-on-web.de> wrote:
Am Fri, 23 Dec 2011 15:52:13 -0500 schrieb Jonathan Vasquez <jvasquez1011@gmail.com>:
Let's not forget Loui, We are all human and make mistakes. A QA process is definitely a good thing.
Is QA the thing what makes Debian so bleeding edge? *SCNR*
I haven't had any stability issues with Arch Linux, yet, neither with Gentoo. And in these very rare cases in which something unforeseen happens with an update it can easily be fixed by either downgrading or waiting a few days for an update which fixes the issue. Or it can be fixed or worked around in other ways.
So Arch Linux is absolutely stable and bleeding edge in my opinion and can indeed be used in a production environment.
And, btw., isn't the testing done by the devs in the git tree and in [testing] not QA?
In an ideal world, the people whose livelihoods / lives depend on Arch (if such people exist) would dedicate some resources to helping out with testing stuff in [testing]. So while the QA done by [testing] is quite limited, it could in principle be very good (depending on how many people owe us their lives). -t
On Fri, 23 Dec 2011 15:52:13 -0500 Jonathan Vasquez <jvasquez1011@gmail.com> wrote:
Let's not forget Loui, We are all human and make mistakes. A QA process is definitely a good thing.
On Fri, Dec 23, 2011 at 3:48 PM, Loui Chang <louipc.ist@gmail.com> wrote:
On Fri 23 Dec 2011 10:42 +0000, Paul Gideon Dann wrote:
On Friday 23 Dec 2011 05:32:25 Jonathan Vasquez wrote:
I wanted to know what was he trying to say? Is he saying that Arch and other Arch-like distros aren't serious distros that aren't meant for production? I mean I understand that Arch is rolling release and all that, but it's packages are marked stable by their corresponding upstreams.
I think the point is that it can be dangerous to use ArchLinux for critical applications, because there are occasional breakages during updates. That's simply because Arch doesn't have a development cycle including a QA phase. Distributions such as Debian can make certain guarantees about the stability of their software, because they only use older and thoroughly-tested software by default.
QA like when Debian broke SSL? I would rather trust Arch Linux for critical applications.
Arch do have a huge QA/QC department. And by chance, it happens to be the exact same size as our user base :p
On 23/12/11 20:32, Jonathan Vasquez wrote:
Hello everyone,
I was reading the package signing discussion that was going on over at the [pacman-dev] mailing list http://mailman.archlinux.org/pipermail/pacman-dev/2011-February/012483.html
and Allan said the following:
"I think I know every distribution using pacman as a package manager and
(unless there is an enterprise level distro I am missing) if peoples lives depend on one of these distros, then I am sorry to say it but in my opinion they are stupid and deserve to die."
I wanted to know what was he trying to say? Is he saying that Arch and other Arch-like distros aren't serious distros that aren't meant for production? I mean I understand that Arch is rolling release and all that, but it's packages are marked stable by their corresponding upstreams.
What are your opinions about this?
I was saying, I would not stake my life on the stability of Arch Linux. It has been know to get broken and not just by bad packaging. Upstream "stable" releases are not necessarily stable. e.g. bash-4.2.005 was a minor upstream bug fix that resulted in Arch not booting. Allan
Thanks for the response. Do you consider Arch a production system or more of a hobby project? Meaning more like a side system and not a main one. On Dec 23, 2011 5:39 AM, "Allan McRae" <allan@archlinux.org> wrote:
Hello everyone,
I was reading the package signing discussion that was going on over at
On 23/12/11 20:32, Jonathan Vasquez wrote: the
[pacman-dev] mailing list
http://mailman.archlinux.org/pipermail/pacman-dev/2011-February/012483.html
and Allan said the following:
"I think I know every distribution using pacman as a package manager and
(unless there is an enterprise level distro I am missing) if peoples lives depend on one of these distros, then I am sorry to say it but in my opinion they are stupid and deserve to die."
I wanted to know what was he trying to say? Is he saying that Arch and other Arch-like distros aren't serious distros that aren't meant for production? I mean I understand that Arch is rolling release and all that, but it's packages are marked stable by their corresponding upstreams.
What are your opinions about this?
I was saying, I would not stake my life on the stability of Arch Linux. It has been know to get broken and not just by bad packaging. Upstream "stable" releases are not necessarily stable. e.g. bash-4.2.005 was a minor upstream bug fix that resulted in Arch not booting.
Allan
On 23/12/11 20:41, Jonathan Vasquez wrote:
Thanks for the response. Do you consider Arch a production system or more of a hobby project? Meaning more like a side system and not a main one.
I have used it in production. But then again, I have quite a good idea of what is happening in Arch Land and can deal with any issues. It all depends on what the adminstrator is comfortable with supporting. Allan
I simply believe that a man should know how Linux works, and not how Arch Linux or Debian or Fedora works. Basic approach, not distro-oriented approach. So I agree with Allan, you can't be depending on a single distro, you need to know how to deal with every single Linux system (major distros at least) on earth, and Pacman is only a package manager ;) Salud, Ale
I agree. After a person uses Linux for a while, they start to notice that most distros are pretty identical. The only things that change are package names, package manager, packages used, directory structure (where do we install packages, man files, etc), and the philosophy/goals of that distro. -Jon On Dec 23, 2011 5:47 AM, "Allan McRae" <allan@archlinux.org> wrote:
On 23/12/11 20:41, Jonathan Vasquez wrote:
Thanks for the response. Do you consider Arch a production system or more of a hobby project? Meaning more like a side system and not a main one.
I have used it in production. But then again, I have quite a good idea of what is happening in Arch Land and can deal with any issues.
It all depends on what the adminstrator is comfortable with supporting.
Allan
participants (9)
-
Alessio 'Blaster' Biancalana
-
Allan McRae
-
Heiko Baums
-
Jonathan Vasquez
-
Loui Chang
-
Paul Gideon Dann
-
Stefan Wilkens
-
Tom Gundersen
-
Øyvind Heggstad