From martin.hamant at cc.in2p3.fr Thu Jun 26 14:49:51 2025 From: martin.hamant at cc.in2p3.fr (Martin HAMANT) Date: Thu, 26 Jun 2025 16:49:51 +0200 (CEST) Subject: RedHat 9 packages, versions and patchs Message-ID: <1942460534.4140902.1750949391601.JavaMail.zimbra@cc.in2p3.fr> Hi, I would like to understand from which upstream branch RedHat's patchs are coming and why. For instance on RHEL9 we currently have varnish-6.6.2-6.el9_6.1. I suppose RedHat is applying (backporting) security patchs on top of this _old_ release, but from which upstream branch does it comes ? Is this from the 6.0.x LTS branch or newer ? Last question; do you know what is the reason behind this specific '6.6.2' version in RedHat 9 ? (rather than a LTS one for instance) Thank you for your insight, Regards, Martin From ingvar at redpill-linpro.com Thu Jun 26 16:26:04 2025 From: ingvar at redpill-linpro.com (Ingvar Hagelund) Date: Thu, 26 Jun 2025 18:26:04 +0200 Subject: RedHat 9 packages, versions and patchs In-Reply-To: <1942460534.4140902.1750949391601.JavaMail.zimbra@cc.in2p3.fr> References: <1942460534.4140902.1750949391601.JavaMail.zimbra@cc.in2p3.fr> Message-ID: <9ac2d650f07a9191cdbed28dcbbaae6ab4ca7da6.camel@redpill-linpro.com> to., 26.06.2025 kl. 16.49 +0200, skrev Martin HAMANT: > Hi, Hello Martin > I would like to understand from which upstream branch RedHat's patchs > are coming and why. For instance on RHEL9 we currently have varnish- > 6.6.2-6.el9_6.1. > I suppose RedHat is applying (backporting) security patchs on top of > this _old_ release, but from which upstream branch does it comes ? Is > this from the 6.0.x LTS branch or newer ? Red Hat decided, probably by popular demand, to include varnish into rhel for el8. They chose wisely to go for the 6.0.x LTS release that was current at the time, and have tracked that for el8 since. Then they started the work on varnish for el9 around 2020. They forked the fedora package as is usual, then at varnish-6.5.1, and have maintained their own branch in centos stream 9 since then. They updated to varnish-6.6.x and then built the rhel9 package from that. In this work, they have been on their own, though they ask me (as the fedora maintainer) about things from time to time, though sometimes neglecting my advice, see below. > Last question; do you know what is the reason behind this specific > '6.6.2' version in RedHat 9 ? (rather than a LTS one for instance) Having 6.0.x LTS in el8, I presume they wanted something newer, but who knows. I was not given any particular reason for the choice, other than that 6.0.x was perhaps growing a bit old. As to my knowledge, no new LTS had been planned at that point, I challenged the Red Hat maintainers that the support burden with going with something newer, would fall on them. I tried to make clear what the options were, with upstream leaving old versions behind about once a year. I hope they have risen to the challenge. Similarly, they have chosen 7.6.1 for el10, again probably just because that was current at the time of the fork from Fedora. On your first question: When bugs or build problems arise in a release, I patch these in the Fedora rpm, either myself then reporting upstream, or based on work already done upstream. As the package is forked from the fedora, the rhel package inherits all these small fixes. Red Hat's further work on Varnish after the fork may be followed quite openly in centos stream.?You can find a mirror of their git repo at https://gitlab.com/redhat/centos-stream/rpms/varnish , with branches for c9s and c10s respectively. They do this work on their own, merging in stuff from fedora and upstream from time to time. I presume they do security patching themselves based on work upstream, but I do not know this in detail, and the sources of their patches are not mentioned explicitly. The person who could give a clear answer to this is probably Lubo? Uhliari, who does most of the patching and package maintenance of varnish at Red Hat. Generally have their own prioritizations and policies, taking their own decisions. As an example, it is well proven that running varnish with jemalloc gives better performance. My classic rant here is how I adviced Red Hat to import Fedora's jemalloc package into RHEL, for varnish and for common use, as there are several other packages in RHEL that use jemalloc internally. By a Red Hat policy, probably to avoid maintenance of an extra general malloc implementation or something, this was disregarded, and they went with glibc malloc. Not surprisingly, performance hungry customers asked for jemalloc support in varnish. So they recently decided to patch jemalloc back inline into varnish again, reversing my earlier work to fulfill the Fedora Packaging Policy of maintaing separately released libraries as separate packages. Note that generally, I think the relationship among Varnish Cache upstream, Varnish Software maintaining the 6.0 LTS branch, Fedora, and Red Hat here, is quite healthy, and I do absolutely do not want to bash Lubo? nor his collegues' work. We all have different priorities and policies to follow. Ingvar