> Why is this preferable to what's in the README.txt (i.e. "wget -O - https://download.gluster.org/pub/gluster/glusterfs/5/rsa.pub | apt-key add -") ?
> You import the key once, and it works for every update after that? That's what Louis Zuckerman (a.k.a. semiosis), the original gluster debian packager suggested. I don't know enough to know why your deb cmd is better than semiosis' apt-key add cmd?
> Also the fact that the key hasn't actually changed since glusterfs-5 means, among other things, you only need to change the /etc/apt/sources.list.d/gluster.list and updates to -6 or -7 will just keep working with the key you already imported.
These things might be fine if you're manually maintaining a handful of servers (pets), but they're detrimental when maintaining large amounts of servers/VMs/Docker images/etc which need to be provisioned from scratch with reliable, repeatable recipes (cattle). Users shouldn't have to know or care that they need to install rsa.pub from version 5, 6, or 7 to install the LATEST client, nor should they need to know that rsa.pub hasn't changed since version 5. They should know that they can always install LATEST with a key available at a stable URL (e.g. https://download.gluster.org/pub/gluster/glusterfs/LATEST/rsa.pub), even when new versions are released.
> I have the possibly mistaken impression that not everyone wants to always use .../glusterfs/LATEST. Some people want to install glusterfs-6 and stay on -6, i.e. .../glusterfs/6/LATEST. And they'd be really upset if they came in one morning to find that an automatic update (however good or bad an idea that is) had updated them to glusterfs-7 when they weren't ready for it. (And worse, if it broke their system.)
Absolutely, that's why both https://download.gluster.org/pub/gluster/glusterfs/7/LATEST/ and https://download.gluster.org/pub/gluster/glusterfs/LATEST/ exist, right? I'm not suggesting that anything within the major version folders change, I'm suggesting that in addition to the https://download.gluster.org/pub/gluster/glusterfs/LATEST/ repo we also have a LATEST rsa.pub at a URL which doesn't change. If internally https://download.gluster.org/pub/gluster/glusterfs/LATEST/ is just a symlink and it doensn't make sense to put said LATEST rsa.pub inside that dir, maybe it could be top level (https://download.gluster.org/pub/gluster/glusterfs/LATEST_rsa.pub or similar). It really doesn't matter where it is, as long as it doesn't move and always matches https://download.gluster.org/pub/gluster/glusterfs/LATEST/.
> And apropos of nothing in particular, perhaps we should create a new key for glusterfs-8 when that time comes; it's probably time.
+1
On Tue, Oct 29, 2019 at 12:22 PM Kaleb Keithley <kkeithle@xxxxxxxxxx> wrote:
On Mon, Oct 28, 2019 at 1:03 PM Shane St Savage <shane@xxxxxxxxxxxxxxxxxxxx> wrote:Adding rsa.pub at https://download.gluster.org/pub/gluster/glusterfs/LATEST/rsa.pub would allow bootstrapping Debian servers with the following repo/key:deb https://download.gluster.org/pub/gluster/glusterfs/LATEST/Debian/${RELEASE}/amd64/apt ${RELEASE} mainIn other words, only LATEST would have to be referenced instead of LATEST and some specific version for the key.I'm not a Debian packaging expert. (Even if sometimes I play one on TV.) Why is this preferable to what's in the README.txt (i.e. "wget -O - https://download.gluster.org/pub/gluster/glusterfs/5/rsa.pub | apt-key add -") ?You import the key once, and it works for every update after that? That's what Louis Zuckerman (a.k.a. semiosis), the original gluster debian packager suggested. I don't know enough to know why your deb cmd is better than semiosis' apt-key add cmd?Also the fact that the key hasn't actually changed since glusterfs-5 means, among other things, you only need to change the /etc/apt/sources.list.d/gluster.list and updates to -6 or -7 will just keep working with the key you already imported.As an example of why this is useful, Gluster 7 has been released since my original mail, so now the key for LATEST is at https://download.gluster.org/pub/gluster/glusterfs/7/rsa.pub instead of https://download.gluster.org/pub/gluster/glusterfs/6/rsa.pub. Every time a new verison of Gluster is released the recipe for installing the latest Gluster client has to be updated.I have the possibly mistaken impression that not everyone wants to always use .../glusterfs/LATEST. Some people want to install glusterfs-6 and stay on -6, i.e. .../glusterfs/6/LATEST. And they'd be really upset if they came in one morning to find that an automatic update (however good or bad an idea that is) had updated them to glusterfs-7 when they weren't ready for it. (And worse, if it broke their system.)And apropos of nothing in particular, perhaps we should create a new key for glusterfs-8 when that time comes; it's probably time.On Mon, Sep 9, 2019 at 11:42 PM Kaleb Keithley <kkeithle@xxxxxxxxxx> wrote:Hi,What is the issue that this would solve?The Debian README.txt files and RPM repo files for 6.x all say the rsa.pub is at https://download.gluster.org/pub/gluster/glusterfs/6/rsa.pub and have since day one.(Likewise the rsa.pub for 5.x is at https://download.gluster.org/pub/gluster/glusterfs/5/rsa.pub)On Mon, Sep 9, 2019 at 10:29 PM Shane St Savage <shane@xxxxxxxxxxxxxxxxxxxx> wrote:Hello,Any chance of getting an rsa.pub available inat?(in this case, it should be https://download.gluster.org/pub/gluster/glusterfs/6/rsa.pub).Thanks,Shane
________ Community Meeting Calendar: APAC Schedule - Every 2nd and 4th Tuesday at 11:30 AM IST Bridge: https://bluejeans.com/118564314 NA/EMEA Schedule - Every 1st and 3rd Tuesday at 01:00 PM EDT Bridge: https://bluejeans.com/118564314 Gluster-users mailing list Gluster-users@xxxxxxxxxxx https://lists.gluster.org/mailman/listinfo/gluster-users
