not able to install FR 3.0.16+git in (pure) Debian 9
Fajar A. Nugraha
list at fajar.net
Sat Sep 9 06:11:21 CEST 2017
On Fri, Sep 8, 2017 at 11:55 PM, Alan DeKok <aland at deployingradius.com> wrote:
> On Sep 8, 2017, at 11:24 AM, Martin Pauly <pauly at hrz.uni-marburg.de> wrote:
>> IMO, there one good idea in the Debian approach:
>> Treat security fixes sperately from any functional changes.
>> No matter what improvements a new version brings, you almost
>> always want to have a stable, secure environment you can build
>> your next enhancement on.
> That's fine... but the result is that *we* take the hit of supporting their users who refuse to upgrade.
> There are people who complain about bugs, get told they're already fixed in newer versions, and then complain that they MUST use the upstream distribution.
> Well, if you won't upgrade and they won't support you, why is it *my* problem? Don't complain to me if you stapled your feet to the floor.
I think the problem arise because users see the debian directory, and
expect to build it successfully (i.e. following
https://wiki.freeradius.org/building/Debian-and-Ubuntu). But that
fails for debian 9.
IMHO some possible options are:
(a) add some instructions (e.g. on
like 'if you're absolutely sure you're using patched/non-vulnerable
versions of openssl, then you can edit these files manually, but don't
complain if it's broken", and so on. And point any
debian-package-related queries there. OR
(b) someone who cares-enough about having latest FR runs on debian
need to find better check methods (e.g. add versions known as safe,
etc). Possibly still include some instructions on the wiki (if user
still need to edit config files manually to remove additional version
(c) a volunteer steps up to maintain latest (unofficial) FR packages
for debian, to make it easier for other debian users. You could even
use github to host the repository, so no need to maintain your own
server. You'd basically just need time to maintain it.
More information about the Freeradius-Users