[Samba] Samba 4.16 and 4.17 ubuntu focal and jammy packages

Kees van Vloten keesvanvloten at gmail.com
Sat Oct 29 16:48:20 UTC 2022

On 29-10-2022 18:06, Rowland Penny via samba wrote:
> On 28/10/2022 11:28, Michael Tokarev via samba wrote:
>> 28.10.2022 13:20, Kees van Vloten wrote:
>> ..
>>>>> Why don't you use bullseye-backports??
>> ..
>>> Because a single repo means a single repo-index with a single Samba 
>>> version. Any apt-get update && apt-get dist-upgrade has the risk of 
>>> going to a different Samba version. I want that for *all* packages 
>>> except Samba.
>> Aha.  Now I see.  Once I update samba-backports with samba-4.17 it 
>> will be
>> upgraded automatically which you don't want to do. But you still want it
>> to be upgraded from 4.16.5 to 4.16.6.  That makes sense.
>> It's an interesting observation indeed.  I'll think about it.
>> Now, there's one more question. Why it is so risky to upgrade
>> to a new samba "major" release?
>> /mjt
> Because Samba has an habit of removing, adding or changing things and 
> this leads to old versions of things being left on disk and 
> interfering with the smooth running of Samba. One that springs to mind 
> is the python 'time', Samba had its own version and then removed it, 
> but the distros didn't.
> Starting with a new OS, also ensures that everything is correct and 
> nothing 'old' is there.
> Rowland
What Roland says is one of the issues, config options come and go. That 
can breaks stuff, also security fixes can break things (notably November 

The point is not so much a very high the risk, the point is that the 
consequences are very serious when the risk materializes (i.e upgrade 
failed). In that case no user, including myself, can login on any system.

Therefore I always do a phased upgrade: fileserver first, when that 
works for some time then one domain-controller, when that works the 
second domain-controller. With pinning + sources.list per version I can 
prevent that my all systems upgrade at the same time which is a point in 
time chosen by the package maintainer.

I really do not want my users to call me that they are locked-out only 
to discover that I am locked-out as well.

As stated earlier I have an automate everything policy, that include 
these upgrades. I change the version numbers in the code and then run it 
one by one against the samba fileservers and domain-controllers (so no 
manual apt-get commands, nor am I logged in during an upgrade, I do 
watch the output on my controller and run some tests).

- Kees.

More information about the samba mailing list