FAQ

On Sat, 2011-07-09 at 12:00 -0400, centos-devel-request at centos.org wrote:

------------------------------

Message: 5
Date: Sat, 09 Jul 2011 10:43:56 +0200
From: Ljubomir Ljubojevic <office at plnet.rs>
Subject: Re: [CentOS-devel] Public mirrors leaking ISO files
To: "The CentOS developers mailing list." <centos-devel at centos.org>
Message-ID: <4E1814CC.9020507 at plnet.rs>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed

Shawn Thompson wrote:
"leaks"
Yes, as in "drips through barriers" until whole dam is broken. Remember
story about Dutch kid that saved the dam by plugging his finger in dam's
little hole? If you are doing something, do it right or do not do it at all.
This is just the silliest thing I have ever heard. This happens all
the time, even with Windows. I see no cause for alarm, especially
since this is FOSS. What's the problem?
I don't care you don't care. I know dev's value their invested time and You've
do not need more headaches.

Because it is not 100% complete. If someone (read hundreds possibly)
starts using ISO with a bug, then they could start complaining about
something wrong, and dev's and us willing to help could spend may hours
not knowing why is that persons PC behave like that. Not to mention
possible public name calls for no reason than not caring.

Ljubomir


------------------------------
Let's see if I understand this - You've got "hundreds possibly" of
people who have been anxiously awaiting this release for months...you've
got a very real dearth of information coming out of "official" channels
regarding the status of the release (with the exception of
http://qaweb.dev.centos.org/qa/, which announced that the sync to
external mirrors started a couple of days ago, and that the "bit flip"
should occur at any time), and you're chastising people for showing an
overwhelming interest in the product.

If you're so concerned about the potential problems with people "jumping
the gun", then COMMUNICATE THE STATUS!! Don't leave people in the dark
then act chagrined when people take it upon themselves to seek out what
they've been waiting for. I don't care that you don't care that he
doesn't care that there are leaks. I do care that you don't care to
share what you know with others so that they might behave in a rational
manner toward this much anticipated release.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.centos.org/pipermail/centos-devel/attachments/20110709/31245d62/attachment.html

Search Discussions

  • Karanbir Singh at Jul 9, 2011 at 3:29 pm

    On 07/09/2011 08:17 PM, Mark E. Wilt wrote:
    external mirrors started a couple of days ago, and that the "bit flip"
    should occur at any time), and you're chastising people for showing an
    overwhelming interest in the product.
    I dont think anyone is being chastised as such - people who know what
    they are doing are pretty much ok, and understand the issues involved.
    If you're so concerned about the potential problems with people "jumping
    the gun", then COMMUNICATE THE STATUS!! Don't leave people in the dark
    its been quite clearly plastered all over the place that its not
    released till the release announcement is sent out.

    There are very few ways to work around getting a mirror sync, test and
    mirrorlist handling in a sane manner that covers as large a base as we
    need to.
    then act chagrined when people take it upon themselves to seek out what
    they've been waiting for. I don't care that you don't care that he
    doesn't care that there are leaks. I do care that you don't care to
    share what you know with others so that they might behave in a rational
    manner toward this much anticipated release.
    Thats absolutely not true. As far as I can see lots of people have been
    making it quite public that unless you really know what you are doing,
    hold out for the release announcement. But then its possible I'm looking
    at different things and talking to different people than you, so that
    brings up :

    Where would you have looked to see this being communicated ?
    What did you find when you looked there ?
    What else would you have expected ?
    How can you help with this communcation ?

    - KB
  • Yury V. Zaytsev at Jul 9, 2011 at 5:30 pm
    Hi KB,
    On Sat, 2011-07-09 at 20:29 +0100, Karanbir Singh wrote:

    Where would you have looked to see this being communicated ?
    1) A new thread on this list containing the statement of the fact and
    brief explanation.

