[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#7367) [PATCH] MozNSS: update list of supported cipher suites



This is quite off-topic, but I could not resist replying.

On 10/03/2012 03:29 PM, quanah@zimbra.com wrote:
> --On Wednesday, October 03, 2012 8:33 AM +0000 jvcelak@redhat.com wrote:
>
>> I understand that you don't want to support older OpenLDAP versions,
>> builds  with non-default libraries, etc. But the users will rather use
>> the package  from their distribution, instead of compiling it by
>> themselves. And we cannot  support users' builds, because we do not have
>> the sources and the build  environment under control. And we cannot
>> rebase the packages freely.
> Redhat needs to come up with a solution to this problem, because they are
> putting their users in a catch-22 situation.  Either they get support from
> RedHat for a package that will not work,

There are many Red Hat customers who are happy using the openldap server 
that comes with the distribution, and they do escalate problems through 
the support they are paying for, and they do get help and fixes that 
they pay for.


> or they build their own, and can't
> get support from RedHat.

Why should they get support from Red Hat if they build their own (in 
which case they have to support it themselves, or use the openldap 
community), or install 3rd party software (in which case they should get 
support from whoever provided the software)?

> There are reasons new *patch* level releases are
> made.  I see zero reason why RedHat cannot update the versions of OpenLDAP
> they ship since the fixes are incremental.  No one should be running
> OpenLDAP 2.4.23 as a *production server*.

The openldap in RHEL6 is *not* a *stock* openldap 2.4.23.  They are 
running 2.4.23 with many patches backported from later openldap 
releases.  The current version is openldap-2.4.23-26.el6_3.2.x86_64 - 
note the "-26" which means a lot more than 26 patches.

> Keep the RPM version string the
> same, and note the upstream release in the RPM patchlevel, if that is
> necessary, but fix the actual code to be current.

That's not what many Red Hat customers pay for.  They pay for very 
stable releases with only critical patches applied.  The Red Hat 
customers that want to use newer versions have many options - use Fedora 
(which does track upstream openldap closely), build their own, go to 
Symas, etc.

>
> This is why the Debian folks *wisely* recommend that people do *not* use
> the distribution build for a production server.

Can you point me to a link that has that statement in context?

>
> As long as RedHat keeps up this policy, the only advice ever for RedHat
> customers is to build their own RPMs, and get support elsewhere, since
> RedHat clearly can't keep working server versions together for their
> customers.

Clearly.  Except for the many customers who are quite happy.

> And then that leads to the question of what exactly they are
> paying RedHat for support for in the first place.

I like how you use "RedHat" instead of "Red Hat".

>
> --Quanah
>
> --
>
> Quanah Gibson-Mount
> Sr. Member of Technical Staff
> Zimbra, Inc
> A Division of VMware, Inc.
> --------------------
> Zimbra ::  the leader in open source messaging and collaboration
>
>