Received: from mx1.tetrasec.net (mx1.tetrasec.net [74.117.189.118])
	by nld3-dev1.alpinelinux.org (Postfix) with ESMTPS id 371DE782D08
	for <~alpine/devel@lists.alpinelinux.org>; Fri, 24 Jan 2020 11:04:06 +0000 (UTC)
Received: from mx1.tetrasec.net (mail.local [127.0.0.1])
	by mx1.tetrasec.net (Postfix) with ESMTP id 5FC0A2DE43C8;
	Fri, 24 Jan 2020 11:04:03 +0000 (UTC)
Received: from ncopa-desktop.copa.dup.pw (67.63.200.37.customer.cdi.no [37.200.63.67])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange ECDHE (P-256) server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(No client certificate requested)
	(Authenticated sender: alpine@tanael.org)
	by mx1.tetrasec.net (Postfix) with ESMTPSA id A81FB2DE42C4;
	Fri, 24 Jan 2020 11:04:01 +0000 (UTC)
Date: Fri, 24 Jan 2020 12:03:54 +0100
From: Natanael Copa <ncopa@alpinelinux.org>
To: "Drew DeVault" <sir@cmpwn.com>
Cc: "Ariadne Conill" <ariadne@dereferenced.org>,
 <~alpine/devel@lists.alpinelinux.org>
Subject: Re: Lets talk about apk-tools 3, and apk-tools in 2020 in general
Message-ID: <20200124120354.1d650b80@ncopa-desktop.copa.dup.pw>
In-Reply-To: <C03A5J4BZ2TN.2VO1P2UDDOI6Q@homura>
References: <1c4796e0cda2248c2de159d4d467421c@dereferenced.org>
	<C03A5J4BZ2TN.2VO1P2UDDOI6Q@homura>
X-Mailer: Claws Mail 3.17.4 (GTK+ 2.24.32; x86_64-alpine-linux-musl)
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit

On Thu, 23 Jan 2020 10:36:10 -0500
"Drew DeVault" <sir@cmpwn.com> wrote:

> Thanks for writing this up, Ariadne. I agree with everything you said.
> I'd like to call attention to a few points:
> 
> On Thu Jan 23, 2020 at 3:13 PM, Ariadne Conill wrote:
> > * Changing the format in such a radical way brings significant
> > risk. The tar streams code has already been audited and a
> > few CVEs have been fixed over the years. Throwing that out
> > means we start over again, possibly reintroducing variations
> > of bugs we have already fixed. Many stakeholders have said
> > privately that they would rather not have exposure to this
> > risk and would prefer a more conservative approach.
> 
> We ought to be careful to avoid fixing things which aren't broken,
> noting that unoptimal != broken. I do NOT see APKv3 as an opportunity to
> scratch a bunch of itches. Let's keep the changes as small as possible
> and avoid throwing out lots of code, or introducing lots of new code.
> 
> We should structure these changes as slow, incremental improvements,
> where one change can be built and shipped and then fully battle tested
> before the next one lands. apk is used in many production systems today
> and has production-tier expectations of stability. The importance of a
> conservative approach is probably the most relevant take-away from this
> discussion.

I think this is good points. Slow incremental changes is to prefer.

However, I think we need to do some breaking, non-backwards compatible
changes like changing the index format. What I don't want is multiple
breaking changes, so we should try identify what changes that are
breaking, and try to do all those in one shot.

For example we don't want change the index and package formats multiple
times.

-nc