Gentoo Forums

(tldr backstory you can skip and go straight to the question)
I have been using gentoo both privately and for half a decade professionally since 2004 when I had to install it from stage 1 and have never looked back. Back then, I used to upgrade regularly and thought that "stable" was for wusses, but in these past few years I've stopped upgrading my personal computers entirely (my office workstation is currently Debian--not by choice, but it's not Windows or Mac thank goodness). I'm using an old kernel from the 4.x generation and I'd probably have to rtfm to configure it nowadays as I've already configured it to do what it needs to do. My media computer is over 6 years old and several years out of date, but it works like new and it's fast and it is the reason why I stopped updating. KDE's Plasma 5 removed virtual desktops and then Firefox Quantum came out and destroyed my favourite browser by killing my configuration and suddenly upgrades were "ruining" my computer. So I didn't upgrade my hybrid touchtop at all and I'm pretty sure portage is literally broken on it now. And my other laptops are all in the last working ideal state with no upgrades. I'm pretty sure I'd need to do a livecd reinstall to avoid the headaches of trying to troubleshooting a borked system caused by a standard portage upgrade.

Question:
I feel like I'm treating gentoo like XP, and wondering what currently active gentoo users think. Is it OK to keep your gentoo in a "perfect" state and nevergrade, or do security risks or similar issues make not upgrading cruel-and-unusual punishment for my boxes? I learnt the hard way that downgrading is not always an option if I don't like the changes in updated FOSS applications, and I'm productive and don't want to lose the productivity. Is there anyone else here who doesn't upgrade regularly?

There are some machines I don't upgrade at all because they're rarely or never used, but the main machines I have to keep up with the patches due to both security fixes as well as portage obsolescence -- where portage will no longer let you upgrade if you wait too long... It's too bad that maintenance releases of software is rare, they'll always ask you to upgrade to latest and greatest to have a bug fixed...

monkeygirl wrote:KDE's Plasma 5 removed virtual desktops [...]

What do you mean by this ? (I am using kde 5 and use 6 virtual desktops)

monkeygirl,

It varies. My main desktop is 12 years old. It gets an update about every 6 weeks when the kernel minor version changes.
When I had cutting edge hardware, I used to run -rc and kernel-next kernels and try updated drivers as they happend.
It all had to be backed out is there was a regression. :)

The rest of my fleet is about every three months. Its all old stuff too. Having said that, my arm64 Chromebook install is about two years old :)

pietinger wrote:

monkeygirl wrote:KDE's Plasma 5 removed virtual desktops [...]

What do you mean by this ? (I am using kde 5 and use 6 virtual desktops)

AFAIR early versions of plasma indeed broke virtual desktops; the idea was to use Activities instead, but I think the average user (like me) couldn't work out how to make that work as simply. At some point, virtual desktops returned; the laptop I'm using to write this has 4 configured.

I may be conflating "early versions of plasma" with "plasma on wayland", which definitely broke virtual desktops. I'm not sure of the current state of plasma on wayland. I gave up trying after cutting myself on the bleeding edge; maybe it's better now.

I'll reitarate what I say every time this subject comes up: do whatever you want with your own systems, but keep your unpatched software the hell away from the rest of us online.

Goverp wrote:

pietinger wrote:

monkeygirl wrote:KDE's Plasma 5 removed virtual desktops [...]

What do you mean by this ? (I am using kde 5 and use 6 virtual desktops)

AFAIR early versions of plasma indeed broke virtual desktops; the idea was to use Activities instead, but I think the average user (like me) couldn't work out how to make that work as simply. At some point, virtual desktops returned; the laptop I'm using to write this has 4 configured.

I may be conflating "early versions of plasma" with "plasma on wayland", which definitely broke virtual desktops. I'm not sure of the current state of plasma on wayland. I gave up trying after cutting myself on the bleeding edge; maybe it's better now.

