On Tue, Sep 17, 2013 at 9:49 PM, Quanah Gibson-Mount quanah@zimbra.comwrote:
--On Tuesday, September 17, 2013 9:06 PM -0300 Listas de Correo < toshiro.listas@gmail.com> wrote:
Would you mind to provide me more details about the bugs and potential
problems of using Debian packages? I'm not putting your statements in doubt, I just need to have solid and documented arguments to convince my boss that this extra work is really needed.
Read the release notes for OpenLDAP:
<http://www.openldap.org/**software/release/changes.htmlhttp://www.openldap.org/software/release/changes.html
The FAQ from the Debian OpenLDAP package maintainers:
<http://www.openldap.org/faq/**data/cache/1456.htmlhttp://www.openldap.org/faq/data/cache/1456.html
The use of GnuTLS (What Debian links to instead of OpenSSL) is harmful:
http://www.openldap.org/lists/openldap-devel/200802/msg00072.html
Ok, thanks for the info, I will look into it right away.
I have an additional question about compiling from source: how do you handle upgrades? In Debian, I've just use apt-get upgrade, in the case of compiliing yourself, you just compile and then 'make install'? Is that enough or do you need to do any previous housekeeping? (I'm asking because I haven't found any mention of upgrade in the Administrator's Guide)
On Sep 18, 2013, at 3:15 AM, Listas de Correo wrote:
how do you handle upgrades?
I run Debian GNU/Linux on all my personal servers, and previously SuSE on thousands of machines at a previous work assignment.
For certain key softwares (such as OpenLDAP, MIT Kerberos etc, etc), I do my own packaging (both debs and rpms) on a separate, dedicated, build machine because I don't like having a build environment on [my] servers.
I take the latest version of the Debian GNU/Linux package (or rpm if the target is rpm based), modify it's packaging file(s) - which is usually debian/rules and debian/controls for debs - to suite my needs. One of the first thing I did was disable GnuTLS and instead link with OpenSSL (because of the reasons mentioned earlier). This I also had to do with both Kerberos and SASL (and a whole lot of other important softwares) if I remember correctly
So when I need to upgrade (which I haven't done in almost two years now), then it is easy to take that package, and simply remove the source, replace it with the new source within the package build directory, rebuild and install (i.e. upgrading) the new package...
Granted, I need to keep an eye out for any serious security issues myself, but it's not that big of a problem - being part of the relevant mailing list(s) and skim through the Subjects is usually sufficient...
Since I'm still using packages, I get all the benefits of upgrades, without much trouble.
The reason I haven't upgraded in such a long time is that the current version works just fine for my need. If, however, I can't get a 'new' feature I need to work, the very first thing I would need to do is to upgrade. Mostly because very few people, me included, have any real interest in supporting ancient software....
openldap-technical@openldap.org