[openstack-dev] [release][requirements][packaging][summit] input needed on summit discussion about global requirements

Jeremy Stanley fungi at yuggoth.org
Tue Apr 19 14:48:25 UTC 2016

On 2016-04-19 14:59:19 +0200 (+0200), Thomas Goirand wrote:
> On 04/19/2016 01:01 PM, Chris Dent wrote:
> > On Tue, 19 Apr 2016, Thomas Goirand wrote:
> > > Most users are consuming packages from distributions. Also, if
> > > you're using containers, probably you will also prefer using
> > > these packages to build your containers: that's the most easy,
> > > safe and fast way to build your containers.
> > 
> > I predict that that is not going to last.
> That's what everyone says, but I'm convinced the majority will be
> proven wrong! :)

Could just be that my beard has gotten a little too grey, but I
still very much prefer using stabilized software packaged by
traditional Linux distributions or similar Unix derivatives and
covered under security patched backports. My hope has always been
that as the rapid pace of development at the center of OpenStack
starts to cool (and as the press moves on and OpenStack becomes a
lot more boring to talk about), we'll approach the sort of ecosystem
stabilization needed to make that less awkward downstream.

Running a production system from a bunch of discrete containers each
with their own random versions of embedded libraries either getting
upgraded willy-nilly to the latest releases or lagging/missing
critical security patches is a regression to the bad old days when
we didn't have reliable package management. I feel like many of the
people pushing this idea simply didn't get to experience the pain it
causes the first time around and won't believe their peers who lived
through it.
Jeremy Stanley

More information about the OpenStack-dev mailing list