FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Debian > Debian Development

 
 
LinkBack Thread Tools
 
Old 07-12-2008, 10:05 PM
Roberto C. Sánchez
 
Default Xen status in lenny?

On Sat, Jul 12, 2008 at 12:03:30PM -0700, Steve Langasek wrote:
> On Fri, Jul 11, 2008 at 12:18:51PM +0200, Lucas Nussbaum wrote:
> > > > What are the plans for Xen for lenny? Is this situation likely to change
> > > > before the release?
>
> > > It will ship the hypervisor and a domU kernel. For dom0 it will need
> > > either the etch or my own[1] kernel. This may be changed later if we can
> > > get a new kernel in the stable release.
>
> > The problem I see with that is that people will be left without a
> > supported dom0 kernel at some point during the etch lifetime. Do we have
> > a plan to address that? Shouldn't we make it clear that we will support
> > the etch kernel until a lenny+1/2 kernel is available, for example?
>
> Which "we" do you expect will support it? I haven't heard any comments from
> the security team indicating that they're willing to provide support for
> such a stale kernel beyond the normal support lifetime of etch. If there
> should happen not to be a lenny+1/2 kernel, how long would the security team
> be expected to provide security support for 2.6.18? Until the release of
> lenny+1? Until the end of the *lenny* support cycle?
>
> > Wouldn't it be a good idea to ship a linux 2.6.18 kernel in lenny, only
> > for dom0, so it's clear that it is supported?
>
> I think the first question to resolve is to establish that it *is*
> supported...
>
I think that the prudent thing for Debian to do is to continue to
support the older kernel if that is the only way to ensure Xen support
for the users. I personally have a few servers running Xen that run
stable. If the support for Xen in a stable release is not suitable, I
would have to consider migrating those servers to some other distro. I
would really hate to have to do that.

Regards,

-Roberto

--
Roberto C. Sánchez
http://people.connexer.com/~roberto
http://www.connexer.com
 
Old 07-12-2008, 10:10 PM
Lucas Nussbaum
 
Default Xen status in lenny?

On 12/07/08 at 12:03 -0700, Steve Langasek wrote:
> On Fri, Jul 11, 2008 at 12:18:51PM +0200, Lucas Nussbaum wrote:
> > > > What are the plans for Xen for lenny? Is this situation likely to change
> > > > before the release?
>
> > > It will ship the hypervisor and a domU kernel. For dom0 it will need
> > > either the etch or my own[1] kernel. This may be changed later if we can
> > > get a new kernel in the stable release.
>
> > The problem I see with that is that people will be left without a
> > supported dom0 kernel at some point during the etch lifetime. Do we have
> > a plan to address that? Shouldn't we make it clear that we will support
> > the etch kernel until a lenny+1/2 kernel is available, for example?
>
> Which "we" do you expect will support it? I haven't heard any comments from
> the security team indicating that they're willing to provide support for
> such a stale kernel beyond the normal support lifetime of etch. If there
> should happen not to be a lenny+1/2 kernel, how long would the security team
> be expected to provide security support for 2.6.18? Until the release of
> lenny+1? Until the end of the *lenny* support cycle?
>
> > Wouldn't it be a good idea to ship a linux 2.6.18 kernel in lenny, only
> > for dom0, so it's clear that it is supported?
>
> I think the first question to resolve is to establish that it *is*
> supported...

If nothing changes, the only choice for users will be to run an etch
dom0 (or an etch dom0 kernel with a lenny userland, but that doesn't
change much). An etch dom0 will only be supported until the end of the
etch support cycle. After that, users will need a supported upgrade
path (and I would prefer it not to be "use Ubuntu").

We (Debian) should make a clear statement that users of Debian as dom0
will have at least one supported configuration at any time during the
lenny lifetime.

Shipping an additional 2.6.18 kernel in lenny is just one extreme
solution. Another solution might work too, like stating that we (Debian)
will support the etch dom0 kernel until a dom0 kernel is available in
lenny (+ an interim period), even if the support cycle for etch ends
before that.
--
| Lucas Nussbaum
| lucas@lucas-nussbaum.net http://www.lucas-nussbaum.net/ |
| jabber: lucas@nussbaum.fr GPG: 1024D/023B3F4F |


--
To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
 
Old 07-13-2008, 01:01 AM
Steve Langasek
 
Default Xen status in lenny?

On Sat, Jul 12, 2008 at 06:05:14PM -0400, Roberto C. Sánchez wrote:
> > I think the first question to resolve is to establish that it *is*
> > supported...

> I think that the prudent thing for Debian to do is to continue to
> support the older kernel if that is the only way to ensure Xen support
> for the users. I personally have a few servers running Xen that run
> stable. If the support for Xen in a stable release is not suitable, I
> would have to consider migrating those servers to some other distro. I
> would really hate to have to do that.

