openssl

[John Dennis]

On 05/04/2010 06:21 PM, Josip Rodin wrote:
> On Tue, May 04, 2010 at 09:39:30PM +0100, Alan Buxey wrote:
>>> 3.) Install the the main FreeRADIUS package from there, for example with:
>>>          apt-get install -t lenny-backports freeradius
>>
>> alternatively, grab the source and build it yourself. the choice is yours.
>
> No, I think that is a false choice for these users. We should not be
> telling random newbies to take a route that has time and time again been
> demonstrated to be too complicated for them to handle, when they can easily
> use a more efficient method - install safe working binaries. That also has
> the benefit of keeping them in the loop for later updates from the same
> reliable channel. If they explicitly tell us that they already use Debian,
> then we can't have much reason to have them avoid these Debian-specific
> methods that accomplish our goals - to make these people happy users of FR.
>
> This is one fairly trivial bug, even if one knows very little about
> compiling source code - one just has to google, and/or read the official
> web site (wiki), and find that all they have to do is install that one
> package and restart the build process, and they're good - yet numerous users
> have sent an e-mail to the list saying it's been a showstopper for them.
>
> I do not see what is there to gain by telling these people to keep using
> a method they clearly do not understand enough to be able to solve a
> relatively easy problem with. Sure, they can apply this quick fix now, but
> will it help their FreeRADIUS experience, and in turn will it help
> FreeRADIUS? Isn't it better for all to get them past the installation phase
> as quickly as possible, and not have to rehash these tangential issues,
> when time could be better spent educating them about core issues such as
> FreeRADIUS configuration semantics, or RADIUS protocol issues?
>

+1

I completely agree. Building *and* installing FreeRADIUS from source 
requires technical skill that exceeds the technical competence of a 
significant proportion of the users on this list. One only needs to 
spend a short period here to see this is clearly the case.

I have to agree with Josip that whenever possible users should be 
directed to install pre-built packages with the advice to build it 
yourself being dispensed only with great care.

It would also help if we could converge on a stable release that's 
usable for a significant duration. Users are told to run the latest 
release, which may be only a few weeks or months old which makes it 
difficult for the distribution channels for pre-built binaries to keep 
up by always having the latest release available. Since it's often the 
case the latest release is not available in the distribution channel 
users are forced into building it themselves with all the bad results 
and frustration vented here. If we had a stable release I suspect a lot 
of this frustration would be mitigated.

-- 
John Dennis <jdennis at redhat.com>

Looking to carve out IT costs?
www.redhat.com/carveoutcosts/