Re: Are gzip-compressed substitutes still used?

[Vagrant Cascadian]

On 2021-03-18, zimoun wrote:
> On Wed, 17 Mar 2021 at 11:08, Vagrant Cascadian <vagrant@debian.org> wrote:
>
>> ... and I would expect this version to ship in Debian for another ~3-5
>> years, unless it gets removed from Debian bullseye before the upcoming
>> (real soon now) release!
>
> I could miss a point.  In 3-5 years, some people will be still running
> Debian stable (or maybe oldstable or maybe this stable is LTS), so they
> will “apt install guix” at 1.2.0, right?  But then there is no guarantee
> that Berlin will still serve this 5 years old binary substitutes.  But
> “guix install” fallback by compiling what is missing, right?

Sure.


> Then the question will be: are the upstream sources still available?
> Assuming that SWH is still alive at this future, all the git-fetch
> packages will have their source, whatever the upstream status.  For
> all the other methods, there is no guarantee.

There is never a guarantee of source availability from third parties;
one of the downsides of the Guix approach to source management
vs. Debian (e.g. all released sources are mirrored on Debian-controlled
infrastructure ... which brings up an interesting aside; could Debian,
OpenSuSE, Fedora, etc.  archives could be treated as a fallback mirror
for upstream tarballs).


> On the other hand, at this 3-5 years future, after “apt install guix”,
> people will not do “guix install” but instead they should do “guix
> pull”.  Therefore, the compression of substitutes does not matter that
> much, right?

Except for issues like the openssl bug which causes build failure due to
certificate expiry in the test suite basically would break guix pull in
those cases... maybe that is a deal breaker for the Debian packaged
guix...


> The only strong backward compatibility seems between “guix pull” rather
> than all the substitutes themselves.  Isn’t it?  Other said, at least
> keep all the necessary to have “guix pull” at 1.2.0 be able to complete.

The guix-daemon is still run from the packaged version installed as
/usr/bin/guix-daemon, so would need to be patched to get updates for new
features and ... in light of https://issues.guix.gnu.org/47229
... security updates!

It is of course possible to configure to use an updated guix-daemon from
a user's profile (e.g. as recommended with guix-binary installation on a
foreign distro), but out-of-the-box it uses the guix-daemon shipped in
the package, which, at least with my Debian hat on, is how it should be.


> Thanks for this opportunity to think at such time scale. :-)

Heh. :)


live well,
  vagrant

signature.asc
Description: PGP signature