Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Next LTS should not have longer support than vendored components #8

Open
bastelfreak opened this issue Mar 26, 2024 · 4 comments
Open

Next LTS should not have longer support than vendored components #8

bastelfreak opened this issue Mar 26, 2024 · 4 comments
Labels
enhancement New feature or request

Comments

@bastelfreak
Copy link

Use Case

Puppet and so Puppet Enterprise vendors a few components. Mostly Ruby, OpenSSL, Curl. PE LTS is designed for enterprise environments. "enterprise" is a loose term, but often those are environments that have a requirements to not use EoL software and have vendor support.

In the past PE LTS didn't, and still doesn't, satisfy this. Right now (PE 2021) it heavily relies on Ruby 2.7 and that's dead since April 2022: https://www.ruby-lang.org/en/downloads/branches/

Describe the Solution You Would Like

I would like to see a LTS support timeframe that matches the timeframe for the vendored components.

Describe Alternatives You've Considered

I don't see any workarounds I could do as a partner nor the PE users.

Additional Context
@bastelfreak bastelfreak added the enhancement New feature or request label Mar 26, 2024
@bastelfreak bastelfreak mentioned this issue Mar 26, 2024
Closed
@joshcooper
Copy link

AFAIK the next PE LTS will consist of Ruby 3.2, OpenSSL 3.0 and Curl 8.

We won't be updating to Ruby 3.3 because we don't want to bump to a new Ruby version immediately prior to the next PE LTS and Ruby 3.3 introduces these incompatibilities:

OpenSSL 3.0 is the current LTS supported until 2026-09-07. OpenSSL 3.1 and 3.2 are non-LTS releases and will EOL in 2025.

We plan on migrating to Curl 8.x

@bastelfreak
Copy link
Author

But how long will Puppet support the next PE LTS?

@binford2k
Copy link
Contributor

I agree with what you're suggesting, but I would also say that support for a product that vendors components or frameworks also implicitly includes support for those components or frameworks.

@bastelfreak
Copy link
Author

yes I totally agree. But the point is Perforce cannot offer this. How do you want to support stuff like Ruby 2.7 in PE 2021? That's just dead upstream. RedHat does that since years where they claim to support ancient software in their RHEL7 or RHEL8 releases and claim to 'we will backport every bugfix for years'. Yes but in the majority of the projects patches aren't flagged properly if they are a bugfix. Even rarer are patches that are explicitly flagged as security related. And if it's dead upstream you get no patches at all.

I don't see how Perforce can offer support for those vendored components. Because of that I suggest to change the LTS periods to only vendor components that are still supported upstream.

@bastelfreak bastelfreak mentioned this issue May 9, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@bastelfreak @joshcooper @binford2k