To clarify: the Plasma 5 virtual desktops all use the same wallpaper now. I organise my work visually so each desktop has a unique background so that when I flip through it I can focus on the designate tasks allocated for that desktop. In KDE 4, you could have virtual desktops and unique wallpapers. In Plasma when they switched to activities (with pointless virtual desktops) multiple activities were confusing and annoying and the virtual desktops could not be visually distinguishable and work like Mac or Windows now. Has this changed? Or are your virtual desktops visually the same?

Ant P. wrote:I'll reitarate what I say every time this subject comes up: do whatever you want with your own systems, but keep your unpatched software the hell away from the rest of us online.

Hahaha! That is a fair request.

monkeygirl wrote:To clarify: the Plasma 5 virtual desktops all use the same wallpaper now. [...] In KDE 4, you could have virtual desktops and unique wallpapers. [...]

Yes, this is true. I was angry about that also because I also had different wallpapers for fast identifying (and I never understood the function of these "activities" - never worked with that ... but I am an old man ...)

Ant P. wrote:I'll reitarate what I say every time this subject comes up: do whatever you want with your own systems, but keep your unpatched software the hell away from the rest of us online.

This. Also keep in mind the problems if you wait too long. This problem will also happen with binary distros. If the sources are not available anymore then your are screwed.

No more often than necessary :).

I've gone ~6 months and ~1 year, but that was on a system I intended to decommission. It was time consuming, but surprisingly not difficult (with snapshots of the tree... some sources couldn't be found).

Otherwise it depends. I might update weekly if I have a specific need, but I prefer to go at least a month, and less than two.

In early December, I had 96 packages to update, but that was probably on the longer side since the prior update. That took time across 3 non-contiguous days to complete.

After that I upgraded gcc, which I had been avoiding for a long time (then forgot about). Next was the profile update from 17.0 to 17.1. Then some other updates I had been putting off, because "improvements." That was multiple non-contiguous days, excluding other time spent on first avoiding then understanding the profile change.

Next was another gcc update to a version I'll stick with for quite some time (hopefully not until it is removed from the tree this time). That coincided with another 37 package update.

All of that was between Dec 8th and 29th.

And now I'm looking at 27 packages (22 upgrades, 3 new, 2 reinstalls). I've been "beaten" into submission on the constant creep of new packages being required. Sometimes they can be avoided.

This update includes a portage update, where it wants to install acct-{user,group}/portage and change its home directory.

I'm also waiting for a Firefox update. There were 13 last year, and I'll have to migrate from libressl to openssl, which is going to require a bunch of rebuilds.

Sometimes syncing seems like solving the Lament Configuration.

My desktop, I update every day or few days, laptop once a week.
Couple of machines on the internal network, that I've frozen and haven't updated in quite a while, and probably won't update as long as the hardware lasts, but they're special purpose, so no real need to update.

Having said that, I've slowed down on things like glibc upgrades and other packages opting for stability rather than then latest/greatest/shiniest, and my local repo is growing, but since it's my machines, I'll do what I want.

Weekly update but I still have blockers, mostly caused by python changes and packages being dropped solely because they are old.

I sync once on my server machine. Quite often I have to copy ebuilds from another machine to my local oldgentoo overlay because the fact that upstream is dead is not sufficient to abandon software that I like. Once I have the server straightened out, I sync portage and my local overlays from it. I usually have to solve the same blockers but I have already done it once.

In the past year there has not been a single update that I recall that had a positive result and this is on amd64 stable. Seriously considering stopping updates entirely.

I have a Raspberry Pi 3b that I have never updated. I did download Sakaki's last release. I really should install it but I forgot how.

Regarding Security, I often see GLEPs that say "there is no known solution, download the latest version". If the latest version is still vulnerable, why should I download the latest version and run into some other incompatibility?

I don't run KDE so I can't comment on that.

Tony0945 wrote:Regarding Security, I often see GLEPs that say "there is no known solution, download the latest version". If the latest version is still vulnerable, why should I download the latest version and run into some other incompatibility?

