Thanks, Stephen. This is a good list of the pros and cons of both methods. For any customers with support contracts through us, I should point out a few differences that can matter for support. This very much depends on the customer and their needs.
As part of a Premium Support contract, we can and do provide customers with custom egg/wheel packages containing backported bug fixes, emergency bug fixes, and other types of patches. We have a system in place for tracking, building, and getting those out, but it only works with our wheels/eggs. We're not set up to do this with RPM packages. Related to that is the supported range of distribution versions. As part of a contract, we aim to support customers even if they're on very old systems that may no longer be receiving updates in EPEL. (Sometimes customers aren't in a position to upgrade distros for various reasons, though we always try to encourage them to :). For the most part, wheels/eggs will generally work on older Linux distros, and we offer assistance and even patches to fix any remaining issues that may be encountered when running on them. The delay in getting packages through updates-testing can definitely help avoid regressions. On the flip side, this also means that some fixes or improvements customers have requested may take longer to reach them. Since signed packages were mentioned, I'd like to briefly go over the situation in the Python world. We do sign all of our packages, and those are visible on PyPI, but unfortunately pip/easy_install do not verify them. This is something that the developers plan to address, but for now, any verification must be done manually. We provide SHA256 checksums and PGP signatures for all builds of our software (which are shown both on PyPI and on downloads.reviewboard.org), and have instructions on verifying those at https://www.reviewboard.org/downloads/pgp-signatures/ Christian On Wed, Mar 21, 2018 at 2:59 AM, Stephen Gallagher < [email protected]> wrote: > > On Wed, Mar 21, 2018 at 12:59 AM Dunnigan, Terrence J < > [email protected]> wrote: > >> What are the drawbacks of installing via easy_install on RHEL, instead of >> installing as an RPM? >> >> > The main advantages of RPMs I can think of are: > > * Dependencies outside of the PyPI stack are also managed. > > * Packages are signed with the Fedora Project key, so you know the > contents haven’t been modified by a third-party > > * The update process matches the way you update the rest of your system. > > * It can be managed by central package management tools like Satellite, > Spacewalk, Ansible and Katello > > The main disadvantages are: > > * The EPEL project requires that package updates go to the updates-testing > repository until they either have some positive “karma” feedback or > fourteen days have passed. So as a result, upstream updates take more time > to reach the stable EPEL repo (of course, on more than one occasion this > has meant that a regression in ReviewBoard hasn’t made it to users of the > RPMs). This obviously could be mitigated if ReviewBoard users would try the > testing packages out and report feedback, but history has shown that RB > users generally don’t bother (and then complain when a bug creeps in...) > > * If ReviewBoard adds a new dependency from PyPI that isn’t available > already on EPEL, it can take from a few days to a couple weeks to get that > packaged up as RPMs, whereas easy_install can just pull it in automatically. > > * When the sole maintainer (me) is busy, updates lag. > > > > >> >> If RPMs are the preferred or mandatory approach, is this something that >> BeanBag should be doing? >> >> >> > > Also on my TODO list would be to get the packaging efforts moved upstream > and into whatever release tooling Bean Bag is using, but that requires even > more time than the basic packaging work I haven’t been able to get to yet. > > I’ll reiterate: if anyone wants to help here, I’m happy to train you up > and take on a comaintainer (or more). > > Terry >> >> >> >> *From:* [email protected] [mailto:[email protected]] >> *On Behalf Of *Stephen Gallagher >> *Sent:* Friday, March 16, 2018 9:25 AM >> *To:* [email protected] >> *Subject:* Re: Upgrade from 2.5.17 to 3.0.3 from EPEL repo >> >> >> >> >> >> On Thu, Mar 15, 2018 at 12:53 PM Chris Lang <[email protected]> wrote: >> >> Hi Rafal, >> >> >> >> Yes, unfortunately EPEL does not have version 3 of ReviewBoard yet. >> >> I have installed 3.0.3 successfully by running easy_install ReviewBoard >> >> >> >> Let me know if you have any issues. >> >> >> >> Regards, >> >> Chris >> >> >> >> On Thursday, March 15, 2018 at 9:33:00 AM UTC-7, Rafał Cichoń wrote: >> >> Hello, >> >> >> >> I have a problem with installation of a new ReviewBoard version 3.0.3 >> using yum and EPEL repository on RHEL7. I noticed that ReviewBoard in EPEL >> is still 2.5.17 instead 3.0.3 as is written in documentation. Did someone >> else have similar problem? >> >> >> >> >> >> >> >> Hi, I'm the EPEL maintainer (volunteer, not a Bean Bag Inc. employee). I >> have been dealing with an extremely high workload in my regular job and >> haven't had the time to go through the process of getting the new dependent >> packages for Review Board 3 into EPEL. I would very much welcome anyone >> with RPM packaging experience who would like to assist me with this (and, >> ideally, maintenance of the stack going forwards). >> >> >> >> -- >> >> Supercharge your Review Board with Power Pack: >> https://www.reviewboard.org/powerpack/ >> Want us to host Review Board for you? Check out RBCommons: >> https://rbcommons.com/ >> Happy user? Let us know! https://www.reviewboard.org/users/ >> --- >> You received this message because you are subscribed to the Google Groups >> "Review Board Community" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected]. >> For more options, visit https://groups.google.com/d/optout. >> >> -- >> Supercharge your Review Board with Power Pack: >> https://www.reviewboard.org/powerpack/ >> Want us to host Review Board for you? Check out RBCommons: >> https://rbcommons.com/ >> Happy user? Let us know! https://www.reviewboard.org/users/ >> --- >> You received this message because you are subscribed to the Google Groups >> "Review Board Community" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected]. >> For more options, visit https://groups.google.com/d/optout. >> > -- > Supercharge your Review Board with Power Pack: > https://www.reviewboard.org/powerpack/ > Want us to host Review Board for you? Check out RBCommons: > https://rbcommons.com/ > Happy user? Let us know! https://www.reviewboard.org/users/ > --- > You received this message because you are subscribed to the Google Groups > "Review Board Community" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/d/optout. > -- Christian Hammond President/CEO of Beanbag <https://www.beanbaginc.com/> Makers of Review Board <https://www.reviewboard.org/> -- Supercharge your Review Board with Power Pack: https://www.reviewboard.org/powerpack/ Want us to host Review Board for you? Check out RBCommons: https://rbcommons.com/ Happy user? Let us know! https://www.reviewboard.org/users/ --- You received this message because you are subscribed to the Google Groups "Review Board Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
