On Sat, 2011-07-09 at 12:00 -0400, centos-devel-request@centos.org wrote:
Message: 5 Date: Sat, 09 Jul 2011 10:43:56 +0200 From: Ljubomir Ljubojevic office@plnet.rs Subject: Re: [CentOS-devel] Public mirrors leaking ISO files To: "The CentOS developers mailing list." centos-devel@centos.org Message-ID: 4E1814CC.9020507@plnet.rs Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Shawn Thompson wrote:
"leaks"
Yes, as in "drips through barriers" until whole dam is broken. Remember story about Dutch kid that saved the dam by plugging his finger in dam's little hole? If you are doing something, do it right or do not do it at all.
This is just the silliest thing I have ever heard. This happens all the time, even with Windows. I see no cause for alarm, especially since this is FOSS. What's the problem?
I don't care you don't care. I know dev's value their invested time and You've do not need more headaches.
Because it is not 100% complete. If someone (read hundreds possibly) starts using ISO with a bug, then they could start complaining about something wrong, and dev's and us willing to help could spend may hours not knowing why is that persons PC behave like that. Not to mention possible public name calls for no reason than not caring.
Ljubomir
Let's see if I understand this - You've got "hundreds possibly" of people who have been anxiously awaiting this release for months...you've got a very real dearth of information coming out of "official" channels regarding the status of the release (with the exception of http://qaweb.dev.centos.org/qa/, which announced that the sync to external mirrors started a couple of days ago, and that the "bit flip" should occur at any time), and you're chastising people for showing an overwhelming interest in the product.
If you're so concerned about the potential problems with people "jumping the gun", then COMMUNICATE THE STATUS!! Don't leave people in the dark then act chagrined when people take it upon themselves to seek out what they've been waiting for. I don't care that you don't care that he doesn't care that there are leaks. I do care that you don't care to share what you know with others so that they might behave in a rational manner toward this much anticipated release.
On 07/09/2011 08:17 PM, Mark E. Wilt wrote:
external mirrors started a couple of days ago, and that the "bit flip" should occur at any time), and you're chastising people for showing an overwhelming interest in the product.
I dont think anyone is being chastised as such - people who know what they are doing are pretty much ok, and understand the issues involved.
If you're so concerned about the potential problems with people "jumping the gun", then COMMUNICATE THE STATUS!! Don't leave people in the dark
its been quite clearly plastered all over the place that its not released till the release announcement is sent out.
There are very few ways to work around getting a mirror sync, test and mirrorlist handling in a sane manner that covers as large a base as we need to.
then act chagrined when people take it upon themselves to seek out what they've been waiting for. I don't care that you don't care that he doesn't care that there are leaks. I do care that you don't care to share what you know with others so that they might behave in a rational manner toward this much anticipated release.
Thats absolutely not true. As far as I can see lots of people have been making it quite public that unless you really know what you are doing, hold out for the release announcement. But then its possible I'm looking at different things and talking to different people than you, so that brings up :
Where would you have looked to see this being communicated ? What did you find when you looked there ? What else would you have expected ? How can you help with this communcation ?
- KB
Hi KB,
On Sat, 2011-07-09 at 20:29 +0100, Karanbir Singh wrote:
Where would you have looked to see this being communicated ?
1) A new thread on this list containing the statement of the fact and brief explanation.
2) A short message on the Twitter, which many are using as an RSS feed for the project news for the lack of better options.
What did you find when you looked there ?
1) Your reply on the mailing list made perfect sense and was generally an example of good communication, but it came late.
2) So did the tweet.
What else would you have expected ?
As on many other instances, I would expect this information to be provided earlier.
How can you help with this communcation ?
How can you accept help with the communication if you need any?
I have previously asked on this list if the batches of the relevant qaweb announcements can be communicated on the -devel list weekly, e.g. every Friday.
Not only this didn't happen (and I didn't get any feedback with regards to this question), but also the qaweb pages ended up only being updated sporadically after the status update requests were posted to the list. Later, I e-mailed Jeff privately, but apparently he was too busy to get back to me.
