[Opendnssec-develop] Dependencies & stock distributions

Roland van Rijswijk roland.vanrijswijk at surfnet.nl
Mon Dec 14 10:41:50 UTC 2009


Hi guys,

We have started some preliminary tests as a preparation for the roll-out
of OpenDNSSEC we are going to implement next year. All the tests we did
so far we built most things from source, including the dependencies.

Now though, we are using a stock distribution (Red Hat Enterprise Linux)
and are running into some complications with dependencies. The biggest
problem we have is that none of the packages that come with the
distribution are the right version to work with OpenDNSSEC. In almost
all cases (with just a few exceptions) OpenDNSSEC requires a newer
version of the package concerned.

As you are probably aware, most distributions seldomly come shipped with
the latest-greatest version of a package (usually for stability reasons)
and Red Hat commonly backports patches to keep the distribution stable
rather than shining new.

Since we are going to deploy OpenDNSSEC into production where the OS
maintenance is going to be done by a third party, it is inconvenient not
to be able to depend on regular OS updates from the distributor but
instead having to rebuild all dependencies every time there is an update
to one of them. This is also going to be an issue for the packagers who
have volunteered to build OpenDNSSEC packages for several distributions.

Summarising: I would like to advocate a check of dependencies on common
distributions - I for instance would be happy to report the issues I run
into on RHEL. Furthermore, I'd like to propose an "external feature
freeze", i.e. not upgrading to newer versions of dependencies unless it
is absolutely necessary; in my opinion, there is a real risk that this
problem will stop people from deploying OpenDNSSEC in production
environment because of the maintenance hassle (and the cost deriving
from that).

Your thoughts are welcome.

P.S. I realise that this is quite a long e-mail; rest assured that it is
not intended as a rant but rather as constructive criticism.

Cheers,

Roland

-- 
-- Roland M. van Rijswijk
-- SURFnet Middleware Services
-- t: +31-30-2305388
-- e: roland.vanrijswijk at surfnet.nl




More information about the Opendnssec-develop mailing list