    2) A short message on the Twitter, which many are using as an RSS feed
    for the project news for the lack of better options.
    What did you find when you looked there ?
    1) Your reply on the mailing list made perfect sense and was generally
    an example of good communication, but it came late.

    2) So did the tweet.
    What else would you have expected ?
    As on many other instances, I would expect this information to be
    provided earlier.
    How can you help with this communcation ?
    How can you accept help with the communication if you need any?

    I have previously asked on this list if the batches of the relevant
    qaweb announcements can be communicated on the -devel list weekly, e.g.
    every Friday.

    Not only this didn't happen (and I didn't get any feedback with regards
    to this question), but also the qaweb pages ended up only being updated
    sporadically after the status update requests were posted to the list.
    Later, I e-mailed Jeff privately, but apparently he was too busy to get
    back to me.

    I really do believe, that how communication happens does matter, and
    although the relevant information ends up being communicated when
    requested, I think that nobody would argue that there is a trend of it
    happening late if at all.

    I could have taken the role of a person that would compile relevant
    updates from qaweb and officially post them to the list if this would be
    of any help to you, but obviously it's probably much more appropriate if
    this were done by someone who has something to do with CentOS
    development or at least QA and has some insight into what's actually
    going on there.

    I've seen Alain re-posting information to the announcement threads on
    the forum and I think that he was doing a great and important job. If
    only there was a designated person to regularly and timely post updates
    to all major communications channels (forums, list, twitter), this would
    have taken care of most of the problems.

    I'd like to refer to ReactOS as an example of being good in
    communication. I'm not involved with this project in any way, but they
    post very nice newsletters every two weeks and it makes it easy and
    pleasant to follow on their progress.

    --
    Sincerely yours,
    Yury V. Zaytsev
  • Karanbir Singh at Jul 9, 2011 at 7:07 pm

    On 07/09/2011 10:30 PM, Yury V. Zaytsev wrote:
    Where would you have looked to see this being communicated ?
    1) A new thread on this list containing the statement of the fact and
    brief explanation.
    this list isnt the announement list for anything. if after folowing this
    list for a while, people are still unsure as to the qaweb interface -
    then nothing is really going to come across to them.
    2) A short message on the Twitter, which many are using as an RSS feed
    for the project news for the lack of better options.
    there is a statement on twitter about this..
    What did you find when you looked there ?
    1) Your reply on the mailing list made perfect sense and was generally
    an example of good communication, but it came late.
    2) So did the tweet.
    not sure I understand - are you saying that we should try and pre-empt
    every possible way that people out there might need hand holding ? that
    sounds quite strange. An issue came up, we tried to address it.
    As on many other instances, I would expect this information to be
    provided earlier.
    so you mean to tell me that you are confused about the 'its not released
    till its released and announced released bit?'
    I have previously asked on this list if the batches of the relevant
    qaweb announcements can be communicated on the -devel list weekly, e.g.
    every Friday.
    this is not a communication of things to people list, I for one would
    really not want it to become something of that nature.
    I could have taken the role of a person that would compile relevant
    updates from qaweb and officially post them to the list if this would be
    dont think you can -- most of our interactino is on irc, and you have
    previously yourself said that you are not available online there much..


    - KB
  • Yury V. Zaytsev at Jul 9, 2011 at 8:13 pm

    On Sun, 2011-07-10 at 00:07 +0100, Karanbir Singh wrote:

    this list isnt the announement list for anything. if after folowing this
    list for a while, people are still unsure as to the qaweb interface -
    then nothing is really going to come across to them.
    Actually, I would say that the name of this list is kind of misleading
    as such (centos-devel@), because it is not something one would expect
    from a list that ends with -devel at .

    To my mind it is more like CentOS development public outreach list, that
    is a list that many developers follow and periodically ask for input (or
    even receive unsolicited input :-) ), but it is definitively not a
    conventional internal development mailing list where ongoing issues are
    discussed mostly within the developers themselves.

