PatrickD Garvey
2015-Jan-14 23:38 UTC
[CentOS-docs] Pull Request wiki.c.o/AdditionalResources/Repositories
On Wed, Jan 14, 2015 at 3:26 PM, John R. Dennison <jrd at gerdesas.com> wrote:> On Wed, Jan 14, 2015 at 03:09:01PM -0800, PatrickD Garvey wrote: >> >> Proposal: >> The Third Party Repositories section should not list any other repositories, >> but should only note there are difficulties in making several independent >> repositories safely usable and give a thorough explaination of what has happened >> in the past without naming names. > > You are looking for problems to fix where there are none. The overall state of > that page is and has been fine for many years. EL requires external third- > party repos. It has always been this way and it will always continue to > be the case. Your proposal to remove the listings that are there now > serves no one and will only create more of a support burden on the > people that are volunteering their time. > > JohnI view your comments as an opportunity to understand an experience I have yet to have. Please share which repository you use and how it depends upon CentOS and how the CentOS community depends upon it. I view the entire FLOSS community as interdependent. I hope to make this page an asset for that interdependence. That's why I worked on the link rot. Karanbir seems to feel that certain phrases in the page unduly favor some of the repositories and that requires an objective evaluation. Please help us (me, especially) understand what we may be doing to the detriment of your use of CentOS and thereby avoid that negative result.
Trevor Hemsley
2015-Jan-14 23:51 UTC
[CentOS-docs] Pull Request wiki.c.o/AdditionalResources/Repositories
On 14/01/15 23:38, PatrickD Garvey wrote:> On Wed, Jan 14, 2015 at 3:26 PM, John R. Dennison <jrd at gerdesas.com> wrote: >> On Wed, Jan 14, 2015 at 03:09:01PM -0800, PatrickD Garvey wrote: >>> Proposal: >>> The Third Party Repositories section should not list any other repositories, >>> but should only note there are difficulties in making several independent >>> repositories safely usable and give a thorough explaination of what has happened >>> in the past without naming names. >> You are looking for problems to fix where there are none. The overall state of >> that page is and has been fine for many years. EL requires external third- >> party repos. It has always been this way and it will always continue to >> be the case. Your proposal to remove the listings that are there now >> serves no one and will only create more of a support burden on the >> people that are volunteering their time. >> >> John > I view your comments as an opportunity to understand an experience I > have yet to have. Please share which repository you use and how it > depends upon CentOS and how the CentOS community depends upon it. > > I view the entire FLOSS community as interdependent. I hope to make > this page an asset for that interdependence. That's why I worked on > the link rot. > > Karanbir seems to feel that certain phrases in the page unduly favor > some of the repositories and that requires an objective evaluation. > > Please help us (me, especially) understand what we may be doing to the > detriment of your use of CentOS and thereby avoid that negative > result.That page is balance between coming right out and saying "This, that and the other repo eat babies and destroy systems, do not use them" without actually coming right out and saying that. There are repos that Do the Right Thing (tm) and do not blindly overwrite core packages from the CentOS repos. There are others that do. Some of the repos that overwrite core packages do so with little packages like sqlite (yum uses sqlite so changing the version of it is not a Good Thing for system stabilty). Other repos in that list have been effectively unmaintained for a number of years so they contain packages that may have severe unfixed security vulnerabilities. Now as far as the term "Community Approved" goes: I think it's fairly accurate and I'm not sure what the objection to it was. We have to have a way to say "These repos are ok" and "these suck" and "these suck worse than that". The way the page reads at the moment seems to me to strike a good balance between providing useful information and avoiding libel! Trevor
PatrickD Garvey
2015-Jan-15 00:27 UTC
[CentOS-docs] Pull Request wiki.c.o/AdditionalResources/Repositories
On Wed, Jan 14, 2015 at 3:51 PM, Trevor Hemsley <trevor.hemsley at ntlworld.com> wrote:> On 14/01/15 23:38, PatrickD Garvey wrote: >> On Wed, Jan 14, 2015 at 3:26 PM, John R. Dennison <jrd at gerdesas.com> wrote: >>> On Wed, Jan 14, 2015 at 03:09:01PM -0800, PatrickD Garvey wrote: >>>> Proposal: >>>> The Third Party Repositories section should not list any other repositories, >>>> but should only note there are difficulties in making several independent >>>> repositories safely usable and give a thorough explaination of what has happened >>>> in the past without naming names. >>> You are looking for problems to fix where there are none. The overall state of >>> that page is and has been fine for many years. EL requires external third- >>> party repos. It has always been this way and it will always continue to >>> be the case. Your proposal to remove the listings that are there now >>> serves no one and will only create more of a support burden on the >>> people that are volunteering their time. >>> >>> John >> I view your comments as an opportunity to understand an experience I >> have yet to have. Please share which repository you use and how it >> depends upon CentOS and how the CentOS community depends upon it. >> >> I view the entire FLOSS community as interdependent. I hope to make >> this page an asset for that interdependence. That's why I worked on >> the link rot. >> >> Karanbir seems to feel that certain phrases in the page unduly favor >> some of the repositories and that requires an objective evaluation. >> >> Please help us (me, especially) understand what we may be doing to the >> detriment of your use of CentOS and thereby avoid that negative >> result. > > That page is balance between coming right out and saying "This, that and > the other repo eat babies and destroy systems, do not use them" without > actually coming right out and saying that. There are repos that Do the > Right Thing (tm) and do not blindly overwrite core packages from the > CentOS repos. There are others that do. Some of the repos that overwrite > core packages do so with little packages like sqlite (yum uses sqlite so > changing the version of it is not a Good Thing for system stabilty). > Other repos in that list have been effectively unmaintained for a number > of years so they contain packages that may have severe unfixed security > vulnerabilities. > > Now as far as the term "Community Approved" goes: I think it's fairly > accurate and I'm not sure what the objection to it was. We have to have > a way to say "These repos are ok" and "these suck" and "these suck worse > than that". The way the page reads at the moment seems to me to strike a > good balance between providing useful information and avoiding libel! > > TrevorThank you. My understanding is the term "Community Approved" was a summation of opinions, not an objectively measurable attribute and Karanbir wanted something more objective. I was trying to get us out of continually evaluating other repositories. How do you choose which to add to the lists on the page? How do you even know what exists that may need to be added to the page? As it stands the list is a result of experiences with several repositories. OK. Do we wait for an adverse experience before we add another? Or do we give a good understanding how one evaluates a repository and leave it up to the individual to make that evaluation and live with the consequence? In my experience with large corporations trying to work this out, it was considered best practice to support the positive and ignore the negative. Customers are responsible for their own choices. Positive guidance on how to select a good solution can leverage the qualities of your own product and not incur liabilities for contestable, even if legitimate, criticisms of particular alternatives. Saying "these suck" and "these suck worse" makes one liable for that opinion, even if one has an objective technique for that evaluation. CentOS has some ways to bless the work of others, SIGs and spins. Join us and we won't just praise your work, we'll help it evolve. Again, I'm looking for an understanding of your experience. This is what I have learned to this point. Let's move forward, even if that means leaving the article as it is now.
