FreeBSD for webserver?

[Gonzalo Nemmi]

On Wednesday 23 July 2008 21:03:36 Ted Mittelstaedt wrote:
> > -----Original Message-----
> > From: owner-freebsd-questions at freebsd.org
> > [mailto:owner-freebsd-questions at freebsd.org]On Behalf Of Gonzalo Nemmi
> > Sent: Wednesday, July 23, 2008 1:02 AM
> > To: freebsd-questions at freebsd.org
> > Subject: Re: FreeBSD for webserver?
> >
> > On Wednesday 23 July 2008 03:47:04 Ted Mittelstaedt wrote:
> > > > This seems to be a common misperception about ports.  Ports
> > > > aren't something
> > > > magical.  They do exactly what you would do from the commandline
> > > > (i.e. ./configure, make, make install), except they come with
> >
> > several bonuses.
> >
> > > > 1) The port maintainer has already worked out all the quirks to
> > > > make it compile
> > > > and install properly on FreeBSD.  2) The port maintainer has
> > > > already supplied
> > > > patches that allow the software to build correctly on FreeBSD.
> > > > 3) All the
> > > > dependencies are already taken care of.  4) Upgrading is
> >
> > quite simple and
> >
> > > > straightforward.  5) The software is now
> > > > architechture-independent (in most
> > > > cases), meaning you can move from Intel to AMD (for example)
> > > > without having to
> > > > worry that the software will no longer build and you'll have to
> > > > start from
> > > > scratch again.
> > > >
> > > > For example, I decided today that I wanted to try out some
> >
> > software named
> >
> > > > "arguseye".  So I downloaded and untarred the program.  I
> >
> > looked at the
> >
> > > > dependencies.  It requires a number of perl modules, some of
> > > > which are not in
> > > > ports.  So, I just created three new perl ports to satisfy those
> > > > dependencies
> > > > and submitted them this afternoon.
> > > >
> > > > Once those are accepted into the tree, I'll create the arguseye
> > > > port and submit
> > > > it as well.  Then, when someone else wants to install arguseye,
> > > > all they will
> > > > have to do is type "make install clean" in the port directory and
> > > > everything
> > > > that they need will be installed for them.
> > > >
> > > > Unless you're a glutton for punishment, why would you do all that
> > > > yourself?
> > >
> > > Because maybe you don't care for the porter's choice of defaults.
> > >
> > > Many programs come with hard-coded defaults that are modified
> > > in a config file.  For example cistron-radius.  Another example
> > > is the dspam port.  The porter for that insisted on using a
> > > default of apache vhost.  However the default apache port does
> > > not activate this.  I don't give a rat's ass that vhost is
> > > supposedly more secure.  Another one that always pisses me off
> > > is the porter's choice in building uw-imap to turn off plaintext
> > > passwords.  And the default for pine is also to turn off
> > > plaintext support.
> > >
> > > Another problem is that not all porters are good about maintaining
> > > their ports.  For example icradius.  Someone spent a lot of time
> > > creating the port for that.  Then just let it die.  Another is
> > > the open source ingres database.  Julian ported that one then
> > > lost interest, it died sometime around FBSD 4.X
> > >
> > > Another problem with ports is that all of them like pulling the
> > > original source from the author's site.  I've had a few where the
> > > author released the code under GPL then a few years later lost
> > > interest, stopped paying whatever ISP he had the main site for
> > > the program at, and the porter also lost interest in the project
> > > and never bothered obtaining the last available tarfile from
> > > the authors site and uploading it to freebsd, then both disappeared.
> > > Another one I can recall is the gated code, similar issue.
> > >
> > > The fundamental achillies heel of the ports system is it makes
> > > the assumption that every package in the ports system is popular
> > > and will be supported for the indefinite future by the original
> > > package developer.  The ports system counts on this insofar that
> > > it assumes that if the original porter loses interest and stops
> > > tracking the master site, that someone else will step in and
> > > assume responsibility for maintaining the port.
> > >
> > > The reality is that in every release of FreeBSD, some ports go
> > > wanting for sponsors, and nobody steps forward and so when the
> > > port stops building, the FreeBSD maintainers simply cut it out
> > > of the ports tree, plus anything dependent on it.
> > >
> > > This assumption is fine for people running vanilla apache or
> > > whatever systems, which is most people.  But, if your doing
> > > anything that isn't plain-jane middle of the road, you better
> > > assume that if your using a series of ports, to make detailed
> > > notes, and save the ports, and save the patches, and save
> > > the distfiles.  You may need to see how they did it in an
> > > older FreeBSD system when a new version of FreeBSD comes out
> > > that is missing one or more of the ports you depend on.
> > >
> > > Ultimately, ports isn't any different than most other things.
> > > When it's properly executed it's great.  But proper execution
> > > of the entire thing depends on every porter who has an active
> > > port in the system doing the right thing, and there's so many of
> > > them that statistically, some of them are going to be flakes.
> > >
> > > Ultimately, if your going to be a server admin, you need to
> > > know how to build your applications without ports.
> > >
> > > It's no different than, for example, I know how to pour and
> > > form concrete, I know how to plumb pipes.  But if I needed
> > > concrete poured, or pipes plumbed, I would call a contractor
> > > and a plumber, and because I know how to do these things I
> > > would be able to keep an eye on what the people I hired
> > > were doing and know if they were doing what they were supposed
> > > to be doing, or if they were incompetents.
> > >
> > > The folks that depend utterly on ports and have no notion of
> > > how to build it manually, are like the people who don't know
> > > how to pour concrete or plumb pipes, and who hire a mason and
> > > a plumber anyway.  They think they are having their concrete
> > > and pipes done, but in reality they have no clue if the
> > > work is really being done properly or not.  And, years later
> > > that concrete may be cracked and the pipes leaking, and
> > > they have no clue if it was due to crap work or something else.
> > >
> > > Ted
> > >
> > > _______________________________________________
> > > freebsd-questions at freebsd.org mailing list
> > > http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> > > To unsubscribe, send any mail to
> > > "freebsd-questions-unsubscribe at freebsd.org"
> >
> > Ted, with all due respect, you do have pointed out some valid
> > points .. yet,
> > there is a mailig list for that matter...
> >
> > http://lists.freebsd.org/mailman/listinfo/freebsd-ports
> >
> > you seem to be pretty knowledgable about certain aspects that
> > others don't
> > even came across simply because we don't run into those problems
> > because we
> > don't need or use a given piece of software ...
>
> Your taking quite a leap to be speaking for "we" on this list,

