Debian Freeze Process Update

snotty6969 writes: "Freeze Update. Anthony Towns sent in an updated report about the Woody freeze process. We're almost into the last week for uploads of base packages. If there are outstanding bugs you'd like to see fixed, provide patches or upload now. We are also getting into the last days for ensuring that standard and task packages get included in the Woody release. At the moment it looks like a lot of packages will be removed from Woody. Among these are a whole bunch of commonly used programs like gpm, Mutt, CVS, Procmail, Apache and Mozilla. People who can fix bugs in these packages and care about them are encouraged to send in patches or upload fixed packages using Anthony's unofficial NMU guidelines."

Not fantastic

[Mike Connell]

I've just switched distros to debian on 3 boxes (home from mandrake, web/mail/cvs/db box at work, and a development machine). I've been really pleased that although it's a bit of a PITA to get set up right, once it's done, it's really done. Yes, apt-get is lovely.

But if things like apache and mozilla (and for me procmail and cvs) are starting to fall, how is the future looking for debian? The thing I love about it is the the fact that almost everything I use I can just apt-get, and it all fits together. If I had to start getting my own packages a lot, it would really dampen debian's best feature.

I really hope this is merely a bit of sabre-rattling done in order to stir up some activity before release.

0.02

Re:Not fantastic

[compwizrd]

This is their way of forcing the bugs to be fixed, is all, yes.

Re:Not fantastic

[Foochar]

These things are more call to arms than anything else. For example, I still depend on a working gpm so the threat of it being removed is enough that when I get home tonight I may decide to take a look and see if I can't send the maintainer some clues as to what is going on. It would be pretty hard to justify making a release without things like apache and mozilla, however if they aren't fixed then they will end up delaying the release. Debian has a bad enough history of slipping release dates without more problems to add to it.

Re:Not fantastic

[iomud]

You can always dist upgrade, I do development on an unstable box and I've yet to have any major issues. I just keep up to date with irc and debian planet to be sure there hasn't been a debain chaos event. The anal standards debian has are a blessing and a curse all at the same time.

Re:Not fantastic

[uchian]

I've had a couple of Relatively major (if you don't know what your doing and where to look for help)/Relatively minor (if you do know) problems with using unstable, with such great symptoms as xwindows failing to start (someone accidentally put quotes around something they shouldn't have) to gpm failing to detect my mouse and exiting on startup. This happened a couple of days ago, and I haven't figured out exactly what's going wrong - I just told x windows to use the mouse directly.

I just thought I should warn people that if you run unstable and update it regularly, expect the odd - as in once every couple of months - bug which will take a couple of hours of your time to fix.

Re:Not fantastic

[CentrX]

You have to just go to IRC or DebianPlanet to make sure things aren't broken. For instance, your gpm problem is posted in the news on OPN on #debian, so if you had checked that before you upgraded, you would know the hold the package until it's fixed.

Re:Not fantastic

[damiam]

They're only to keep Apache, Mozilla, etc. out of the stable version, which most people don't use anyway. If they actually do remove these packages, people who want to use them will compile them themselves, find unofficial packages, or use packages from the testing/unstable trees.

Re:Not fantastic

[CentrX]

As has been said many times before, this is just to get more people to look at the bugs in these packages to get them fixed.

Also, a ton of people use stable. For a server, say for instance a web server running Apache, stable is great. So people do use Apache on stable, and would need it.

Re:Not fantastic

[mbanck]

But if things like apache and mozilla are starting to fall, how is the future looking for debian?

Well apart from the fact that release is far away as everybody stated; mozilla-0.9.5 _is_ in woody as of this week ("The force was strong yesterday" -- Wichert Akkerman), the announcement is older.

But regarding apache, voices have been heard that want to put apache in non-free or even remove it as their license doesn't permit derived works with the same name. Now, if a patched apache debian package qualifies as a derived work was never settled on on debian-legal...

Michael

Re:What the hell is going on?

[Anonymous Coward]

What's a "mouse driver"? Are you confusing this with some other OS, like M$ Windows?

I don't see any of the Debian users "stuck" with potato. Those who use it need a stable system, and a stable system needs to have older, more tested and understood packages. The others are happily dist-upgrading to woody every day (which is "testing", not "unstable" as you falsely claim), and I have yet to see any significant breakage in testing or even significant breakage in unstable that would have survived over 48 hours.

This is all unlike RedHat users, who have to wait for several months to get a new revision of their distro; we get all the new good stuff inside a week or two from upstream release, sometimes in a couple of days, like the Mozilla 0.9.6 which was made available in unstable just yesterday.