I really do believe, that how communication happens does matter, and although the relevant information ends up being communicated when requested, I think that nobody would argue that there is a trend of it happening late if at all.
I could have taken the role of a person that would compile relevant updates from qaweb and officially post them to the list if this would be of any help to you, but obviously it's probably much more appropriate if this were done by someone who has something to do with CentOS development or at least QA and has some insight into what's actually going on there.
I've seen Alain re-posting information to the announcement threads on the forum and I think that he was doing a great and important job. If only there was a designated person to regularly and timely post updates to all major communications channels (forums, list, twitter), this would have taken care of most of the problems.
I'd like to refer to ReactOS as an example of being good in communication. I'm not involved with this project in any way, but they post very nice newsletters every two weeks and it makes it easy and pleasant to follow on their progress.
On 07/09/2011 10:30 PM, Yury V. Zaytsev wrote:
Where would you have looked to see this being communicated ?
- A new thread on this list containing the statement of the fact and
brief explanation.
this list isnt the announement list for anything. if after folowing this list for a while, people are still unsure as to the qaweb interface - then nothing is really going to come across to them.
- A short message on the Twitter, which many are using as an RSS feed
for the project news for the lack of better options.
there is a statement on twitter about this..
What did you find when you looked there ?
- Your reply on the mailing list made perfect sense and was generally
an example of good communication, but it came late. 2) So did the tweet.
not sure I understand - are you saying that we should try and pre-empt every possible way that people out there might need hand holding ? that sounds quite strange. An issue came up, we tried to address it.
As on many other instances, I would expect this information to be provided earlier.
so you mean to tell me that you are confused about the 'its not released till its released and announced released bit?'
I have previously asked on this list if the batches of the relevant qaweb announcements can be communicated on the -devel list weekly, e.g. every Friday.
this is not a communication of things to people list, I for one would really not want it to become something of that nature.
I could have taken the role of a person that would compile relevant updates from qaweb and officially post them to the list if this would be
dont think you can -- most of our interactino is on irc, and you have previously yourself said that you are not available online there much..
- KB
On Sun, 2011-07-10 at 00:07 +0100, Karanbir Singh wrote:
this list isnt the announement list for anything. if after folowing this list for a while, people are still unsure as to the qaweb interface - then nothing is really going to come across to them.
Actually, I would say that the name of this list is kind of misleading as such (centos-devel@), because it is not something one would expect from a list that ends with -devel@.
To my mind it is more like CentOS development public outreach list, that is a list that many developers follow and periodically ask for input (or even receive unsolicited input :-) ), but it is definitively not a conventional internal development mailing list where ongoing issues are discussed mostly within the developers themselves.
I think this is where the confusion comes from. Maybe if it were made more clear on the wiki [1] and on the mailman list description page [2], it would really help.
[1]: http://wiki.centos.org/GettingHelp/ListInfo [2]: http://lists.centos.org/mailman/listinfo/centos-devel
- A short message on the Twitter, which many are using as an RSS feed
for the project news for the lack of better options.
there is a statement on twitter about this..
True, posted on Sat, 09 Jul 2011 19:31:55 UTC and not particularly clear to laymen as it seemed to me (see below).
What did you find when you looked there ?
- Your reply on the mailing list made perfect sense and was generally
an example of good communication, but it came late. 2) So did the tweet.
not sure I understand - are you saying that we should try and pre-empt every possible way that people out there might need hand holding ? that sounds quite strange. An issue came up, we tried to address it.
No, of course not, since this would indeed sound quite strange.
All I am saying is that the leak issue came up at latest around Sat, 09 Jul 2011 00:00:00 UTC. Soon enough started the speculations on why this is an issue at all and how come greedy CentOS developers don't want to share their stuff etc.
Your (helpful!) answer came (technically) a day later. This is a totally reasonable response time under normal circumstances, but I don't think this is the case here.
For instance, a major Russian FOSS portal has already published a news item that CentOS 6 was publicly released and provided links to one of the leaking mirrors (which is still up and serving, by the way [3]).
