On 09/28/2011 04:07 AM, Johnny Hughes wrote:
On 09/28/2011 03:31 AM, Xavier Bachelot wrote:
On 09/23/2011 10:25 PM, Johnny Hughes wrote:
On 09/22/2011 08:16 PM, Ben Galliart wrote:
On 09/17/2011, Karanbir Singh wrote:
Now back to the question on hand, centos-release-cr in 5.7..
Perhaps the best place for the centos-release-cr is in the updates/ repo, rather than the /cr/ repo, since that way it would further reduce the barrier for people to opt-in, a simple 'yum install centos-releae-cr' would get them on the track, and keep them there till such time as they want to opt-out.
Is there any ETA as to when this could be done or at least decided on?
There is no need to upgrade anything. If you installed the package, you are on CR ... then and now.
The CentOS-CR repo points to /5/cr/ (which is 5.7 now and was 5.6 when the repo file was released).
It (/cr/) is currently empty because 5.7/os and 5.7/updates contain all the RPMS that are required to update from 5.6 (or any other version of CentOS).
When 5.8 is released, the RPMs that are part of 5.8 will get put into the /5.7/cr/ and allow people who are opted in to get the updates before the 5.8 release.
I think maybe putting the RPM in "extras", so it is easier to install is doable ... but not a huge issue.
In fact, I have put it there. centos-release-cr is now in extras.
What's the reasoning for putting centos-release-cr in the extras repo ? Imho, the package would fit better in either the updates or cr repositories (with a preference for the later), because these 2 repos allows to get upstream updates and only that, while extras carries a lot of packages not coming from upstream. Providing a repository yum configuration from within said repository is quite usual for other repos and it looks strange to have to use one repo to get the conf for another.
The use case is to kickstart an install with base + updates + cr in order to have a fully updated and updatable system with only packages from upstream. Adding extras to the mix to be able to pull just the centos-release-cr package makes the use of other 3rd party repositories more difficult, as extras and 3rd party repo can and do provide overlapping packages. This is true for epel, I guess this is true for others 3rd party repos. Indeed, this can be worked around, but this adds some complexity.
It is not in the CR repo, because it's purpose is to enable the CR repo. If you have to manually download it and install it (instead of using yum) to enable the repo, then it kind of defeats the purpose for it to be an RPM in the first place. We could just provide the .repo file and say to put it in /etc/yum.repos.d/
It is not in updates because updates is just that ... updates to the packages already in base. Updates is not the place for "Extra" packages that we need to distribute which are not in the upstream RPMS. That is what extras is for...
Extras, on the other hand, is exactly for this kind of package. It is a package, provided by CentOS, that is not upstream ... and is not replacing a package written by upstream. Extras is also enabled by default, so all that is required is to run:
yum install centos-release-cr
To get it installed and enabled. Once installed, it is enabled and it works from that point on.
My personal opinion is that an RPM is not even necessary for this repo ... and that all we should do is put a repo file in the repository itself and tell people do download it ... but if we are going to have an RPM for it, then that RPM should be hosted in the Extras repository.
What is the reason for this mentality? KB specifically and strongly recommended using CR between 5.6 and 5.7 because that entire time users are without kernel and other security updates, some of which may be exploitable easily. Yet you suggest that rather than making it simple to add the CR repo to an existing installation with a single "yum" command and easily include the repo into a kickstart without having write a post-install script, to make sure that users must do all the work of a) discovering that CR exists in the first place and b) manually downloading a file and then putting it in the correct place.
I think CR is extremely important unless CentOS will make a commitment to turn around all new upstream releases within 2 weeks, which recently has not happened. CR needs to be widely publicized, easy to install, and easy to opt-in early and permanently to avoid leaving so many unpatched servers in the wild.