The distro used on dom0 is pretty uninteresting, given that part of the
point of having Xen-style virtualization for servers is to a) be able to run
different OSes in different guests, and b) not to run services in dom0.[1]

If the Debian security team is unwilling or unable to provide support for a
2.6.18 kernel over the lifetime of lenny, I'm happy to see us let dom0 be
Somebody Else's Problem. I'm certainly happier with that than having us
/claim/ to support 2.6.18, have users rely on that claim, and then not be
able to deliver.

--
Steve Langasek Give me a lever long enough and a Free OS
Debian Developer to set it on, and I can move the world.
Ubuntu Developer http://www.debian.org/
slangasek@ubuntu.com vorlon@debian.org

[1] I can sympathize with users who want to run Xen on systems for
virtualization purposes while also being able to run a full desktop
environment in dom0 where hardware is more accessible; but I think this is
probably a fairly small group of people still given the hardware
requirements, and in any case I don't think that's a use case that should
compel us to overextend ourselves.


--
To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
 
Old 07-13-2008, 02:39 AM
Steve Langasek
 
Default Xen status in lenny?

On Sun, Jul 13, 2008 at 12:10:28AM +0200, Lucas Nussbaum wrote:
> > > The problem I see with that is that people will be left without a
> > > supported dom0 kernel at some point during the etch lifetime. Do we have
> > > a plan to address that? Shouldn't we make it clear that we will support
> > > the etch kernel until a lenny+1/2 kernel is available, for example?

> > Which "we" do you expect will support it? I haven't heard any comments from
> > the security team indicating that they're willing to provide support for
> > such a stale kernel beyond the normal support lifetime of etch. If there
> > should happen not to be a lenny+1/2 kernel, how long would the security team
> > be expected to provide security support for 2.6.18? Until the release of
> > lenny+1? Until the end of the *lenny* support cycle?

> > > Wouldn't it be a good idea to ship a linux 2.6.18 kernel in lenny, only
> > > for dom0, so it's clear that it is supported?

> > I think the first question to resolve is to establish that it *is*
> > supported...

> If nothing changes, the only choice for users will be to run an etch
> dom0 (or an etch dom0 kernel with a lenny userland, but that doesn't
> change much). An etch dom0 will only be supported until the end of the
> etch support cycle. After that, users will need a supported upgrade
> path (and I would prefer it not to be "use Ubuntu").

I would note that, although built as part of the main 'linux' source package
in Ubuntu, the Xen kernel images are in Ubuntu universe - which means any
Xen-specific code is effectively not guaranteed to be covered by Canonical's
security support anyway. So you might want to take a closer look at the
security status of this, before deciding that Ubuntu is the right choice for
a security-supported dom0 kernel (or before goading Debian folks into
overcommitting themselves to Xen support in lenny using Ubuntu as a bogeyman
.

(N.B., I'm not speaking on behalf of the Ubuntu Xen folks; they may indeed
have made arrangements with the security team to provide security coverage
for the Xen kernels - I'm just saying not to assume it's a given.)

> We (Debian) should make a clear statement that users of Debian as dom0
> will have at least one supported configuration at any time during the
> lenny lifetime.

What I don't see you saying is that *you* are volunteering to step up and
help provide security support for this kernel. So it's "we" when we're
making a statement, but it's still "they" who would have to provide the
actual support, AFAICS.

--
Steve Langasek Give me a lever long enough and a Free OS
Debian Developer to set it on, and I can move the world.
Ubuntu Developer http://www.debian.org/
slangasek@ubuntu.com vorlon@debian.org


--
To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
 
Old 07-13-2008, 07:01 PM
Roberto C. Sánchez
 
Default Xen status in lenny?

On Sat, Jul 12, 2008 at 06:01:30PM -0700, Steve Langasek wrote:
> On Sat, Jul 12, 2008 at 06:05:14PM -0400, Roberto C. Sánchez wrote:
> > > I think the first question to resolve is to establish that it *is*
> > > supported...
>
> > I think that the prudent thing for Debian to do is to continue to
> > support the older kernel if that is the only way to ensure Xen support
> > for the users. I personally have a few servers running Xen that run
> > stable. If the support for Xen in a stable release is not suitable, I
> > would have to consider migrating those servers to some other distro. I
> > would really hate to have to do that.
>
> The distro used on dom0 is pretty uninteresting, given that part of the
> point of having Xen-style virtualization for servers is to a) be able to run
> different OSes in different guests, and b) not to run services in dom0.[1]
>
> If the Debian security team is unwilling or unable to provide support for a
> 2.6.18 kernel over the lifetime of lenny, I'm happy to see us let dom0 be
> Somebody Else's Problem. I'm certainly happier with that than having us
> /claim/ to support 2.6.18, have users rely on that claim, and then not be
> able to deliver.
>
While agree that from a technical standpoint, that distro is rather
uninteresting, I don't want to have increase the complexity of the
networks I administer by bringing yet another distro into the mix.