Karanbir Singh
2015-Jan-15 00:31 UTC
[CentOS-docs] Pull Request wiki.c.o/AdditionalResources/Repositories
On 14/01/15 23:38, PatrickD Garvey wrote:> Please help us (me, especially) understand what we may be doing to the > detriment of your use of CentOS and thereby avoid that negative > result.Lets flip this around - just going by your comments in the last few days, it seems to me that you dont actually use CentOS Linux at all and are largely unaware of how this ecosystem works. so, from your point of view, as a user - what is it that you use CentOS and what sort of roles do you deploy it in ? -- Karanbir Singh +44-207-0999389 | http://www.karan.org/ | twitter.com/kbsingh GnuPG Key : http://www.karan.org/publickey.asc
Karanbir Singh
2015-Jan-15 00:34 UTC
[CentOS-docs] Pull Request wiki.c.o/AdditionalResources/Repositories
On 14/01/15 23:51, Trevor Hemsley wrote:> Now as far as the term "Community Approved" goes: I think it's fairly > accurate and I'm not sure what the objection to it was. We have to have > a way to say "These repos are ok" and "these suck" and "these suck worse > than that". The way the page reads at the moment seems to me to strike a > good balance between providing useful information and avoiding libel! >Being able to quantify what good-behaviour might be ( eg. multilib lines up etc ) not only allows us to measure how good / bad a repo is, it also gives the other repos a yardstick to work through in order to become good. I realise that a good repo will do things that are hard to measure eg. delta between upstream release of a patch and when it shows up in repo; but a large bulk of things we should be able to automate I feel. -- Karanbir Singh +44-207-0999389 | http://www.karan.org/ | twitter.com/kbsingh GnuPG Key : http://www.karan.org/publickey.asc
PatrickD Garvey
2015-Jan-15 00:56 UTC
[CentOS-docs] Pull Request wiki.c.o/AdditionalResources/Repositories
On Wed, Jan 14, 2015 at 4:31 PM, Karanbir Singh <mail-lists at karan.org> wrote:> On 14/01/15 23:38, PatrickD Garvey wrote: > >> Please help us (me, especially) understand what we may be doing to the >> detriment of your use of CentOS and thereby avoid that negative >> result. > > Lets flip this around - just going by your comments in the last few > days, it seems to me that you dont actually use CentOS Linux at all and > are largely unaware of how this ecosystem works. > > so, from your point of view, as a user - what is it that you use CentOS > and what sort of roles do you deploy it in ?I am a retired programmer/system administrator. The last systems I maintained were IBM System/6000 running AIX and CATIA, a 3D computer-aided design package. I want to use CentOS to explore the aspects of operating systems that I was not allowed to explore with a proprietary system. I had a couple of 32-bit machines I intended to make into my lab, but the Linux community seems to have moved on to 64-bit images. So, while I acquire a new set of machines, I'm reading and trying to improve the documentation surrounding a particular distribution of Linux, CentOS. Any opinions I express are based on my 27 years in large corporations that used computers developed and sold by other companies, which includes 20 years ordering, receiving, installing, configuring, and running IBM equipment for large corporations.
Mark Hahn
2015-Jan-15 01:44 UTC
[CentOS-docs] Pull Request wiki.c.o/AdditionalResources/Repositories
> CentOS repos. There are others that do. Some of the repos that overwrite > core packages do so with little packages like sqlite (yum uses sqlite so > changing the version of it is not a Good Thing for system stabilty). > Other repos in that list have been effectively unmaintained for a number > of years so they contain packages that may have severe unfixed security > vulnerabilities.I suggest that we shouldn't use euphemisms when it's far more valuable to come out and say it. I would certainly appreciate if the centos docs explicitly tagged the other repos with these comments. Factual commentary about risks does not come anywhere close to libel... regards, mark hahn.
Seemingly Similar Threads
- Pull Request wiki.c.o/AdditionalResources/Repositories
- Pull Request wiki.c.o/AdditionalResources/Repositories
- Pull Request wiki.c.o/AdditionalResources/Repositories
- Pull Request wiki.c.o/AdditionalResources/Repositories
- Pull Request wiki.c.o/AdditionalResources/Repositories