Re:What the hell is going on?

[Anonymous Coward]

Moderate this down because it's not touchy-feely nice, or moderate it up because it makes a good point. I'm posting anonymously because I don't think the average slash reader has enough common sense to do what's right anymore.

What's a "mouse driver"? Are you confusing this with some other OS, like M$ Windows?

She's probably referring to gpm, which was broken this week. Otherwise, he's referring to the break to the pointer devices earlier in XFree86-4, which does have a mouse driver.

I don't see any of the Debian users "stuck" with potato. Those who use it need a stable system, and a stable system needs to have older, more tested and understood packages. The others are happily dist-upgrading to woody every day (which is "testing", not "unstable" as you falsely claim), and I have yet to see any significant breakage in testing or even significant breakage in unstable that would have survived over 48 hours.

It's okay for something to be broken for 48 hours?

This is all unlike RedHat users, who have to wait for several months to get a new revision of their distro; we get all the new good stuff inside a week or two from upstream release, sometimes in a couple of days, like the Mozilla 0.9.6 which was made available in unstable just yesterday.

That's unstable, not testing. It won't be in testing for a long, long time.

And RedHat users wait a little while, yes, but that's to get new stable releases. And they never get a release where, for example, KDE is uninstallable as it's been for two weeks in testing.

Debian has a hell of a lot of work to do before it's ever going to be taken seriously. Debian is about the last thing to be supported by any Linux company, because you're either dealing with an installation that's two years outdated, or with users who haven't enough common sense not to be running a ticking timebomb of a chaotic workstation.

Re:What the hell is going on?

[Anonymous Coward]

>> I have yet to see any significant breakage in testing or even significant breakage in unstable that would have survived over 48 hours.

>It's okay for something to be broken for 48 hours?

You don't need to dist-upgrade every day. I personally wasn't hit by this bug even though I use unstable; I get the new packages when I need them.

>>This is all unlike RedHat users, who have to wait for several months to get a new revision of their distro; we get all the new good stuff inside a week or two from upstream release, sometimes in a couple of days, like the Mozilla 0.9.6 which was made available in unstable just yesterday.

>That's unstable, not testing. It won't be in testing for a long, long time.

So first you say unstable is bad because it's sometimes broken and then testing is bad because it's a bit late? You can't have your argument both ways :)

The time for a package to get into testing is about two weeks. Do you get stable upgrades for a RedHat system after two weeks? For all my uses at least, the current Debian system of releasing is perfect.

>Debian has a hell of a lot of work to do before it's ever going to be taken seriously. Debian is about the last thing to be supported by any Linux company, because you're either dealing with an installation that's two years outdated, or with users who haven't enough common sense not to be running a ticking timebomb of a chaotic workstation.

My company is using Debian. Why? Because the software is upgradable and maintainable due to the standards that force Debian packages to be correct. The easiness of customization is better than anything I've seen. And anyone I know who has actually tried Debian in such an environment has agreed with me on that. People are only using RedHat because much of the same reasons people are using Windows...

Re:What the hell is going on?

[ahurt]

> People are only using RedHat because much of the > same reasons people are using Windows... Wha!! You mean HalfLife is in RPM now? ah - testing/unstable

That's the whole purpose of a "stable" release

[stere0]

Being "stuck with whatever software versions Debian freezes on for a couple years", as you say it, is actually a Good Thing(tm).

If I install a web server, I want it to run something stable, trusted and tested, something I don't have to apt-get upgrade;apt-get dist-upgrade with untested packages every morning. My Potatoes haven't caused any problems since the day I installed them. I eventually have to upgrade some packages when security holes are discovered, but that's ok. There is nothing I need on a production box that isn't included in potato. (Well, maybe a cowsay package would be nice ;))

Re:That's the whole purpose of a "stable" release

[noahm]

Being "stuck with whatever software versions Debian freezes on for a couple years", as you say it, is actually a Good Thing(tm).

It can be a good thing, for sure, but at some point there's a tradeoff that must be made between stability and usability. For most of the basic internet services (web, mail, DNS), development has reached a certain point of maturity, and you really don't lose much by running a 2 year old release of sendmail or BIND (provided you have all necessary security updates, which Debian makes easy).

The problem is, though, once you start leaving that realm of the world, upstream development happens at a really fast pace, and Debian's release cycle does not keep up. I often cite GNOME in slink (Debian 2.1) as an example of this problem. Slink shipped with GNOME 0.3, which you may recall was virtually unusable and was certainly not stable. The most frustrating part of that, though, was that by the time slink actually shipped, GNOME 1.0 had been out for months! How can slink be considered stable when the software that comprises it is an old development snapshot?