Of course inspired visitors already created torrents to seed the files as genuine CentOS 6 stuff and I bet many thousands of downloads already took place by that time...
[3]: http://centos.mirror.nexicom.net/6.0/isos/x86_64/
As on many other instances, I would expect this information to be provided earlier.
so you mean to tell me that you are confused about the 'its not released till its released and announced released bit?'
Yes, exactly, that's what I'm telling you. To my mind it would be of help, if this message was (1) posted earlier and (2) looked more like
"Attention! The CentOS 6 ISOs on the mirrors right now might not have the final content yet! Please wait until the release is officially announced to avoid unpleasant surprises and report leaking mirrors."
Would you agree with that?
I have previously asked on this list if the batches of the relevant qaweb announcements can be communicated on the -devel list weekly, e.g. every Friday.
this is not a communication of things to people list, I for one would really not want it to become something of that nature.
Totally fine with me, it's a CentOS list, so CentOS sets the policy on what kind of information should and shouldn't be posted.
How about the announcement or newsletter list? What do you think?
I could have taken the role of a person that would compile relevant updates from qaweb and officially post them to the list if this would be
dont think you can -- most of our interactino is on irc, and you have previously yourself said that you are not available online there much..
I do realize that, that's why I didn't offer myself in the first place (1) and called it (2) "compiled from qaweb", since I am unable to follow the IRC conversations (even this would be of help, I think).
Which brings us back to another question that I asked, that is what kind of help you need with communication and how you could make use of it?
Internal communication mostly happens on IRC? Fine, how about making a call for someone that is interested to follow the IRC and make regular overviews posted to the rest of the communication channels (lists, forums and twitter)?
Hey, remember the story with the unofficial CentOS-6 twitter account? I think it's an indication that this area would benefit from improvement...
On Sun, Jul 10, 2011 at 02:13:33AM +0200, Yury V. Zaytsev wrote:
Of course inspired visitors already created torrents to seed the files as genuine CentOS 6 stuff and I bet many thousands of downloads already took place by that time...
Nexicom has been at the center of the leak controversy since the moment it started. I didn't consider that the number of downloads would have been that significant, however.
Yet more reason to sanction them in my not nearly humble opinion. I swear that I've seen them leaking in the past as well.
John
On Sun, 10 Jul 2011, Yury V. Zaytsev wrote:
All I am saying is that the leak issue came up at latest around Sat, 09 Jul 2011 00:00:00 UTC. Soon enough started the speculations on why this is an issue at all and how come greedy CentOS developers don't want to share their stuff etc.
... I do not know where 'greedy' came from, but ...
Your (helpful!) answer came (technically) a day later. This is a totally reasonable response time under normal circumstances, but I don't think this is the case here.
By what strange sense of entitlement is any response within 24 clock hours, and falling into a weekend, untimely? Have you a SLA? This is NOT a commercial product no matter how much some people want to wish for that magical pony. If won wants deterministic SLA times, go buy such from a person selling such
But, in fact, the topic of 'leaking mirrors' had already been addressed, ...
Yes, exactly, that's what I'm telling you. To my mind it would be of help, if this message was (1) posted earlier and (2) looked more like
"Attention! The CentOS 6 ISOs on the mirrors right now might not have the final content yet! Please wait until the release is officially announced to avoid unpleasant surprises and report leaking mirrors."
... by this post:
Date: Fri, 8 Jul 2011 14:14:10 -0400 (EDT) From: R P Herrold herrold@owlriver.com To: CentOS mailing list centos@centos.org
...