    I think this is where the confusion comes from. Maybe if it were made
    more clear on the wiki [1] and on the mailman list description page [2],
    it would really help.

    [1]: http://wiki.centos.org/GettingHelp/ListInfo
    [2]: http://lists.centos.org/mailman/listinfo/centos-devel
    2) A short message on the Twitter, which many are using as an RSS feed
    for the project news for the lack of better options.
    there is a statement on twitter about this..
    True, posted on Sat, 09 Jul 2011 19:31:55 UTC and not particularly clear
    to laymen as it seemed to me (see below).
    What did you find when you looked there ?
    1) Your reply on the mailing list made perfect sense and was generally
    an example of good communication, but it came late.
    2) So did the tweet.
    not sure I understand - are you saying that we should try and pre-empt
    every possible way that people out there might need hand holding ? that
    sounds quite strange. An issue came up, we tried to address it.
    No, of course not, since this would indeed sound quite strange.

    All I am saying is that the leak issue came up at latest around Sat, 09
    Jul 2011 00:00:00 UTC. Soon enough started the speculations on why this
    is an issue at all and how come greedy CentOS developers don't want to
    share their stuff etc.

    Your (helpful!) answer came (technically) a day later. This is a totally
    reasonable response time under normal circumstances, but I don't think
    this is the case here.

    For instance, a major Russian FOSS portal has already published a news
    item that CentOS 6 was publicly released and provided links to one of
    the leaking mirrors (which is still up and serving, by the way [3]).

    Of course inspired visitors already created torrents to seed the files
    as genuine CentOS 6 stuff and I bet many thousands of downloads already
    took place by that time...

    [3]: http://centos.mirror.nexicom.net/6.0/isos/x86_64/
    As on many other instances, I would expect this information to be
    provided earlier.
    so you mean to tell me that you are confused about the 'its not released
    till its released and announced released bit?'
    Yes, exactly, that's what I'm telling you. To my mind it would be of
    help, if this message was (1) posted earlier and (2) looked more like

    "Attention! The CentOS 6 ISOs on the mirrors right now might not have
    the final content yet! Please wait until the release is officially
    announced to avoid unpleasant surprises and report leaking mirrors."

    Would you agree with that?
    I have previously asked on this list if the batches of the relevant
    qaweb announcements can be communicated on the -devel list weekly, e.g.
    every Friday.
    this is not a communication of things to people list, I for one would
    really not want it to become something of that nature.
    Totally fine with me, it's a CentOS list, so CentOS sets the policy on
    what kind of information should and shouldn't be posted.

    How about the announcement or newsletter list? What do you think?
    I could have taken the role of a person that would compile relevant
    updates from qaweb and officially post them to the list if this would be
    dont think you can -- most of our interactino is on irc, and you have
    previously yourself said that you are not available online there much..
    I do realize that, that's why I didn't offer myself in the first place
    (1) and called it (2) "compiled from qaweb", since I am unable to follow
    the IRC conversations (even this would be of help, I think).

    Which brings us back to another question that I asked, that is what kind
    of help you need with communication and how you could make use of it?

    Internal communication mostly happens on IRC? Fine, how about making a
    call for someone that is interested to follow the IRC and make regular
    overviews posted to the rest of the communication channels (lists,
    forums and twitter)?

    Hey, remember the story with the unofficial CentOS-6 twitter account? I
    think it's an indication that this area would benefit from
    improvement...

    --
    Sincerely yours,
    Yury V. Zaytsev
  • John R. Dennison at Jul 9, 2011 at 8:27 pm

    On Sun, Jul 10, 2011 at 02:13:33AM +0200, Yury V. Zaytsev wrote:
    Of course inspired visitors already created torrents to seed the files
    as genuine CentOS 6 stuff and I bet many thousands of downloads already
    took place by that time...

