Managing Backports and Package Updates With Sarge
Posted by a3ulafia on Wed 1 Mar 2006 at 10:38
I stick to the mantra that the stable branch is for production servers and unstable/testing is only for people who know how to fix things when they break or can afford to take a box offline. But stable gets old fast. Its security updates are only for issues that effect, well, security and not application stability.
For example, there was a recent update to the Asterisk PBX with many Changelog entries fixing memory leaks. This is not a security issue but is most definitely a stability one.
For my production servers running Asterisk, this is an essential update.
Short of packaging all updates to a package oneself, what kind of backport strategy do you use?
Where are good places to go to get updated packages or to work with other people doing the same kind of work?
[ Parent | Reply to this comment ]
http://volatile.debian.net/
Also, in the past we have used backports.org to keep our Woody systems current and I just noticed they have backported Asterisk for Sarge.
http://backports.org/
Regards,
C.
[ Parent | Reply to this comment ]
[ Parent | Reply to this comment ]
The various backport sites do fill this gap and I wasn't aware there were more than backports.org. After writing this article I though of another method I've seen only rarely, which is to include a debian/ directory in the source tarball. Mplayer and Icecast do this. It requires a development system to build the package but after the build-deps are installed it is automated and one can set up their own simple apt repo on even a shared web server.
cheers
-l
[ Parent | Reply to this comment ]
As for Asterix PBX, I have an Avaya unit doing all that. Phones are phones, computers are computers and never the twain shall meet (apart from via the serial port and a perl script for departmental billing!).
I'm a glutton for simplicity.
[ Parent | Reply to this comment ]
Maybe it's more important to know "how" one can build it's own packages, so you can make your 'own' repository to keep your own systems up-to-date?
[ Parent | Reply to this comment ]
I don't have time to build packages (my motto: life is too short to compile - let someone else do it!). I'd use Gentoo if I did!
[ Parent | Reply to this comment ]
[ Parent | Reply to this comment ]
[ Parent | Reply to this comment ]
I think what Anon was trying to say is that Ubuntu is kept more 'up to date' then Debian Stable - and is just as stable for their core packages. However, if it's not an itch that they have, your package might not be in their core repository. 6 one way, 1/2 dozen the other.
Since Ubuntu is a Debian based system, it's - um - close?
[ Parent | Reply to this comment ]
[ Send Message | View Steve's Scratchpad | View Weblogs ]
I pretty much agree with the other comment(s) on apt-get.org, or backports.org.
The only difference is that I never leave those sources in my sources.list file. I always download the package sources, rebuild them myself and then upload them to a local repository under my own control.
That is partly to make sure they really are backported versions with no suprising dependencies, and partly to make sure that the repository will never "disappear" leaving me stranded without the option of installing the packages elsewhere.
It also allows me to test the packages on one or two machines before pushing them out to the LAN, etc.
When it comes to backports I'm very conservative. When Woody was the stable release I used maybe four or five specific packages which were backported. (I think OpenVPN was the major one).
Since Sarge is still so recent I'm not using anything other than a backported version of Xen 3.x. As time goes by I might upgrade clamav, and other "volatile" packages - but otherwise I'm happy enough to stick with the stable packages.
[ Parent | Reply to this comment ]
[ Parent | Reply to this comment ]
[ Send Message | View Steve's Scratchpad | View Weblogs ]
Pretty much, yes.
I tend to use the debuild script though just out of habit.
[ Parent | Reply to this comment ]
[ Parent | Reply to this comment ]
[ Parent | Reply to this comment ]
I thought qmail's license only allows distribution as source...
[ Parent | Reply to this comment ]
Ok... I have enough systems to install 10 other distributions, but I'd prefer to have a working totem on Sarge.
Kopete (the IM my gf prefers) on Sarge suffers from that ICQ protocol change. I'd like to have a solution without installing a complete KDE-backport on Sarge and without telling her to switch to a different IM...
I really want Sarge on the systems I must rely on...
[ Parent | Reply to this comment ]
Based only on these 2 software packages, I'd say that this is not a system that I would rely on.
Sarge is all fine and dandy, but it is /not/ the holy grail of (desktop) stability, imho.
Don't get me wrong. I run about 60+ Sarge Desktops at the site I'm working. And I do as little backporting as possible. But if my users would come to me with those 2 problems you've just mentioned, it'd be looking into backports.org right now. (Or at least for Kopete, as I have no love for Totem.)
Kindest regards,
mverwijs
[ Parent | Reply to this comment ]