Regards,

-Roberto

--
Roberto C. Sánchez
http://people.connexer.com/~roberto
http://www.connexer.com
 
Old 07-13-2008, 07:02 PM
Guido Trotter
 
Default Xen status in lenny?

On Sat, Jul 12, 2008 at 06:01:30PM -0700, Steve Langasek wrote:

Hi,

> The distro used on dom0 is pretty uninteresting, given that part of the
> point of having Xen-style virtualization for servers is to a) be able to run
> different OSes in different guests, and b) not to run services in dom0.[1]
>

Agreed, we shouldn't support arbitrary dom0s, but it would be nice to have one
supported way to run dom0 in debian, be it etch or lenny... If we say "run dom0
in etch" at least can we have the limited etch needed for a dom0 to work blessed
with an extended support, if not support 2.6.18 in lenny?

Thanks,

Guido


--
To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
 
Old 07-14-2008, 12:12 PM
Loďc Minier
 
Default Xen status in lenny?

On Sat, Jul 12, 2008, Steve Langasek wrote:
> The distro used on dom0 is pretty uninteresting, given that part of the
> point of having Xen-style virtualization for servers is to a) be able to run
> different OSes in different guests, and b) not to run services in dom0.[1]

A recent kernel to support new expensive hardware which you just bought
for virtualization might be useful though. (However, I agree that
copying over an old kernel to use new a distro userland's with an old
kernel for a dom0 doesn't seem too useful.)

--
Loďc Minier


--
To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
 
Old 07-14-2008, 12:41 PM
Paul van der Vlis
 
Default Xen status in lenny?

Steve Langasek schreef:

> If the Debian security team is unwilling or unable to provide support for a
> 2.6.18 kernel over the lifetime of lenny, I'm happy to see us let dom0 be
> Somebody Else's Problem. I'm certainly happier with that than having us
> /claim/ to support 2.6.18, have users rely on that claim, and then not be
> able to deliver.

Maybe we can stop with etch-and-a-half. For the security-team is
supporting the etch-and-a-half kernel (2.6.24) a lot more work then
supporting the etch-kernel.

I think "etch-and-a-half" is a good idea, but the team is very late with
it. Too late when Lenny is in time, in my opinion.

With regards,
Paul van der Vlis.




--
http://www.vandervlis.nl/


--
To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
 
Old 07-14-2008, 03:12 PM
Gunnar Wolf
 
Default Xen status in lenny?

Paul van der Vlis dijo [Mon, Jul 14, 2008 at 02:41:20PM +0200]:
> Maybe we can stop with etch-and-a-half. For the security-team is
> supporting the etch-and-a-half kernel (2.6.24) a lot more work then
> supporting the etch-kernel.
>
> I think "etch-and-a-half" is a good idea, but the team is very late with
> it. Too late when Lenny is in time, in my opinion.

Keep in mind that Etch will be supported after one year after Lenny is
shipped. This means, there is still a large window for users to get
benefits from Etch-and-a-half. And as for Lenny-and-a-half, we might
even get back Xen dom0 support

--
Gunnar Wolf - gwolf@gwolf.org - (+52-55)5623-0154 / 1451-2244
PGP key 1024D/8BB527AF 2001-10-23
Fingerprint: 0C79 D2D1 2C4E 9CE4 5973 F800 D80E F35A 8BB5 27AF


--
To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
 
Old 07-14-2008, 05:32 PM
Luk Claes
 
Default Xen status in lenny?

Paul van der Vlis wrote:
> Steve Langasek schreef:
>
>> If the Debian security team is unwilling or unable to provide support for a
>> 2.6.18 kernel over the lifetime of lenny, I'm happy to see us let dom0 be
>> Somebody Else's Problem. I'm certainly happier with that than having us
>> /claim/ to support 2.6.18, have users rely on that claim, and then not be
>> able to deliver.
>
> Maybe we can stop with etch-and-a-half. For the security-team is
> supporting the etch-and-a-half kernel (2.6.24) a lot more work then
> supporting the etch-kernel.
>
> I think "etch-and-a-half" is a good idea, but the team is very late with
> it. Too late when Lenny is in time, in my opinion.

If we abandon it now, all trouble we went through didn't serve anything
and if we want to try it again, we kind of have to start over again. I
don't think we should stop it, rather make it happen soon.

Cheers

Luk


--
To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
 

Thread Tools




All times are GMT. The time now is 07:04 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright ©2007 - 2008, www.linux-archive.org