I usually don't like top-posts, but I just want to say that I agree
completely with everything Barry stated below.
If you as an admin want an easy life, use the distro version.
If you have good reasons to build yourself simply suck it up and
accept the maintenance pain (which it is, since you need to cater for
updating all the dependencies as well if you want all the latest in
features/fixes). And do read the release notes and upgrade only when
there is a need.
Btw, regular releases increases the chance of distros picking up a
somewhat current version with known fixes when they roll a new distro
release.
I'd prefer frequent releases and honest changelogs. I'm more scared by
projects that have no releases, since that tends to show dead
development or some kind of idealistic view that software can be
"finished" and not needing any more work done on it...
On Fri, 9 Nov 2018, Barry Pollard wrote:
Disagree. My 2 cents as a watcher, administrator and user:
1/ they have better things to do
Then don’t take the release! If a release contains security patches (so they
should take it), then I don’t see how hiding the issue by holding back the
release helps.
2/ it gives impression of immature and buggy software - this gives thoughts
towards alternatives, IRC shows many admins have no loyalty todays much of
todays software (well, windows fanbois excepted.
Massively disagree. Frequent release to me give the impression of an actively
maintained and evolving project. And there are a lot of changes in the HTTP
space (HTTP/2, move to encryption, increased awareness on security...etc.).
3/ As a consequence of 1 & 2, they will not upgrade, this might be trivial for little
thigs, but when a nasty bug comes out, this is what comes to mind" oh fsck it, we just
upgraded httpd last week, screw it, we'll wait" - they get bitten, CIOs demand heads,
remaining souls dump httpd and install nginx or some other alternative
Discussed above. And nginx releases monthly (http://nginx.org/en/CHANGES) which
I’d be happy if Apache HTTPD moved to.
4/ dont be fooled into thinking its the package managers role, many networks
run on RedHat EL, SuseEL, and debian, but far from all - and even those distro
package maintainers get sick to F'n death of it after a while and skip updates.
I do wish Apache would run its own “official” repo to make upgrading to latest
easier. Don’t have the expertise to help with this and understand it was done
in the past and given up due to lack of people who did but still think it’s a
shame we don’t. I think this is an area nginx does stand out. Upgrading Nginx
is often as simple as “yum update” or “apt-get”. They even run a repo for their
mainline version for those that want to be bleeding edge.
Do not be delusional - this has happened many times before.
I give you dovecot as example, it wasnt that long ago a new release was coming out
weekly, sometimes only a few days apart, people get sick of updating, some people are
still today running versions a year old because of it, I know of a few who moved to
"courier", an oldy but a goody.
And some people are still running Apache Httpd 2.2 or 2.4.6. I don’t think
that’s anything to do with the frequency of releases.
The release often mentality might be good for a new nurturing project, but that
is not httpd.
System admins want stability.
Maybe, but that’s not the world we live in. And others want features and we
shouldn’t give the impression Httpd is legacy because it lacks the features
other web servers may have. Stay on packages managed version of 2.4.6 if you
want and just take the security updates that your package manager is
responsible to include.
/Nikke
--
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Niklas Edmundsson, Admin @ {acc,hpc2n}.umu.se | ni...@acc.umu.se
---------------------------------------------------------------------------
If life had a vomit meter, we'd be off the scale.
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=