The implicit statement being that a mirror operator could _jump the gun_ on the official release, and 'have 'the release early. Indeed, in the past some (former) mirror operators released 'early samples' and posted such URLs ... and one of the CD vendors released a non-officially released ISO, that they (assumedly) then had to recall and replace
This turned out to be ill-considered, because the release process is not official until announced, and in one of the past releases, we needed to replace a few files 'at the last minute'
That is, a day BEFORE your claimed onset of the leak, we re-iterated that 'the release process is not official until announced'. No threats, as none are credible, but rather just pointing out the facts yet again
The same thing we've said every time. Over and over again
Nothing is going to STOP people who 'NEED' the 'LATEST AND GREATEST' from trying to bend the rules to get at such content early. Threatening or taking punitive acts toward public mirrors who do not want to follow the rules won't work
There is no reason for the CentOS team to address the matter, other than to point out that if the MD5SUMs do not match, it is not CentOS matter, and will not be supported in CentOS forums by people from the CentOS team
Third parties who seem to love to hear themselves talk, and have to have the last word, have all but driven out on topic matter on the CentOS mailing lists. It is a shame, and I hope that a person who looks at their sent email and finds that they have made more than four in a day, or thirty in a week, ask their self: Do I _really_ need to post this? because the noise level of off topic cr*p in recent weeks has been killing
-- Russ herrold
Mark E. Wilt wrote:
Let's see if I understand this - You've got "hundreds possibly" of people who have been anxiously awaiting this release for months...you've got a very real dearth of information coming out of "official" channels regarding the status of the release (with the exception of http://qaweb.dev.centos.org/qa/, which announced that the sync to external mirrors started a couple of days ago, and that the "bit flip" should occur at any time), and you're chastising people for showing an overwhelming interest in the product.
If you're so concerned about the potential problems with people "jumping the gun", then COMMUNICATE THE STATUS!! Don't leave people in the dark then act chagrined when people take it upon themselves to seek out what they've been waiting for. I don't care that you don't care that he doesn't care that there are leaks. I do care that you don't care to share what you know with others so that they might behave in a rational manner toward this much anticipated release.
???
Who says I am not communicating what I know? I was asked to be admin on CentOS Facebook page and I post on the wall everything I have learned from both mailing lists and QA web site.
But I have no authority or authorization to post here, especially when most of I learn is from centos-users and centos-devel mailing list. And at least 20 times someone referred to QA web site in last month alone.
One of the members of CentOS Facebook page posted anaconda C6 screen and said he downloaded it from official public mirror, so I alerted the devs/mirror admins and was attacked for trying to help correcting the problem.
And NO, I do not have any other "official" info, no chats, private mails, PM's, etc.. I just look, read, remember and use my brain in order to inform others (FB members mostly).
Since mirror network can (and mostly does) work by distributing only differences, syncing majority of data for shortening the time of actual release if logical, but as we were informed it is not all over yet and those are not final versions. That is exactly what I wrote on FB page all along. Go and take a look.
And if all mirrors were set properly this discussion would never happen.
Ljubomir
On Sat, Jul 09, 2011 at 09:49:08PM +0200, Ljubomir Ljubojevic wrote:
And if all mirrors were set properly this discussion would never happen.
And that's the whole point of all of this. Content is seeded in such a way that it is restricted from the public until the time that the read bit is enabled when the actual release announcement is made. Some mirrors, either willfully and knowingly, or perhaps by some automated means such as a script, have opened the directories up. So yes, this content is leaked. And it has been strongly cautioned on IRC and elsewhere that using this leaked content before official release was asking for trouble in the event that a reissue of components was made. And sure enough, such a reissue proved necessary in the case of the CentOS-6 release.
Leaks happen every single release. And at least one of the currently leaking mirrors has done this in the past so it's not a new story even for them. Running a mirror really isn't that difficult; generally, barring normal administration tasks of course, it's fire and forget.
But until the project does something to either slap the wrists of mirror operators that leak content in some manner, or just remove their mirror status perhaps for the case of repeat offenders, it's going to continue to occur.
As far as those _using_ the content? They should know better. There has been no official announcement of general CentOS-6 availability; they should know not to use that which is leaking out - especially if they had to actively search out such content.
This is an enterprise level distribution, some thought really is required.
John -- <DiscordianUK> deselect was written by someone who OD'ed on vi
-
John R. Dennison -
Karanbir Singh -
Ljubomir Ljubojevic -
Mark E. Wilt -
R P Herrold -
Yury V. Zaytsev