    [3]: http://centos.mirror.nexicom.net/6.0/isos/x86_64/
    Nexicom has been at the center of the leak controversy since the moment
    it started. I didn't consider that the number of downloads would have
    been that significant, however.

    Yet more reason to sanction them in my not nearly humble opinion. I
    swear that I've seen them leaking in the past as well.




    John
    --
    Debugging is twice as hard as writing the code in the first place.
    Therefore, if you write the code as cleverly as possible, you are, by
    definition, not smart enough to debug it.

    -- Brian W. Kernighan
    -------------- next part --------------
    A non-text attachment was scrubbed...
    Name: not available
    Type: application/pgp-signature
    Size: 189 bytes
    Desc: not available
    Url : http://lists.centos.org/pipermail/centos-devel/attachments/20110709/2a7dae92/attachment.bin
  • R P Herrold at Jul 10, 2011 at 12:31 am

    On Sun, 10 Jul 2011, Yury V. Zaytsev wrote:

    All I am saying is that the leak issue came up at latest around Sat, 09
    Jul 2011 00:00:00 UTC. Soon enough started the speculations on why this
    is an issue at all and how come greedy CentOS developers don't want to
    share their stuff etc.
    ... I do not know where 'greedy' came from, but ...
    Your (helpful!) answer came (technically) a day later. This is a totally
    reasonable response time under normal circumstances, but I don't think
    this is the case here.
    By what strange sense of entitlement is any response within 24
    clock hours, and falling into a weekend, untimely? Have you a
    SLA? This is NOT a commercial product no matter how much some
    people want to wish for that magical pony. If won wants
    deterministic SLA times, go buy such from a person selling
    such

    But, in fact, the topic of 'leaking mirrors' had already been
    addressed, ...
    Yes, exactly, that's what I'm telling you. To my mind it would be of
    help, if this message was (1) posted earlier and (2) looked more like

    "Attention! The CentOS 6 ISOs on the mirrors right now might not have
    the final content yet! Please wait until the release is officially
    announced to avoid unpleasant surprises and report leaking mirrors."
    ... by this post:
    Date: Fri, 8 Jul 2011 14:14:10 -0400 (EDT)
    From: R P Herrold <herrold at owlriver.com>
    To: CentOS mailing list <centos at centos.org> ...
    The implicit statement being that a mirror operator could
    _jump the gun_ on the official release, and 'have 'the
    release early. Indeed, in the past some (former) mirror
    operators released 'early samples' and posted such URLs ...
    and one of the CD vendors released a non-officially released
    ISO, that they (assumedly) then had to recall and replace
    This turned out to be ill-considered, because the release
    process is not official until announced, and in one of the
    past releases, we needed to replace a few files 'at the last
    minute'
    That is, a day BEFORE your claimed onset of the leak, we
    re-iterated that 'the release process is not official until
    announced'. No threats, as none are credible, but rather just
    pointing out the facts yet again

    The same thing we've said every time. Over and over again

    Nothing is going to STOP people who 'NEED' the 'LATEST AND
    GREATEST' from trying to bend the rules to get at such content
    early. Threatening or taking punitive acts toward public
    mirrors who do not want to follow the rules won't work

    There is no reason for the CentOS team to address the matter,
    other than to point out that if the MD5SUMs do not match, it
    is not CentOS matter, and will not be supported in CentOS
    forums by people from the CentOS team

    Third parties who seem to love to hear themselves talk, and
    have to have the last word, have all but driven out on topic
    matter on the CentOS mailing lists. It is a shame, and I hope
    that a person who looks at their sent email and finds that
    they have made more than four in a day, or thirty in a week,
    ask their self:
    Do I _really_ need to post this?
    because the noise level of off topic cr*p in recent weeks has
    been killing

    -- Russ herrold
  • Ljubomir Ljubojevic at Jul 9, 2011 at 3:49 pm

    Mark E. Wilt wrote:
    Let's see if I understand this - You've got "hundreds possibly" of
    people who have been anxiously awaiting this release for months...you've
    got a very real dearth of information coming out of "official" channels
    regarding the status of the release (with the exception of
    http://qaweb.dev.centos.org/qa/, which announced that the sync to
    external mirrors started a couple of days ago, and that the "bit flip"
    should occur at any time), and you're chastising people for showing an
    overwhelming interest in the product.

