State of OMV: final version of OMV5 and EOL of OMV4

Hi there,

my name is Ralph. Currently we are using FreeNAS in our small business environment but as I'm more familiar with Linux I was looking for a similar linux-based solution.
OMV seems to be what I need but the version chaos leaves me a bit perplexed. OMV5 beta seems to be in the wild forever. News on the website are mostly meant for OMV4 but also for OMV5 and 6(!?!). When I check the download section OMV4 and OMV5 (the version without beta) download numbers are almost equal. So I have read a lot in the forum and found different statements regarding the current state of the project. Somewhere I found the statement (from last summer) that OMV5 will be out right after Debian 10.1. As Debian 10.3 came out two weeks ago this info might be outdated but as there are beta and non-beta versions of OMV5 in the download section in parallel I'm not so sure of my conclusion. At the same time most users in forum give advice to install OMV5 while OMV5 being labeled as being beta here ...

We all know the joke of open source software never getting 'final' but as most of the news on the website still covering OMV4 I have the strong feeling that the project leaders still recommend this version for stable operation. My problem is now that I'm in search for a stable AND long term replacement for our FreeNAS. 'Stable' pushes me towards OMV4 but I have absolutely no idea how long this will be supported. When I clicked back in the website news I found that OMV3 was EOL on the same day when OMV4 final came out. For OMV5 this might be tomorrow or in three years if developers play the 'never getting final' game.

Somewhere else on the forum I found the statement that OMV5 will be out 'as soon as possible' but no mention which conditions have to be fulfilled for that. So while most users recommend OMV5 there still seem to be broken parts that have to be fixed before getting official.

I'm at a loss. Would some official person please give me advice what do do now? Is this OMV5 beta thing just the usual open source joke but in fact this is the recommended stable version? Or should I go with OMV4 for my production systems? But whats the expected EOL for OMV4? Sure there will be an upgrade path but experience has taught me that major upgrades almost always cause hidden problems that take a lot of time to find and fix. If possible I would like to avoid this.

Ralph

Thanks for going into detail.

Zitat von ryecoaaron

I'm not official and there are too many questions but ...

It actually said it won't be before 10.1 is released. It does not say it will be released as soon as 10.1 is out.

Oh sorry! I misunderstood that!

Zitat von ryecoaaron

You do realize there is a 1.0 final, 2.0 final, 3.0 final, 4.0 final? So, the developer (there is only one - votdev) knows how to play the "get to final" game.

Don't get me wrong. I also found the older finals but things might change over time. I don't know how long the other versions had beta status but >10 months for OMV5 beta are a long time.
I didn't know that this is in fact a one man show. In this case votdev has my utmost respect for driving this project!

Zitat von ryecoaaron

I would call OMV 5 a release candidate. I don't understand why you put open source in this boat when many, many closed source software companies release beta quality software (windows???). Wouldn't you be happy that a stable release is declared stable when it is ready?

You are right that calling a software 'stable' or 'ready for production' is also a weak definition in terms of proprietary software. In contrast to that I know open source projects that are calling their in fact stable software 'beta' for years and years just to point out that they do not guarantee any function or support (while at the same time offering better community support than most commercial competitors). For someone like me, who is new to OMV, it is really hard to predict what beta means in context of OMV.

Zitat von ryecoaaron

Just remember OMV is just a web interface on top of a super stable Debian. If you set your settings and never change anything like a normal prod system, OMV 5 is fine.

I'm not feeling well with running a any software on my servers that provides access through a web interface while not being updated anymore.
Apart from that the planned Debian 9/10 EOL also speak more for OMV5 than 4.

Zitat von ryecoaaron

As with all software. OMV only has one dev. So, there is no LTS release. You should upgrade when the system is EOL. If this doesn't work, then something is probably a better option. And OMV being declared EOL just means no bug fixes or code changes. If the underlying Debian is still supported and that OMV version works, you don't *have* to upgrade.

I understand that small projects (not just one man projects) are not able to actively support several versions in parallel but sustainability is an important factor for choosing a software. When I searched the forum I found people expecting OMV5 getting final /OMV4 getting EOL 'next month' for half a year now. This kind of uncertainty is concerning to me.

Anyway, thanks for answering my questions!

Zitat von molnart

just putting this here as a potential source of inspiration: https://doublecmd.sourceforge.io/mantisbt/roadmap_page.php open source software, developed by a single person. a nice proof that if you want to, you really can avoid flooding your discussion forum with hundreds of "when it will be ready??" posts

Sorry votdev for beeing part of the flood of asking people! Some roadmap linked on the website might be indeed useful to estimate the current release state. Right now I have no idea what problems stop you from releasing OMV5.

