[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: BDB selection, et al.




---- Original message ----
>Date: Sat, 19 Jul 2008 04:33:46 -0700
>From: Howard Chu <hyc@symas.com>  
>Subject: Re: BDB selection, et al.  
>To: Quanah Gibson-Mount <quanah@zimbra.com>
>Cc: William Jojo <jojowil@hvcc.edu>,openldap-technical@openldap.org
>
>Quanah Gibson-Mount wrote:
>> --On Friday, July 18, 2008 9:11 PM -0400 William Jojo<jojowil@hvcc.edu>
>> wrote:
>
>>> I have noticed that the Symas packages user BDB 4.2 (with 2.3.42) as does
>>> Ubuntu with 2.4.9+. I was wondering what the preference is over 4.4
>>> (which I use) and 4.[67].
>>
>> 4.2.52 + patches has the longest history of being solid.
>>
>> 4.3 was a disaster
>>
>> 4.4 was likely okay
>>
>> 4.5 was likely okay
>>
>> 4.6 also seems okay, and has some useful improvements
>>
>> 4.7 is not yet supported, but will be in a future release, and has
>> additional useful improvements over 4.6.
>
>4.7 can be made to work, if you're willing to tweak things a bit. The memory 
>manager in 4.6 is much improved over earlier versions; the memory manager in 
>4.7 is slightly better still. The lock manager in 4.7 is more efficient in 
>multi-core systems than in previous versions.
>

Do you, Howard, consider BDB 4.4 stable? I originally worked on 4.2 for initial rollout some years ago. Admittedly, I have no problems at present with 4.4, and I could be convinced to step backward if there is a compelling reason to do so.

>>> I ask because I build OpenLDAP (among other things) for AIX 5.2/5.3/6.1
>>> at (shameless plug) http://pware.hvcc.edu/ and I was considering moving
>>> to 2.4.10 with BDB 4.6, but now I am not certain where to go for a few of
>>> reasons:
>>>
>>> * Why the choice to stay with BDB 4.2?
>>
>> Proven track record over later releases (4.4, 4.5) for stability and
>> performance.
>>
>>> * And OpenSSL 0.9.7l (over the 0.9.8 series)?
>>
>> I use OpenSSL 0.9.8 in my builds and have for ages.
>
>The Symas OpenLDAP 2.4 packages also use OpenSSL 0.9.8. However, the OpenSSL 
>build system changed, making it more difficult to complete the Windows build. 
>That's one of the reasons we stayed with 0.9.7 for so long in our OpenLDAP 2.3 
>packages.
>>
>>> * 2.3.39 has been *stable* since 11/2007 and I have not moved from that
>>> point within the software suite offered. Is a later version of 2.3 going
>>> to be marked stable (like 2.3.42.1 is in the Symas prodcut).
>>
>> Not likely.
>
>True, no further 2.3.x release will be marked Stable.
>
>> Stable is really a fairly meaningless term.
>
>False. At the time that a release was marked stable, it was considered the 
>most stable release. I.e., after sufficient amount of time in release, no 
>major issues were discovered.
>
>> Assigning meaning
>> to it as a guideline as to what version to build is a very bad idea.
>> There's a major DoS vulnerability in 2.3.39, for example, that was fixed in
>> 2.3.43 and 2.4.11.
>
>It's important to note that the Stable marker only changes if there's a new 
>release that we consider stable. The subsequent discovery of bugs in a Stable 
>release won't trigger the removal of that marker. So 2.3.39 is still marked 
>Stable, even though important bug fixes are in 2.3.43, because those bugs were 
>discovered long after 2.3.39 was released.
>

So, I guess I will stay where I am in production and prepare for a 2.4 upgrade at some soon time after I finish my testing in 2.4 and when a stable release is announced.

>In the meantime, when moving the Stable marker, the Project's practice has 
>been that it can only be moved to the Current release stream, which is 2.4. 
>But we haven't yet seen a 2.4 release remain long enough in public use without 
>new issues quickly being discovered. So there is not yet a new Stable release.
>
>>> * 2.4.x seems stable enough to me and certainly to Ubuntu x86[_64], but I
>>> would like some other indication that I should make the leap before I
>>> begin to change dependencies to several of the products I produce. Is
>>> 2.4.x going to be marked stable in the near future?
>
>> Hopefully.  Note that stable does not remotely mean bug free (or relatively
>> low in bug count).  It simply means stable as far as core (i.e., not new)
>> functionality is concerned.
>
>No. It means low bug count as of a particular point in time, e.g., within a 
>couple weeks after the release.
>
>And as I recall, we need to get to a feature freeze in the core code first. I 
>think 2.4 is just about at this point now.
>

Superb. Thank you very much, Quanah and Howard. It has been a very enlightening discussion.

Cheers,
Bill


>-- 
>   -- Howard Chu
>   CTO, Symas Corp.           http://www.symas.com
>   Director, Highland Sun     http://highlandsun.com/hyc/
>   Chief Architect, OpenLDAP  http://www.openldap.org/project/
>