---- Original message ----
Date: Sat, 19 Jul 2008 04:33:46 -0700
From: Howard Chu <hyc(a)symas.com>
Subject: Re: BDB selection, et al.
To: Quanah Gibson-Mount <quanah(a)zimbra.com>
Cc: William Jojo <firstname.lastname@example.org>,email@example.com
Quanah Gibson-Mount wrote:
> --On Friday, July 18, 2008 9:11 PM -0400 William Jojo<jojowil(a)hvcc.edu>
>> I have noticed that the Symas packages user BDB 4.2 (with 2.3.42) as does
>> Ubuntu with 2.4.9+. I was wondering what the preference is over 4.4
>> (which I use) and 4..
> 4.2.52 + patches has the longest history of being solid.
> 4.3 was a disaster
> 4.4 was likely okay
> 4.5 was likely okay
> 4.6 also seems okay, and has some useful improvements
> 4.7 is not yet supported, but will be in a future release, and has
> additional useful improvements over 4.6.
4.7 can be made to work, if you're willing to tweak things a bit. The memory
manager in 4.6 is much improved over earlier versions; the memory manager in
4.7 is slightly better still. The lock manager in 4.7 is more efficient in
multi-core systems than in previous versions.
Do you, Howard, consider BDB 4.4 stable? I originally worked on 4.2 for initial rollout
some years ago. Admittedly, I have no problems at present with 4.4, and I could be
convinced to step backward if there is a compelling reason to do so.
>> I ask because I build OpenLDAP (among other things) for AIX
>> at (shameless plug) http://pware.hvcc.edu/
and I was considering moving
>> to 2.4.10 with BDB 4.6, but now I am not certain where to go for a few of
>> * Why the choice to stay with BDB 4.2?
> Proven track record over later releases (4.4, 4.5) for stability and
>> * And OpenSSL 0.9.7l (over the 0.9.8 series)?
> I use OpenSSL 0.9.8 in my builds and have for ages.
The Symas OpenLDAP 2.4 packages also use OpenSSL 0.9.8. However, the OpenSSL
build system changed, making it more difficult to complete the Windows build.
That's one of the reasons we stayed with 0.9.7 for so long in our OpenLDAP 2.3
>> * 2.3.39 has been *stable* since 11/2007 and I have not moved from that
>> point within the software suite offered. Is a later version of 2.3 going
>> to be marked stable (like 18.104.22.168 is in the Symas prodcut).
> Not likely.
True, no further 2.3.x release will be marked Stable.
> Stable is really a fairly meaningless term.
False. At the time that a release was marked stable, it was considered the
most stable release. I.e., after sufficient amount of time in release, no
major issues were discovered.
> Assigning meaning
> to it as a guideline as to what version to build is a very bad idea.
> There's a major DoS vulnerability in 2.3.39, for example, that was fixed in
> 2.3.43 and 2.4.11.
It's important to note that the Stable marker only changes if there's a new
release that we consider stable. The subsequent discovery of bugs in a Stable
release won't trigger the removal of that marker. So 2.3.39 is still marked
Stable, even though important bug fixes are in 2.3.43, because those bugs were
discovered long after 2.3.39 was released.
So, I guess I will stay where I am in production and prepare for a 2.4 upgrade at some
soon time after I finish my testing in 2.4 and when a stable release is announced.
In the meantime, when moving the Stable marker, the Project's
been that it can only be moved to the Current release stream, which is 2.4.
But we haven't yet seen a 2.4 release remain long enough in public use without
new issues quickly being discovered. So there is not yet a new Stable release.
>> * 2.4.x seems stable enough to me and certainly to Ubuntu x86[_64], but I
>> would like some other indication that I should make the leap before I
>> begin to change dependencies to several of the products I produce. Is
>> 2.4.x going to be marked stable in the near future?
> Hopefully. Note that stable does not remotely mean bug free (or relatively
> low in bug count). It simply means stable as far as core (i.e., not new)
> functionality is concerned.
No. It means low bug count as of a particular point in time, e.g., within a
couple weeks after the release.
And as I recall, we need to get to a feature freeze in the core code first. I
think 2.4 is just about at this point now.
Superb. Thank you very much, Quanah and Howard. It has been a very enlightening
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/