[Pkg-openldap-devel] Bug#725091: Bug#725091: slapd with memory leak in active sync

Quanah Gibson-Mount quanah at zimbra.com
Tue Oct 1 21:53:43 UTC 2013 

--On Tuesday, October 01, 2013 2:33 PM -0700 Steve Langasek 
<vorlon at debian.org> wrote:
> Ten years of experience with this package shows me that there is no reason
> to expect the new versions upstream recommends to be any less buggy than
> the old ones you constantly slag Debian in our own BTS for shipping.

Yes, shockingly, software evolves over time.  And depending on the feature, 
yes, some things have had issues needing to be resolved more than others. 
Has back-bdb/hdb been stable for a long time? Yes.  I've back-bdb since 
2.2, and back-hdb since 2.3 on.  Has MMR been stable?  Not particularly. 
Delta-syncrepl MMR (Introduced in 2.4.27) has been quite stable, however. 
Essentially if Debian even had 2.4.33 rather than 2.4.31 available, then I 
doubt you'd see much if any traffic on bugs, as long as the end user used 
delta-syncrepl MMR if they were doing multi-master.


> As for that FAQ, Russ is entitled to his opinion about the best way to
> deploy an OpenLDAP server, as are you.  But Russ is no longer a
> comaintainer of this package in Debian, and it is patently *false* to say
> that the distribution packages are not *meant* to be used for production
> services.

If this is false, I've yet to see any evidence of Debian being capable of 
producing a package suitable for running a production service.  As I said 
before, if Debian can do that, then I'll stop telling people to stop using 
it.  This is no different than what I tell people running RHEL, SLES, etc. 
I'm really not aware of *any* distribution that can competently provide an 
OpenLDAP package to its community.  RHEL is many ways is *much* worse than 
Debian, not only because of the age of their product, but because they also 
link to the god-awful MozNSS libraries.  GnuTLS is at least a step up from 
that.

> Your persistent badmouthing of Debian, its package maintainers, and its
> processes in our own bug tracker is absolutely uncalled for.  If you
> aren't actually interested in helping Debian improve its packages, then
> just go away.

I'm trying to provide worthwhile advice to someone experiencing problems 
directly related to using the Debian package.  As long as Debian only has 
2.4.31 available to its users, then the *only* reasonable advise is to not 
use that package.  Period.  If you are blind to that *fact* I cannot help 
that.  If you want to do something about it, since you *are* one of the 
packagers, then backport a newer version.

Either way, you're picking a fight where there isn't one, and you have the 
ability to resolve the issue for all your users.

--Quanah


--

Quanah Gibson-Mount
Architect - Server
Zimbra Software, LLC
--------------------
Zimbra ::  the leader in open source messaging and collaboration

More information about the Pkg-openldap-devel mailing list