A more current example may be apache 2. It is still not available for Debian (even in unstable), which leads one to suspect that it won't ship with woody. If it doesn't, then what happens to those users who need apache 2 functionality on mission critical servers? If they need to run unstable to get the software they need, then that defeats the point of stable. If they need to fetch the source and compile apache 2 outside of the Debian package system, then that defeats the point of apt-get.

IMHO, it is unacceptable for Debian to not currently have a stable release that includes PERL 5.6, XFree86 4.x, Linux 2.4.x, etc. What prevented the release manager from proclaiming a freeze 6 or 8 months ago? Newer versions of key packages were available and reasonably well tested at that point, and a 1 or two month freeze would have left us with a released version of Debian that was both stable and reasonably up to date.

One of the key problems, I believe, is that Debian does not use any notion of release goals. This makes it impossible to say for certain when a freeze should happen. It's entirely up to the release manager. Obviously it's not easy to have release goals for a distribution, since much of the software you want to package is not available when drafting the list of goals, but even some sort of vague, general release goals would help to provide focus.

Or maybe the problem is just that nobody actually wants to do QA debugging so they keep putting it off until the release manager gets fed up and stops allowing new features to be added until some bugs are fixed.

I don't know...I've been a Debian user for 5 years and a developer for about a year. I am very frustrated with the pace of the release cycle. Another OS I use regularly (FreeBSD, which I use at work) shares Debian's reputation for quality and stability, but they release at least two versions of their OS each year. They've released three versions since Debian released potato. Why can't we do that?

noah

Re:That's the whole purpose of a "stable" release

[phaethon]

> ... what happens to those users who need apache 2 functionality on mission critical servers?

echo deb-src http://kabuki.sfarc.net/apache2 / >> /etc/apt/sources.list
apt-get -b source apache2
dpkg -i *.deb

I've just done this on a potato system. It works just fine. Well, I've build perl and debhelper from woody to meet the build depencies. You can get bleeding edge software with debian! Just build it from debian source packages and they integrate well with the packaging system.

-Jade.

Re:That's the whole purpose of a "stable" release

[noahm]

echo deb-src http://kabuki.sfarc.net/apache2 / >> /etc/apt/sources.list
apt-get -b source apache2
dpkg -i *.deb

Yes, that certainly helps, but it can only take you so far. That's really no better than building Apache 2 completely outside the Debian package database and using 'equivs' to create a dummy entry in the package database. You don't get the advantage of easy apt-gettable upgrades, and you don't get security support. You also are at the mercy of build environment changes between distributions.

noah

Re:That's the whole purpose of a "stable" release

[joib]

As you hinted at, I think debian has a lot to learn from *BSD regarding release management in the sense that the bsd:s have succeeded in producing stable up-to-date distributions on multiple platforms on a volunteer basis. My solution would be that at the same time as a new stable is released, unstable is forked into the new testing, where the freeze process begins _immidiately_, i.e. first get the base system functional, then freeze it, then the same thing for the rest of the system and voilá, a new stable release! This would avoid the two big problems with the current system, i.e. packages trickling _veeery_ slowly into testing from unstable (e.g. mozilla, gnome 1.4 etc.) and "creeping featurism/arbitrary release goals" (lets just wait for feature X before we freeze!). But of course, I'm not the debian release manager (or whoever decides these things) so I'm just ranting...:(

Re:That's the whole purpose of a "stable" release

[clementw]

one of the reasons i switched back to redhat was that packages moved very slowly through the debian system. i just check on gnucash at debian.org and for the stable and testing it lists 1.3.4 as the version available with testing at 1.6.4 and when i check at gnucash.org i see that 1.6.0 was released 10-6-01 over 4 months ago and yet a serch of packages at debian.org does not even show 1.4 for the stable release. is it stable or stagnent??

Re:That's the whole purpose of a "stable" release

[mmontour]

I really like the OpenBSD "Patch Branch" - a CVS branch that contains security fixes and other "safe" changes, but not all the new development junk. Just a "cvs update -rOPENBSD_2_9 -Pd" to freshen /usr/src, then rebuild. There are even targets to re-build a complete set of installation files incorporating all the patches.

It's really nice to build a fully patched version of the OS, then upload it to a local FTP server (for network installs) or burn it onto a CD. That way you can install new servers *once*, as opposed to installing the base OS then manually upgrading the dozen or so packages that have critical bugs.