Not really .. unless you take that "we" as an absolute... meaning "everyone in 
this list except Ted Mittelstaedt", which would be a pretty unusual 
interpretation of the word, then no .. i don't feel I took quite that 
leap ...

> are you quite sure that everyone else does not run into these
> problems? ;-)

The ports you referenced were, mainly:
cistron-radius
icradius
dspam
uw-imap
pine

.. so .. yes .. I'm pretty positive about the fact that a lot of the members 
of this list (which is usually the first list that newcomers/desktop 
users/occasional users/and the like come to for answers) do not run into the 
quirks of said ports. As a matter of fact (and maybe even as a proof of my 
observation) I have a fully functional FreeBSD 7 RELEASE, a non of those 
ports installed .. 

Hence .. it was safe to use "we" from my point of view ... yet .. it's on our 
right to choose the prism we'll use to examine the object of our studies ... 
and utterly: reality itself :) ...
 

> What I was speaking about is a structural issue that is not a
> problem with ports per-se, it is a problem with how ports are USED.
>
> Ports is a great tool, I can't speak highly enough of it.  However
> like ALL tools, if not used properly it will not work very well
>
> It does not help to jump on the ports mailing list and bitch about
> how people use the tool.

Agreed .. and I'll take the responsability to take that statement a step 
forward and add to that, that it actually does not help to jump on the ports 
nor to any other mailing list and bitch about anything ...

The problem is not the list ... the problem is the bitching ..


> The folks that built ports cannot control 
> if a porter loses interest in his port and nobody else picks it
> up.

Fact

> They cannot write a technical fix for this, it is a human problem. 
> However that human, not software, problem will affect YOU if you
> happen to be using that port, just as sure as a technical software
> build problem in the port manager would.