Those GLSAs are trying to say that there is no user or administrator workaround, and that the only solution is to install a fixed version. For some vulnerabilities, there is a workaround based on blocking access to the vulnerable feature. For example, a disgustingly large number of browser vulnerabilities can be worked around by disabling Javascript, which prevents the exploit from ever reaching the buggy path. Similarly, an authentication bypass vulnerability might apply only to some of the supported authentication types, and a server which disallows anyone using the bad type can be safe without a code fix.

I run a single script daily that updates all my machines, including making binpkgs for my weak machines and then installs them after a few sanity checks.

I don't remember the last time I had real issues updating, at most a build failure here and there given I run ~arch everywhere.

monkeygirl wrote:I feel like I'm treating gentoo like XP

A good comparison Where is my Adobe Photoshop CS4?..

monkeygirl wrote:Firefox Quantum came out and destroyed my favourite browser by killing my configuration

I suffered from Firefox changes too, some years ago... Mozilla was re-making the interface, breaking NoScript, etc... It was a period when I considered changing browser, but still endured and lately Mozilla thankfully hasn't been making so drastical changes...

monkeygirl wrote:Is it OK to keep your gentoo in a "perfect" state and nevergrade

Last time when I had to downgrade a package was so long ago that I can't remember which package it was. All my systems are minimalistic, and I've always tried to exclude the software that I have to downgrade... No Desktop Environment, no systemd etc. So,.. fingers crossed... yes, it's a perfect state for me; no problem with regular updates. For a server, I do updates more frequently (in few days), for a desktop or a laptop - less frequently (in few weeks). Though, it depends on how important package is being updated: if it's Firefox, I update it on all the desktops and laptops immediately.

monkeygirl wrote:I learnt the hard way that downgrading is not always an option

Do you make backups before each emerge @world? I do.

Daily most of the time. I have an emerge --sync and emerge -uDUp @world in a crontab with the results in my morning email. When I do the update, it's only one or two minutes of effort. I don't watch it run.

I've found that going less frequently turns it into work with issues to be solved.

I can't vote.

I have two installations which are never upgraded an one which is upgraded regularly.

At least once for a week. But almost every time i do, it ends up in rebuilding the firefox and thunderbird too. It consumes a lot lot of time and i just cant use my pc normal way during that updates. Version upgrading is fine, but just the rebuilds (some libs had changed, lets rebuild the whole firefox or thunderbird or even libreoffice) are really annoying.

I find I build much less each time since I switched to stable.

I am sitting at 100% stable systems, and I do upgrade my laptop and desktop perhaps once a week - though I am checking first what is to be updated and may delay it if it is too intrusive. But I do it mostly for fun, as a relaxation exercise, not because of security. I do not care about security that much.

pietinger wrote:

monkeygirl wrote:To clarify: the Plasma 5 virtual desktops all use the same wallpaper now. [...] In KDE 4, you could have virtual desktops and unique wallpapers. [...]

Yes, this is true. I was angry about that also because I also had different wallpapers for fast identifying (and I never understood the function of these "activities" - never worked with that ... but I am an old man ...)

I am an old man, and the sun set for me when they got rid of virtual desktops larger that the screen, and the concept of viewport that you can move smoothly over large area. In favour of windowmaker like workspace concept.

I have been banned when there were problems.

On the other hand I sync only one single system. All other system share the same local Portage.

dmpogo wrote:

pietinger wrote:

monkeygirl wrote:To clarify: the Plasma 5 virtual desktops all use the same wallpaper now. [...] In KDE 4, you could have virtual desktops and unique wallpapers. [...]

Yes, this is true. I was angry about that also because I also had different wallpapers for fast identifying (and I never understood the function of these "activities" - never worked with that ... but I am an old man ...)

I am an old man, and the sun set for me when they got rid of virtual desktops larger that the screen, and the concept of viewport that you can move smoothly over large area. In favour of windowmaker like workspace concept.

They got rid of that because it's been built into X for a decade now. man 1 xrandr

Once a day, typically early morning before work.