[Opendnssec-maintainers] Re: [Opendnssec-user] Warning to all EPEL 6 users (Red Hat / Fedora / CentOS etc) (fwd)

Sara (Sinodun) sara at sinodun.com
Thu Jul 12 10:56:40 UTC 2012

Hi Maintainers,

Firstly, given the recent push of an alpha release to the EPEL repository I would like to request input on the general principle of using alpha releases in packages. 

Secondly, my understanding is that the potential actions once a release in the EPEL repository is one of the following:

1) Remove opendnssec from EPEL for now
2) Downgrade 1.4.0a1 to 1.3.x using Epoch:1 and try to downgrade the db
3) Leave opendnssec 1.4.0a1 in EPEL

The downgrade path for ODS is untested, could have unexpected consequences and involves a change to the Epoch. Therefore (given that the ODS team does not support the use an alpha release in EPEL) I would like to propose that 1) is undertaken. 

Paul (as package maintainer) -  I believe at this point you still plan on 3?

Any thoughts or suggestions on how to resolve this difference of opinion are gratefully received.


Begin forwarded message:

> From: "Sara (Sinodun)" <sara at sinodun.com>
> Date: 12 July 2012 11:51:01 GMT+01:00
> To: opendnssec-user at lists.opendnssec.org, opendnssec-maintainers at lists.opendnssec.org
> Cc: Paul Wouters <paul at nohats.ca>
> Subject: [Opendnssec-maintainers] Re: [Opendnssec-user] Warning to all EPEL 6 users (Red Hat / Fedora / CentOS etc) (fwd)
>>> Unfortunately an alpha release of 1.4.0 (1.4.0a1) has been pushed to
>>> Fedora 16 / 17 and EPEL 6 stable repositories [1].
>> Note these were pushed months ago.
> An update on this from the OpenDNSSEC team perspective. 
> The decision to push the1.4.0a1 release into EPEL was made
> by the package maintainer, against the advice of the OpenDNSSEC team. The ODS 
> team does not consider this (or any alpha release) production ready and does not 
> recommend the use of alphas in production environments. A discussion as to how to 
> resolve the disagreement with regard to the version of ODS currently in EPEL is ongoing. 
> We encourage users to test alpha releases in controlled test environments and value the 
> feedback we get. We are also very pleased that an effort is underway to include 
> OpenDNSSEC in EPEL. 
> However our advice remains that only the official, stable releases should be used in 
> production and we are working towards an official release of 1.4.0.
>>> An upgrade can be devastating to your system, wipe configurations, so
>>> I would advise against it until this matter is resolved.
>> As rpm never wipes config files, I looked into this and found that
>> there is a bug in the opendnssec.spec.in file shipped in trunk:
>> %files
>> %defattr(-,opendnssec,opendnssec)
>> %config %{_sysconfdir}/opendnssec/*
> Unfortunately this file had not been updated in some time and anyone who had used 
> this as the basis of a spec file would indeed have suffered from this issue. In future 
> we will not ship a spec file, but leave it to the  expert packager maintainers to develop
> such files as appropriate to their package. 
> Sara. 
> _______________________________________________
> Opendnssec-maintainers mailing list
> Opendnssec-maintainers at lists.opendnssec.org
> https://lists.opendnssec.org/mailman/listinfo/opendnssec-maintainers

Sara Dickinson


Sinodun Internet Technologies Ltd.
Stables 4, Suite 11
Howbery Park,
OX10 8BA,

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opendnssec.org/pipermail/opendnssec-maintainers/attachments/20120712/eb1572d9/attachment.htm>

More information about the Opendnssec-maintainers mailing list