Zitat von ryecoaaron

Being a plugin dev, I guess I understand the development cycle better than most. While 10 months is a long time, it is a moving beta. The first beta release is barely changed from the previous release. That is why it is beta quality. The features/changes develop over the next months while the previous release is maturing. Some of the features/fixes from the beta version get tested and find their way back to the maturing release. It is a pretty smooth cycle that works well. This happens to be exactly how Debian does it as well. When Debian 9 was released, the development of Debian 10 started right away. So, each Debian release is in alpha or beta for 18 months. Their support is longer but they have hundreds of devs.

Don't want to be disrespectful to votdev and to you as omv-extras maintainer, but as you brought this subject on the stage: OMV relies heavily on its debian base. Why doesn't it align better with debians release cycle? Wouldn't it be better to beta test OMV with debian testing and when a Debian version gets stable, the corresonding OMV gets stable too? As I (not being involved in OMV development) cannot see any reason for not releasing OMV 5, might it be that OMV is targeting debian oldstable in general?

Zitat von ryecoaaron

You would be amazed how many packages that haven't been updated in the Debian repos. And just because OMV isn't receiving updates (probably doesn't need any), nginx and php are receiving updates from Debian. So, what is your worry?

Because of these abandoned packages I use minimal os installs whenever possible. And aside from basic system tools most needed software provides own repos or dockers that are updated on a regular basis. If this philosophy was safe why are there security updates for most popular webapps all the time? Why constantly updating phpmyadmin, Wordpress, Netcloud, ... when nginx and php are already up to date? Ok, a NAS is usually placed on the intranet but this should never ever be an excuse for having unmaintained and potentially insecure software in use. Our NAS is the place where most of our sensitive data lives.

Zitat von ryecoaaron

You worry too much about labels. And I have heard nothing about OMV 4 other than it won't receive new features. No new features is not the same as end of life.

Labels should have a meaning. beta usually tells people not to use this for production systems. But in open source world there are some exceptions to the rule. I asked because I'm not sure what the OMV5 beta label wants to tell me.

Please have a look here:
https://www.openmediavault.org/?paged=13&page_id=1271

On the release day of OMV4 volker (=votdev?) stated that OMV3 won't get further security fixes after 50 days of transition time. No offense but to me this doesn't sound as if using OMV3 would have been a good choice after that. If votdev decides to officially release OMV5 tomorrow I expect the same 50 days of transition time.

So now I have the choice between a software that is beta for (to me and others) unknown reasons and another software that might be EOL (and without further security fixes) in 51 days.
This uncertainty is not a good advertising for OMV...

I don't agree with you in the point of using (any) outdated software. The fact that other people ignore the risks of using unmaintained software is not a good argument for making the same mistake. I remember the days last year when some ransomware nuked hospitals, governmental authorities, large companies and LOTS OF ordinary users out of business by encrypting their most precious files. Some of those companies and authorities had large security departments but turned out that most of this mess could have been prevented by just keeping the it systems somewhat up to date. I'm confident, one day in the future millions of owners of outdated Synology NAS boxes will sit in front of their encrypted files. And you know what? People will laugh at them saying its their own fault that they didn't migrate to a supported platform in time. Same goes for outdated Linux boxes, Windows 7 PCs etc. In terms of backups we have two independent NASes in two buildings that mirror each other and on top of that offsite HDD backup, but why taking avoidable risks? You call it 'paranoia', I 'risk minimization'. Without our data, we're screwed. So better safe than sorry.

But you are right that this might be bad time for switching to OMV. I decided to wait with the migration until OMV5 gets final and in the meantime I'm going on with using a VM to set up everything. So that I'm able to port the settings later on. Using beta software for production goes against my principles.

And one other thing. I saw some other people on the forum complaining about missing announcement of a release date for OMV5. I think this misses the point. From my perspective as part time it guy in our small company knowing EOL dates of systems is way more important than knowing a release date. When you set up a new machine/service for your employer he wants to have an estimation of the approximate costs of ownership for the next years. And as majority of the work falls into installation and configuration phase the expected lifetime of a system is a very important factor. But I know that for OMV the EOL is tight bound to the release of new versions. The missing EOL dates of OMV are actually a larger issue for business use than the missing release dates.

Ralph