(I don't know how Debian compares to OpenBSD here; I haven't tried Debian since I had some pain with the installer a few years ago. But OpenBSD's really nice; just wish it had SMP and a few other goodies).

Re:What the hell is going on?

[Daniel]

Why the hell would they freeze just before emacs21 goes in, just before KDE 2.2.2 goes in, just before ALSA goes good, etc etc?


Because if we applied this criterion, we'd never freeze!

Someone's pet package is always going to be about to be released, and will be left in the cold; IMO, this fear of leaving old software in stable is a large part of what historically contributed to long release cycles. (I think the current one is long mainly because we've completely redone the archive/release infrastructure and we're still working out bugs in the new system. That and, sigh, the installer)

Daniel

Re:Seems quite alarming...

[eff]

Perhaps people should encourage 'upstream' developers more to accept debian package building specs as part of their base tree

Well, they could at least send a note to the upstream developers when they find a problem...

(I'm the author of one of the listed packages, and I don't have the slightest idea what that announcement is talking about. My library sure doesn't depend on the library they claim is buggy...)

Who needs attribution, eh?

[Anonymous Coward]

This submission was lifted verbatim from the most recent Debian Weekly News [debian.org]. I just felt someone should point this out, since the submitter didn't seem to consider it worth mentioning.

Re:Who needs attribution, eh?

[snotty6969]

Nope; That didn't come out the way it should. Is there a way to rectify this? And thanks for pointing that out for me.

No need for alarm...

[HoserHead]

...this, as others have mentioned, is more of a wake-up call to maintainers than anything. Apache _will_ ship with Debian 3.0, because maintainers will make it as bug-free as possible, because they care about it. gpm has already been fixed of most (all?) of its bugs. Similarly, we can expect all of the other major packages to be fixed in the next couple of days.

Don't worry, people. The packages you care about will be in Debian 3.0. (Including mpg321!) We'll make sure of it. :)

Re:No need for alarm...

[Daniel]

Indeed, I seem to recall that in past releases, little unimportant packages like libc6, boot-floppies, and dpkg were among the ones being "targeted for removal if you don't fix them" :)

(feel free to correct me if my memory misfired)

Daniel

Re:KDE version?

[tacocat]

Currently, KDE 2.2.2 is in woody. I can't say it's complete in all it's features and apps, but it works very nicely! Been using it for weeks now.

Re:KDE version?

[Patrick Dung]

I downloaded KDE 2.2.2 deb package from /debian/pool/main/.. It runs great with Qt 2.3.1 (it seems Qt 2.3.2 sucks).

Debian GNU/FreeBSD

[shao]

Debian is the only way that make linux does not suck.

Now, all I want is a Debian version of FreeBSD!!!

Re: Debian GNU/FreeBSD

[dne]

Why?

Re: Debian GNU/FreeBSD

[mrbnsn]

Why? Because, frankly, in core features (scheduling, VM, I/O, stability, etc.), the FreeBSD kernel is much better than the Linux kernel.

However, the flip side is that the FreeBSD kernel is an ancient, unthreaded, monolithic kernel with lagging device support, and non-existent ISV support.

So, if you don't need to run Java or other closed-source third-party software, and don't need the latest PCCARD or USB dongle, run FreeBSD. Otherwise, run Linux. A Debian environment built on top of the FreeBSD kernel would greatly facilitate switching back and forth as circumstances required.

who gives a fuck about apache?

[posmon]

just run iis under wine. you'll be laughing!

Apache and Mozilla et al?

[sketerpot]

Surely they can put things like Apache and Mozilla in a special "Mostly harmless" directory or something. It would be a tragedy to see a linux distro ship without things like these.

Debian's standard of quality

[PurpleBob]

It's good to see that Debian is maintaining their quality even when rushed. Making threats like this is one way to accomplish that - saying to maintainers with broken patches, "if you don't submit a patch, the release will suck and it will be ALL YOUR FAULT".

And I'm frankly amazed they got Mozilla in in the first place - they hadn't since M18, and with no packaged version Mozilla it was practically impossible to install Galeon.

Re:Debian's standard of quality

[CentrX]

There's always been a version of mozilla in there, it's just been M18 the whole time. I'm not amazed that mozilla 0.9.x got in, because that's something that I'm sure a lot of people have been saying is important, so it's been looked at more closely.

svgalib1?

[suss]

This happened to me after an apt-get upgrade last week:

zgv: relocation error: /usr/lib/libc5-compat/libvga.so.1: undefined symbol: _xstat

I cant find anything in http://bugs.debian.org and i've only found 1 message about it in muc.lists.debian.user... does this mean svgalib1 is going to be removed or what?

