Nethserver future version 7

Please Note: This will be the last regular release of the PHP 5.3 series. All users of PHP are encouraged to upgrade to PHP 5.4 or PHP 5.5. The PHP 5.3 series will receive only security fixes for the next year.

Posted on php.net over 2 years ago.

I would argue that while a rock solid distro base is important for a production server… so are secure components…

you missed a point: RH backports all security fixes on its products during all the OS release support lifetime

RH is rock solid… and I advice you and many others here not to “read” the rpm’s version number only but to read their release notice too.

in another words: php 5.3 you find in NS is not plain vainlla php 5.3 coming from php.net

Yes, but.

What about other software that moves on? Like Drupal, ownCloud?
When they build on something, their own security related updates fall off as they eol their own support for versions that work with other underlying, older packages.

Obviously, one can run php 5.4 alongside 5.3, but, that’s certainly not supported by the underlying distro and who knows what breaks. We already saw what happened with oC 7.0.6, fortunately that wasn’t catastrophic especially as intergrated as oC is in NS, but…

my 2c: using on an wan exposed server a bleeding edge version of any kind of web app that needs the last release of $whatever is not a smart idea…

on NS, for example, WP works flawlessy… I don’t use joomla, but I read somewhere that it needs a newer version of php…

if you (generally speaking) need such a feature, a small, minimal virtual machine running only what needed is the solution… I’ll never install anything that could break my server just because my webmaster said it needs latest joomla version…

and, I repeat, generally speaking, “bleeding edge release” and “wan exposed machine” in the same sentence without a negation is not a good idea.

I get the impression your idea of bleeding edge is anything less than two years from its first release, because we’re talking about software like oC here.
It’s not like anyone in computing I’ve ever talked to would refer to openssl as bleeding anything, but they’d certainly refer to that code pile as a steaming something…

Ok, well I’ve got a pretty good idea now where this distro fits into my tool set for clients. Cool.

We’aren’t talking about apps but talking about the upstream CentOs 7.0 & 7.1, the “core”, the base of Nethserver.

I’ve used bleeding age about Fedora, not about CentOS :smile:

Centos 7 and 7.1 are out one year ago now… Can we hope it’s old and stable enought to think about a Nethserver 7.1 version?

I understand core as opposed to apps, modules, etc.

My point is the most robust server in the world is worth squat without some useful apps, modules, whatever, now I keep using oC as an example but it’s a relevant example of what makes the server useful. oC depends on other modules, libraries, in NS’s case, apache, php, openssl, samba, etc, etc, as oC advances it’s requirements, like php as the most relevant example, NS becomes less and less of an option because it can’t support an application’s advances.

I’m sure I’m not saying anything the devs don’t understand better than I do, and for me, if I need an oC install, obviously now, I’m not going to use NS, I’ll just clone yet another one of the Ubuntu vms I built, sure, it’d be spiffy if I could use NS for an oC install, but I don’t feel it fits, not from a support standpoint.

As it is I can see that my thoughts don’t align with anyone else’s here, so I’m just going to let this go, it’s your baby.

I’m working on NethServer 7, but I’m alone and I can’t progress a lot.
I’m sharing here my todo list hoping to find help.

  • try to improve eth interface handling
  • rename eth interfaces as roles (green, redX, etc)
  • bonding -> teaming
  • iptables -> firewalld -> shorewall only
  • always install dnsmasq and shorewall
  • remove nethserver-devbox
  • use xfs instead of ext4
  • evaluate upgrade assistant for 6->7
  • kimchi instead of webvirtmgr?
1 Like

Just my opinion… :smile:
New versions does not mean “bleeding edge”. Old version does not mean “Stable and rock solid”.
It is a trade-off. I’ve also applied the rule “If it is not broken don’t fix it” but it is not true all the time.

For example I’ve used Clear OS stable on a server with wan connected to internet. And it so happened that it got hacked.
Why? because the software was not updated to the newest version. All the focus was on the new version of C.O. and the fixes were announced to be available in the new release… but the current release did not get the fixes.

Anyway. I suggest to not confuse new versions of software, with bleeding edge software technology.
Also we must not base our trust on the “proven” technology just because it works. Because it can work very well with the malicious code inside it :smile:.

Also Development versions Like Alpha, Beta and RC’s, are to be used in testing env. not in production.
After all, if we keep using “proven technology” we will not advance and the dev’s. work for will be for nothing.

