[CentOS] How to encourage maintainers to update their software

Sun Oct 29 13:34:51 UTC 2017
Johnny Hughes <johnny at centos.org>

On 10/28/2017 05:42 PM, Frank Cox wrote:
> On Sat, 28 Oct 2017 17:15:01 -0400
> H wrote:
> 
>> The graphical configuration utility for fcitx (fcitx-configtool) is missing 
> 
> I don't know anything about Chinese text rendering.
> 
>> - The geany editor is missing the markdown plugin, this however, may shortly
>> be resolved.
> 
> Check on my website. :)
> 
> The rest of your stuff is easily dealt with by compiling the relevant Fedora rpms.
> 
>> I'd love to have keepassx updated
> 
> Download this:
> 
> ftp://mirror.csclub.uwaterloo.ca/fedora/linux/releases/25/Everything/source/tree/Packages/k/keepassx-2.0.3-1.fc25.src.rpm
> 
> and you can have this:
> 
> keepassx-2.0.3-1.el7.centos.x86_64.rpm
> 
> I just tried it and it took only a few minutes.
> 
>> - pdfshuffler is not available for CentOS 7, only CentOS 6.
> 
> I just compiled this
> 
> ftp://mirror.csclub.uwaterloo.ca/fedora/linux/releases/25/Everything/source/tree/Packages/p/pdfshuffler-0.6.0-9.fc25.src.rpm
> 
> It took about three seconds to do the whole job and now I have this:
> 
> pdfshuffler-0.6.0-9.el7.centos.noarch.rpm
> 
> You can easily do the same if you wish.  Just install rpmdevtools and any necessary dependencies for the rpm that you want to compile and  off you go.  The rpmbuild command will even tell you about any missing dependencies.  For example, my first attempt at compiling keepassx told me:
> 
> error: Failed build dependencies:
> 	libXtst-devel is needed by keepassx-1:2.0.3-1.el7.centos.x86_64
> 	libgcrypt-devel is needed by keepassx-1:2.0.3-1.el7.centos.x86_64
> 
> To fix it I did this:
> 
> yum install libXtst-devel libgcrypt-devel
> 
> My next attempt to compile the keepassx rpm worked.
> 
> This isn't a guaranteed solution for absolutely every rpm or program that you might ever come across; sometimes you get into a dependency rabbit hole that never seems to end and it becomes more work than it's worth to solve.  Other times you get stuff that requires a newer or different version of something that's way too much work to upgrade or change.  But in a lot of cases, you can just download and compile your own rpm as needed.  As you see here, two items on your wish list are easily handled this way in less than five minutes.  It took me longer to write this email than it did to download and compile those programs.
> 
> 

The problem with compiling the relevant fedora SRPMs is .. once fedora
moves to a version (in their tree) that no longer compiles on CentOS
because of shared library issues, any security updates dry up.  If you
have not found an upstream (of Fedora) source for updates for that
version of the software in question, you either have to learn how to
backport (https://access.redhat.com/security/updates/backporting), live
with software that contains security issues, or compile a newer version
of Fedora's software.  Many times, that means adding in a newer version
of dependent shared libraries.  And that can mean having to recompile
other things that depended on the shared libraries that you upgraded (or
building statically, etc.).

I recently had to go through that with the 3.18.x kernel that we used in
the Xen4CentOS repo in the Virt SIG.  I worked on another LTS kernel
(4.9.x) for about a month before 3.18.x went EOL from kernel.org .. then
it took us about another 2 months of testing in the Virt SIG to get a
fairly stable kernel build that worked for the xen Dom0 kernel.

The reason that every package in Fedora which is removed from RHEL is
not in EPEL is that it is very hard to properly backport items and find
new streams of updates that can keep older ABI/API compatibility and
main software secure after the project that maintains it moves on.  It
is also a major reason Red Hat employs thousands of engineers to do it
and why people pay them billions of dollars a year to maintain it.

So yes, it can be done .. but if you are trying to do it for 10 or so
years, it is not easy.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: OpenPGP digital signature
URL: <http://lists.centos.org/pipermail/centos/attachments/20171029/e7b4b025/attachment-0004.sig>