Fact

> Like all things in life it is fine as long as you understand what
> your doing and all the implications of using a prewritten set of
> instructions.  But there is more to the eye than just CD
> /usr/ports/whatever and typing make install, and folks on this list that
> just say that is all there is to it are doing a disservice to a newbie.

Fact again .. and to be honest .. I never disagreed with those .. or said 
contrary to that ...

> > It's my experience ( and of course, YMMV ...) that por
> > maintainers do answer
> > e-mails and fix stuff when asked to do so .. It happened to me at least
> > :)
>
> Most do but not all.  As I said there is always a list of ports in
> every BSD release that
> the mangers drop as a result of the port maintainer not responding
> to e-mails to fix a build.

Sure thing .. 
I have yet to find an absolute in life ...
And again .. I told you .. "you do have pointed out some valid points" ...
Those we just went through are some of them.

> > Yet, some (maybe even most) of your observations still stand true ...
> >
> > Whoever .. as it has been criteriously pointed out by Paul Schmehl:
> >
> > "There are certainly special cases where compiling from source is
> > preferable, especially if you have a highly customized installation, but
> > those are the exceptions rather than the rule."
> >
> > And I do agree with that statement ... to put it simple:
> > exceptions can never
> > be taken as a basis for general rule ...
>
> Which is why I said that "this assumption is fine for people running
> vanilla apache or whatever systems, which is most people."
>
> > Still, should you be kind enough .. I'd like to invite you to post those
> > issues on freebsd-ports for all of us to know about them and then be in a
> > position to discuss those issues in due time .. because evetually
> > ... those
> > will bite some of us sooner or later ...
>
> Any experienced FreeBSD porter already knows about this.  And there is
> no fix other than to attempt to force people to take over ports that
> are abandonded, which wouldn't work and is certainly contrary to the
> FreeBSD spirit.  Essentially this is a problem that affects ANY open
> source package including Linux, so it's not really on topic in a
> narrow group like ports.  It's just something to be aware of when
> using ports, or any OSS, just like you have to be aware of the Microsoft
> Product Lifecycle if you use Windows.

So .. we seem to have two roads ahead:

1) Do nothing about it .. After all any experienced FreeBSD porter already 
knows about this, yet the problems still stand the test of time ..
2) Bring it into the table (the right table being the ports mailing list) once 
and again until somebody stands up and fixes it ...

I'm going for option number 2 ... unless people keep reminding each other 
about a broken/abandoned/outdated/unameit port, there's little to no chance 
that a new "porter" wannabe (or an experienced porter ... who already has 
enough of a burden with his own ports .. ) has the chance to take over it ... 
I have the gut feeling that it's pretty much a safe assumption to say that 
nobody is going over every port looking for outdated sources/misssing 
patches/how to improve defaults/compatibility issues, etc, etc, etc ...

See Ted ... everybody knows Pepsi and Coke (just to name too of the thousands 
of corporations I could mention ), yet both corporations spend millons of 
dollars on publicity every single year ... once, and again, and again, and 
again ... Why would they do that? Why would _huge_ corporations spend millons 
on advertising a product we all know since as far back in time as we can 
remember? are they stupid ? do they need to burn cash for no reason at all or 
something?? Why would they keep getting their names into the table? ... 

There's an easy answer for that one .. they don't want anybody to forget about 
them .. everyday comes with a newborn .. and every Pepsi guy can switch to 
Coke and viceversa ... they need to be on the table no matter what ... 
beacuse they know that "they" need to reach you and not the other way 
around ...

Having guys like you pointing this kind of things out is a good thing .. it 
reminds the rest of the porters about a given problem and at the same time it 
informs new porters wannabes and newcomers about a given problem that they 
potentially may want to solve .. ;)

How would you know that "fretsonfire",  "glewpy", "linux-quake4", etc, don't 
work unless I tell you? Well you could go over every single port checking for 
problems ... or have me telling it once and again until somebody fixes it ..

To be honest ... I really can't  picture anybody going port over port checking 
for problems ... but I can see me telling it on a public list once and again 
for averyone to know .. like I did in the past (should you care to take a 
look at the list archive's ).. and like I just did once again on the 
precedent paragraph :)

Once again .. with all due respect: that was the point of my answer ...

-- 
Blessings
Gonzalo Nemmi