If there is a Stable version released we should be going forward with it and use it. Test it, then make a pre update stage and finally make the upgrade.

As my conclusion goes. If a new software was released as “stable”, we should go with it and make the steps to upgrade.

Best regards
Bogdan

1 Like

Hi Filippo,
Hi everybody,

May I suggest some things to add for the new version, like:

  • because I understand that samba 4 will not be use (that means no AD), maybe the effort may go to UTM. NS has a good web proxy/filter which can be improved, has a good POP3/SMTP proxy/filter which can be also improved. By the way, can you change the label “Email” to “SMTP proxy” or “Email and SMTP proxy” in Configuration?
  • Jim’s ideas to improve the WebGUI.
  • Ctek’s Backup.
  • Filippo’s GeoIP support and Mailserver stats (Mailgraph and AWstats).
  • Nas 's ideas.
    -…

and the list may be completed.

I know it’s not easy but …

Please don’t kill me!

Kind regards,
Gabriel

1 Like

I’m really surprise to know that you`re alone Filippo.

I don’t know if we are numerous here but its seem that its the time to organize the community.
To know who can help for which task ( core / webgui / documentation / evangelism ).

Centos 7 have a lot of change with systemd, firewalld, name interface, xfs…
It`s a big challenge for one person.

2 Likes

That’s a great list, could you explain better your points? You could open a dev discussion for each of them, maybe there are folks who’d like lend a hand and discuss details. What about?

How? Please open a new topic with specific proposals :wink:

Why? Please, open a new topic and try to explain as best as possible how and why

Why am I here? :smile: happy to read about your excitement, I tried to organize as best as possible with small team:
New NethServer Teams
many of them are working hard (testing and translations for example) not all members active here though.
Do you have any suggestion? Please reply to such topic! How can you help the community?

That’s another great starting point:

Hi Alessio,

First of all, I apologize that I have not response in the last two days but I’m in the middle of a project and I don’t have much free time.

Anyway, yesterday I managed to install NS 6.7 from ISO, like I promised here: NethServer vs Endian.

Soon I will return with details and answers to all questions.

Kind regards,

Gabriel

1 Like

I plan to resume work on NethServer 7 next week. My current todo list is a bit longer than the one posted above, but I’m unsure on how to proceed: try to release as early as possible 7 which the same functions of 6 or implement new features before closing 7?
The first option has some advantages: you know that 7 should behave as 6, so everything not matching will probably be a bug. If we add features we will not know if it’s a new bug coming from CentOS 7 or something we did wrong in NethServer.
Do you know Intel tick-tock model ( https://en.wikipedia.org/wiki/Intel_Tick-Tock )?

We could try to set two goals:

  1. 7 with the same features of 6
  2. new features exclusive to 7

We could name step 1 as 7 beta, but at the end we will have a stable software and I think that nobody will install a release with the word “beta” in its name, so we will probably miss some bugs.
On the other hand, why install 7 if it behaves like 6?
We could catch bugs later in the release cycle, so maybe my fears are unfounded.

If everybody agrees on a roadmap, we could set some milestones and have a stable release sooner.

Share your opinions or state “I will test 7 beta”, please. :smile:

5 Likes

Why? Because:

“I will test 7 beta” anyway! :grinning:

2 Likes

I think the fastest and better way is to go to 7 with the same featuers
,and then lately add the exclusive, just having the new librarys, php etc
will worth it.

I’ll test it, of course.

2 Likes

i agree, with you and i like the tick-tock model.
For me the “tick” is to release as early as possible 7 which the same functions of 6, then “tock” to implement new features could be also the 7.1.
I’m not a dev, but switching from centos 6 to 7 is from my point of view, already an hard work… so i think a good path could be:

  1. switch to c7 and release ns7, take some time to be sure that all is still rock solid as before, wait for contribs to be ported to ns7
  2. implement new features in 7.1

but it any case i think it’s better upgrade to 7 before implement new features… and i will test 7 alpha, beta or whatever :slight_smile:

1 Like

I agree the best way is to have the tick-tock model.
I’ve talked about this as a release model previously with @alefattorini.

Having the 7.0 as a rock solid platform is the best solution I see so far. I agree with @dz00te, @mabeleira, @GG_jr and the others in this

The x.1 x.3 x.5 can have the extra features and x.0, x.2, x.4 to be the stable relese

Maybe we should vote for this ? :smile:

BR
Bogdan

1 Like

I’m definitely right behind the tick-tock idea, planning 7.1 features as from now

1 Like