Interim plan to move away from the mongo tarball

Gustavo Niemeyer gustavo.niemeyer at canonical.com
Wed Mar 27 20:29:28 UTC 2013 

A solution has been mentioned in this thread that is both simple and
works, and is apparently being ignored in your coverage.

It's worrisome that every conversation is quickly being thrown under
the "we don't have time" bandwagon lately. If you're in such a hurry,
you can do nothing rather than half-baking a solution that has seen
little discussion and has known real problems being ignored. What
exists today isn't perfect but works, and if you can't spare the time
to build a tarball with binaries, nothing else will do.


On Mar 27, 2013 4:21 PM, "Mark Ramm"
<mark.ramm-christensen at canonical.com> wrote:
>
> On 03/26/2013 09:50 AM, Gustavo Niemeyer wrote:
>>
>> On Tue, Mar 26, 2013 at 11:26 AM, James Page <james.page at canonical.com> wrote:
>>>
>>> The agreed version of MongoDB (currently 2.2.3) will be backported to
>>> precise and quantal; its still not in main so fixes right now would be
>>> driven through the Ubuntu server team (rather than from security team
>>> for example) - but they should be fixes, not upgrades :-).  I'm hoping
>>
>> That's exactly my concern. So what's the plan to maintain a single
>> version across all of the releases?  Let's say we want to use 2.4 by
>> 13.10.. how will we get 2.4 into Precise?
>
>
> If necessary we can add a PPA at cloud init time to address this issue, or fall back to putting things in a public bucket -- but the mantanance of the public bucket tools  across clouds and OS releases is already a problem that we don't have time to solve properly. (See all the threads about HP Tools in the main juju list) by 13.04, so I am hesitant to suggest that reverting to that would make things easier in the short term.   And nothing we are doing now commits us to a long term position on this issue, so for the sake of making the release, I think we have to go forward as Dave has described.
>
> But if we are asking theoretical questions, do we expect that the Mongo 2.4 tarball will work equally on all past and future Ubuntu versions? What would we do if we needed to apply a OS version specific bugfix or security release?
>
> Other questions which have been raised are: What's the Juju policy on security issues in Mongo, how is that coordinated with the security team?
>
> IMHO, There are almost certianly good answers to these questions, but given that we have a known working solution that gets this moving forward, and allows for us to easily change in the future, I am hesitant to get tied up in long discussions on these issues at the moment.
>
> --Mark Ramm

More information about the Juju-dev mailing list