[Opendnssec-maintainers] Re: [Opendnssec-user] Warning to all EPEL 6 users (Red Hat / Fedora / CentOS etc) (fwd)

Paul Wouters pwouters at redhat.com
Thu Jul 12 14:36:11 UTC 2012

On Thu, 12 Jul 2012, Sara (Sinodun) wrote:

> Firstly, given the recent push of an alpha release to the EPEL repository I would like to request input on
> the general principle of using alpha releases in packages. 
> Secondly, my understanding is that the potential actions once a release in the EPEL repository is one of
> the following:
> 1) Remove opendnssec from EPEL for now
> 2) Downgrade 1.4.0a1 to 1.3.x using Epoch:1 and try to downgrade the db
> 3) Leave opendnssec 1.4.0a1 in EPEL
> The downgrade path for ODS is untested, could have unexpected consequences and involves a change to the
> Epoch. Therefore (given that the ODS team does not support the use an alpha release in EPEL) I would like
> to propose that 1) is undertaken. 
> Paul (as package maintainer) -  I believe at this point you still plan on 3?

Yes. Removing a package also has side effects. Anyone with the package
installed will be prevented from updating some libraries (eg botan) on
their system because an old opendnssec package is compiled against it.
Inevitably it would result in a conflict where some package insists on
a newer library and the old opendnssec will depend on the old library,
and the system will no longer be able to update itself without manual
intervention by the sysadmin.

Apart from that, I don't see the value of taking the option of people
to run opendnssec from them, solely based on the definition of "alpha",
especially since we determined the damage done recently was not in any
way related to the EPEL package. 1.3.x rpms outside Fedora/EPEL do not seem
to be readily available, especially if you also kill the spec file in
opendnssec. People wanting to run opendnssec on RHEL would simply grab
the SRPM from Fedora and end up in the exact same situation. Except they
would have had to do more manual work for no apparent reason. It would
likely lead to some other developer requesting an opendnssec branch for
EPEL, and we'd be back at where we are today.

> Any thoughts or suggestions on how to resolve this difference of opinion are gratefully received.

I'd say the best way forward is to keep a very close eye on 1.4.x alpha
in Fedora/EPEL and move it to a stable 1.4.0 release when we can. I
could add some documentation to the description of the package that warns
people this is alpha code and that they might want to use 1.3.x instead.
Also, I am looking into the issue of the spec file, so that we can
prevent future "overwriting config files" problems for people who
installed opendnssec from the spec file shipped with opendnssec.


More information about the Opendnssec-maintainers mailing list