Greetings.
When ansible 2.0 was released there were some changes in playbook handling made. For this reason, we created a backwards compatible package with ansible 1.9 to ease the transition for those that needed more time to adjust their playbooks.
Late last year it looked like there would be a final release in the 1.9 series addressing some security issues. However, the most recent round of security issues found in 2.x are difficult to impossible to backport to 1.9 so there will not be a final 1.9 release.
Since it has now been 1 year since ansible 2.0 was released, and since ansible 1.9 has known security vulnerabilities, backporting fixes is impossible, we will be retiring the ansible1.9 package from EPEL.
All ansible 1.9 users are urged to update to 2.x as soon as possible.
kevin
_______________________________________________ epel-announce mailing list -- epel-announce@lists.fedoraproject.org To unsubscribe send an email to epel-announce-leave@lists.fedoraproject.org
On Thu, Jan 12, 2017 at 8:44 PM, Kevin Fenzi kevin@scrye.com wrote:
Greetings.
When ansible 2.0 was released there were some changes in playbook handling made. For this reason, we created a backwards compatible package with ansible 1.9 to ease the transition for those that needed more time to adjust their playbooks.
Late last year it looked like there would be a final release in the 1.9 series addressing some security issues. However, the most recent round of security issues found in 2.x are difficult to impossible to backport to 1.9 so there will not be a final 1.9 release.
Since it has now been 1 year since ansible 2.0 was released, and since ansible 1.9 has known security vulnerabilities, backporting fixes is impossible, we will be retiring the ansible1.9 package from EPEL.
All ansible 1.9 users are urged to update to 2.x as soon as possible.
Will the mainline 2 package obsolete the old package to ensure it doesn''t hang around?
On Fri, 13 Jan 2017 00:18:09 +0000 Peter Robinson pbrobinson@gmail.com wrote:
On Thu, Jan 12, 2017 at 8:44 PM, Kevin Fenzi kevin@scrye.com wrote:
Greetings.
When ansible 2.0 was released there were some changes in playbook handling made. For this reason, we created a backwards compatible package with ansible 1.9 to ease the transition for those that needed more time to adjust their playbooks.
Late last year it looked like there would be a final release in the 1.9 series addressing some security issues. However, the most recent round of security issues found in 2.x are difficult to impossible to backport to 1.9 so there will not be a final 1.9 release.
Since it has now been 1 year since ansible 2.0 was released, and since ansible 1.9 has known security vulnerabilities, backporting fixes is impossible, we will be retiring the ansible1.9 package from EPEL.
All ansible 1.9 users are urged to update to 2.x as soon as possible.
Will the mainline 2 package obsolete the old package to ensure it doesn''t hang around?
Well, I am a bit leary of doing that. There may be people using the 1.9 packages that are aware of the security issues and still wish to keep using it longer for whatever reasons.
kevin
On 13 Jan 2017 11:59 pm, "Kevin Fenzi" kevin@scrye.com wrote:
On Fri, 13 Jan 2017 00:18:09 +0000 Peter Robinson pbrobinson@gmail.com wrote:
On Thu, Jan 12, 2017 at 8:44 PM, Kevin Fenzi kevin@scrye.com wrote:
Greetings.
When ansible 2.0 was released there were some changes in playbook handling made. For this reason, we created a backwards compatible package with ansible 1.9 to ease the transition for those that needed more time to adjust their playbooks.
Late last year it looked like there would be a final release in the 1.9 series addressing some security issues. However, the most recent round of security issues found in 2.x are difficult to impossible to backport to 1.9 so there will not be a final 1.9 release.
Since it has now been 1 year since ansible 2.0 was released, and since ansible 1.9 has known security vulnerabilities, backporting fixes is impossible, we will be retiring the ansible1.9 package from EPEL.
All ansible 1.9 users are urged to update to 2.x as soon as possible.
Will the mainline 2 package obsolete the old package to ensure it doesn''t hang around?
Well, I am a bit leary of doing that. There may be people using the 1.9 packages that are aware of the security issues and still wish to keep using it longer for whatever reasons.
It's been a year already... If they really want to do that they they can just not install the update or configure their system to exclude ansible.
When you retire it'll vanish from the EPEL mirrors anyway due to the east we handle that so they'd have to get ansible19 from koji anyway for future installs, or make an internal repo with it... In which case they'll be configuring their systems for it.
It's not like they'll get any support for 1.9 in any way from Fedora, EPEL or upstream after all.
Obsoleting does make a lot of sense to me.
I am -1 to obsoleting from the experience of what happened in the past with other deployment or configuration management systems do that. It will break large systems and it will break small systems and it won't 'fix' any systems that anyone will tell you about.
So after an update all anyone will see if they google ansible will be "Ansible broke my system" just like they did when someone did the same thing with cfengine, puppet or chef. Yes these sites aren't going to get any support if they say they are are on ansible 1.9 but they inevitably feel they got less support when they say "My system got updated to ansible 2.2 and nothing works..."
For splits like this, I would just push out a final ansible package which has in its description and a README.EOL "This package is EOL and no longer supported. It will be removed from the EPEL repositories around 2017-02-28. Please plan on upgrading your systems to the latest ansible."
On 14 January 2017 at 16:20, James Hogarth james.hogarth@gmail.com wrote:
On 13 Jan 2017 11:59 pm, "Kevin Fenzi" kevin@scrye.com wrote:
On Fri, 13 Jan 2017 00:18:09 +0000 Peter Robinson pbrobinson@gmail.com wrote:
On Thu, Jan 12, 2017 at 8:44 PM, Kevin Fenzi kevin@scrye.com wrote:
Greetings.
When ansible 2.0 was released there were some changes in playbook handling made. For this reason, we created a backwards compatible package with ansible 1.9 to ease the transition for those that needed more time to adjust their playbooks.
Late last year it looked like there would be a final release in the 1.9 series addressing some security issues. However, the most recent round of security issues found in 2.x are difficult to impossible to backport to 1.9 so there will not be a final 1.9 release.
Since it has now been 1 year since ansible 2.0 was released, and since ansible 1.9 has known security vulnerabilities, backporting fixes is impossible, we will be retiring the ansible1.9 package from EPEL.
All ansible 1.9 users are urged to update to 2.x as soon as possible.
Will the mainline 2 package obsolete the old package to ensure it doesn''t hang around?
Well, I am a bit leary of doing that. There may be people using the 1.9 packages that are aware of the security issues and still wish to keep using it longer for whatever reasons.
It's been a year already... If they really want to do that they they can just not install the update or configure their system to exclude ansible.
When you retire it'll vanish from the EPEL mirrors anyway due to the east we handle that so they'd have to get ansible19 from koji anyway for future installs, or make an internal repo with it... In which case they'll be configuring their systems for it.
It's not like they'll get any support for 1.9 in any way from Fedora, EPEL or upstream after all.
Obsoleting does make a lot of sense to me.
epel-devel mailing list -- epel-devel@lists.fedoraproject.org To unsubscribe send an email to epel-devel-leave@lists.fedoraproject.org
So, I also talked with upstream here... and they didn't seem in favor of obsoleting either. It's just another annoyance for someone stuck with 1.9 for whatever good or bad reason.
I suspect (but have no way of knowing) that there really are not too many 1.9 users anyhow. It would have taken them knowing that that package existed and explicitly removing the ansible package and installing it.
kevin
epel-devel@lists.fedoraproject.org
-
James Hogarth -
Kevin Fenzi -
Peter Robinson -
Stephen John Smoogen