not able to install FR 3.0.16+git in (pure) Debian 9

Fajar A. Nugraha list at fajar.net
Sat Sep 9 06:11:21 CEST 2017


On Fri, Sep 8, 2017 at 11:55 PM, Alan DeKok <aland at deployingradius.com> wrote:
> On Sep 8, 2017, at 11:24 AM, Martin Pauly <pauly at hrz.uni-marburg.de> wrote:
>>
>> IMO, there one good idea in the Debian approach:
>> Treat security fixes sperately from any functional changes.
>> No matter what improvements a new version brings, you almost
>> always want to have a stable, secure environment you can build
>> your next enhancement on.
>
>   That's fine... but the result is that *we* take the hit of supporting their users who refuse to upgrade.
>
>   There are people who complain about bugs, get told they're already fixed in newer versions, and then complain that they MUST use the upstream distribution.
>
>   Well, if you won't upgrade and they won't support you, why is it *my* problem?  Don't complain to me if you stapled your feet to the floor.


I think the problem arise because users see the debian directory, and
expect to build it successfully (i.e. following
https://wiki.freeradius.org/building/Debian-and-Ubuntu). But that
fails for debian 9.

IMHO some possible options are:
(a) add some instructions (e.g. on
https://wiki.freeradius.org/building/Debian-and-Ubuntu), something
like 'if you're absolutely sure you're using patched/non-vulnerable
versions of openssl, then you can edit these files manually, but don't
complain if it's broken", and so on. And point any
debian-package-related queries there. OR

(b) someone who cares-enough about having latest FR runs on debian
need to find better check methods (e.g. add versions known as safe,
etc). Possibly still include some instructions on the wiki (if user
still need to edit config files manually to remove additional version
checks). OR

(c) a volunteer steps up to maintain latest (unofficial) FR packages
for debian, to make it easier for other debian users. You could even
use github to host the repository, so no need to maintain your own
server. You'd basically just need time to maintain it.

-- 
Fajar


More information about the Freeradius-Users mailing list