    If you're so concerned about the potential problems with people "jumping
    the gun", then COMMUNICATE THE STATUS!! Don't leave people in the dark
    then act chagrined when people take it upon themselves to seek out what
    they've been waiting for. I don't care that you don't care that he
    doesn't care that there are leaks. I do care that you don't care to
    share what you know with others so that they might behave in a rational
    manner toward this much anticipated release.
    ???

    Who says I am not communicating what I know? I was asked to be admin on
    CentOS Facebook page and I post on the wall everything I have learned
    from both mailing lists and QA web site.

    But I have no authority or authorization to post here, especially when
    most of I learn is from centos-users and centos-devel mailing list. And
    at least 20 times someone referred to QA web site in last month alone.

    One of the members of CentOS Facebook page posted anaconda C6 screen and
    said he downloaded it from official public mirror, so I alerted the
    devs/mirror admins and was attacked for trying to help correcting the
    problem.

    And NO, I do not have any other "official" info, no chats, private
    mails, PM's, etc.. I just look, read, remember and use my brain in order
    to inform others (FB members mostly).

    Since mirror network can (and mostly does) work by distributing only
    differences, syncing majority of data for shortening the time of actual
    release if logical, but as we were informed it is not all over yet and
    those are not final versions. That is exactly what I wrote on FB page
    all along. Go and take a look.

    And if all mirrors were set properly this discussion would never happen.

    Ljubomir
  • John R. Dennison at Jul 9, 2011 at 4:40 pm

    On Sat, Jul 09, 2011 at 09:49:08PM +0200, Ljubomir Ljubojevic wrote:
    And if all mirrors were set properly this discussion would never happen.
    And that's the whole point of all of this. Content is seeded in such a
    way that it is restricted from the public until the time that the read
    bit is enabled when the actual release announcement is made. Some
    mirrors, either willfully and knowingly, or perhaps by some automated
    means such as a script, have opened the directories up. So yes, this
    content is leaked. And it has been strongly cautioned on IRC and
    elsewhere that using this leaked content before official release was
    asking for trouble in the event that a reissue of components was made.
    And sure enough, such a reissue proved necessary in the case of the
    CentOS-6 release.

    Leaks happen every single release. And at least one of the currently
    leaking mirrors has done this in the past so it's not a new story even
    for them. Running a mirror really isn't that difficult; generally,
    barring normal administration tasks of course, it's fire and forget.

    But until the project does something to either slap the wrists of mirror
    operators that leak content in some manner, or just remove their mirror
    status perhaps for the case of repeat offenders, it's going to continue
    to occur.

    As far as those _using_ the content? They should know better. There
    has been no official announcement of general CentOS-6 availability; they
    should know not to use that which is leaking out - especially if they
    had to actively search out such content.

    This is an enterprise level distribution, some thought really is
    required.





    John
    --
    <DiscordianUK> deselect was written by someone who OD'ed on vi
    -------------- next part --------------
    A non-text attachment was scrubbed...
    Name: not available
    Type: application/pgp-signature
    Size: 189 bytes
    Desc: not available
    Url : http://lists.centos.org/pipermail/centos-devel/attachments/20110709/810660f2/attachment.bin

Related Discussions

Discussion Navigation
viewthread | post
Discussion Overview
groupcentos-devel @
categoriescentos
postedJul 9, '11 at 3:17p
activeJul 10, '11 at 12:31a
posts9
users6
websitecentos.org
irc#centos

People

Translate

site design / logo © 2022 Grokbase