Re:svgalib1?

[Whelkman]

Oh man libc5 is old. Why don't you use svgalibg1?

Re:svgalib1?

[suss]

Oh man libc5 is old. Why don't you use svgalibg1?

I didn't choose any lib, the packages do. I apt-get everything, don't build it myself. Stuff like this seems to happen quite often in Debian/Woody, i remember login and telnet not working for weeks a while ago. Also, lilo broke on the last upgrade on another box i use (also Debian/Woody). Fun all around....

Re:svgalib1?

[kubrick]

This happened to me after an apt-get upgrade last week:

zgv: relocation error: /usr/lib/libc5-compat/libvga.so.1: undefined symbol: _xstat

I managed to fix this by commenting out /usr/lib/libc5-compat and /lib/libc5-compat
in /etc/ld.so.conf, and then re-running ldconfig (all this as root).

Of course, if I find anything on my box that's been linked against libc5, I'll run into problems -- but I've been fine so far. Hopefully this is just a problem with the svgalib packages that will be fixed by a recompile.

There's probably a better solution, but I couldn't find it :)

Re:svgalib1?

[suss]

Hm. now zgv segfaults. ohwell...

Hopefully this is just a problem with the svgalib packages that will be fixed by a recompile.

I came upon some vague message about this happening when incompatible versions of gcc are being used?

Re:svgalib1?

[kubrick]

Well, at least it's in the BTS now -- #121142 [debian.org].

The only solution at the moment is to downgrade -- and it seems like a linking problem (linked with libc6 instead of libc5 on compile).

Re:svgalib1?

[suss]

Well bugger... i've downgraded svgalib1, svgalibg1 and svgalib-bin to 1.4.1-2 and i it's still linked to libc6. Do i need to run something afterwards? To quote dr mccoy: "Damned Jim, i'm a user, not a package-juggler!"

Re:svgalib1?

[kubrick]

Ummm... try running ldconfig again as root. This will regenerate the ld.so.cache file, which stores all of the libraries' linking details.

That's the only help I can offer -- I'm only a user as well, I ain't got no serious Debian mojo going on :)

(Maybe you'd need to downgrade zgv as well? I don't know about that. Probably not... but if the above fails then give it a try.)

Let me know how you get on -- if it works I might downgrade as well :) (The commenting things out in ld.so.conf worked for me, and zgv didn't segfault -- there's one segfaulting bug in the BTS against zgv that was blamed on svgalib as well, so maybe you ran into that.)

Re:svgalib1?

[suss]

Ummm... try running ldconfig again as root. This will regenerate the ld.so.cache file, which stores all of the libraries' linking details.

Yeah, i already did that... wasn't the problem though; when i downgraded the symlink to libvga.so.1 wasnt updated and was still pointing to the newer version. Once i corrected it, zgv started working again! Now let's see how long it takes before there's a proper solution...

Re:svgalib1?

[kubrick]

BTW, maybe try a couple of other packages that use svgalib and see if the problem is there or in zgv. If they act up as well, zgv is not to blame :)

Beyond Woody?

[Trevelyan]

I like most people i know have my sources.list entries all pointing to 'testing'. So when woody moves "down" to stable, we'll all be getting a new dist.

I know SID stays at unstable so what will the new dists (or Debian 4) be called?
and when/how will this work do we stay with woody till a new testing branch is ready or will we be inline with SID for a bit?

I dont realy care about what goes into stable it packages are just too old for a desktop (great for servers and production sys) I am very interested in hearing about the next debian, beyond woody.

Re:Beyond Woody?

[PlazMatiC]

When sid was released, I was using woody, and had 'unstable' in my sources.list line. I ran my regular apt-get upgrade, and lo and behold, I suddenly had sid, without asking for it.

This was a concern at first, but sid hasn't given me any major problems.

In response to your question, when potato moved out of unstable, it went to frozen, then to stable. Woody was released as the new unstable dist very shortly afterwards, iirc.

Re:Dumbass.

[PlazMatiC]

Erm, I wanted to stick with the dist that was heading towards becoming stable.

Sid, on the other hand, is never going to become stable, so the overall stability of the distibution is never going to change. Sure, individual packages will be fixed, but there'll always be problems.

I would be happy about having a problematic distribution for a while, that was going to improve over time. I didn't realise that they were going to make the change. I personally think they would have been better leaving unstable as it was, and giving the new branch a new name.

Just my 2c, anyway.

Question

[Tachys]

When was Debian 2.2 first released?