State of OMV: final version of OMV5 and EOL of OMV4

  • Hi there,


    my name is Ralph. Currently we are using FreeNAS in our small business environment but as I'm more familiar with Linux I was looking for a similar linux-based solution.
    OMV seems to be what I need but the version chaos leaves me a bit perplexed. OMV5 beta seems to be in the wild forever. News on the website are mostly meant for OMV4 but also for OMV5 and 6(!?!). When I check the download section OMV4 and OMV5 (the version without beta) download numbers are almost equal. So I have read a lot in the forum and found different statements regarding the current state of the project. Somewhere I found the statement (from last summer) that OMV5 will be out right after Debian 10.1. As Debian 10.3 came out two weeks ago this info might be outdated but as there are beta and non-beta versions of OMV5 in the download section in parallel I'm not so sure of my conclusion. At the same time most users in forum give advice to install OMV5 while OMV5 being labeled as being beta here ...


    We all know the joke of open source software never getting 'final' but as most of the news on the website still covering OMV4 I have the strong feeling that the project leaders still recommend this version for stable operation. My problem is now that I'm in search for a stable AND long term replacement for our FreeNAS. 'Stable' pushes me towards OMV4 but I have absolutely no idea how long this will be supported. When I clicked back in the website news I found that OMV3 was EOL on the same day when OMV4 final came out. For OMV5 this might be tomorrow or in three years if developers play the 'never getting final' game.


    Somewhere else on the forum I found the statement that OMV5 will be out 'as soon as possible' but no mention which conditions have to be fulfilled for that. So while most users recommend OMV5 there still seem to be broken parts that have to be fixed before getting official.


    I'm at a loss. Would some official person please give me advice what do do now? Is this OMV5 beta thing just the usual open source joke but in fact this is the recommended stable version? Or should I go with OMV4 for my production systems? But whats the expected EOL for OMV4? Sure there will be an upgrade path but experience has taught me that major upgrades almost always cause hidden problems that take a lot of time to find and fix. If possible I would like to avoid this.


    Ralph

  • I'm not official and there are too many questions but ...



    found the statement (from last summer) that OMV5 will be out right after Debian 10.1.

    It actually said it won't be before 10.1 is released. It does not say it will be released as soon as 10.1 is out.


    if developers play the 'never getting final' game.

    You do realize there is a 1.0 final, 2.0 final, 3.0 final, 4.0 final? So, the developer (there is only one - votdev) knows how to play the "get to final" game.


    Is this OMV5 beta thing just the usual open source joke but in fact this is the recommended stable version?

    I would call OMV 5 a release candidate. I don't understand why you put open source in this boat when many, many closed source software companies release beta quality software (windows???). Wouldn't you be happy that a stable release is declared stable when it is ready?


    Or should I go with OMV4 for my production systems?

    Just remember OMV is just a web interface on top of a super stable Debian. If you set your settings and never change anything like a normal prod system, OMV 5 is fine.

    Sure there will be an upgrade path but experience has taught me that major upgrades almost always cause hidden problems that take a lot of time to find and fix.

    As with all software. OMV only has one dev. So, there is no LTS release. You should upgrade when the system is EOL. If this doesn't work, then something is probably a better option. And OMV being declared EOL just means no bug fixes or code changes. If the underlying Debian is still supported and that OMV version works, you don't *have* to upgrade.

    omv 5.6.6 usul | 64 bit | 5.11 proxmox kernel | omvextrasorg 5.6.1
    omv-extras.org plugins source code and issue tracker - github


    Please read this before posting a question.
    Please don't PM for support... Too many PMs!

  • Since OMV is based on Debian Linux, you should consult their published EOL schedules. OMV4 is based on Debian 9 (Stretch), EOL ~2020, LTS ends ~2022.


    The seemingly never changing answer about release date questions is "It will be released when it is released."

    --
    Google is your friend and Bob's your uncle!


    OMV AMD64 5.x on ASRock Rack C2550D4I C0 Stepping - 16GB ECC - Silverstone DS380 + Silverstone DS380 DAS Box.

  • The seemingly never changing answer about release date questions is "It will be released when it is released."

    just putting this here as a potential source of inspiration: https://doublecmd.sourceforge.io/mantisbt/roadmap_page.php open source software, developed by a single person. a nice proof that if you want to, you really can avoid flooding your discussion forum with hundreds of "when it will be ready??" posts

    HP Proliant Microserver Gen8, E3-1265Lv2, 16 GB ECC RAM, 3x WD RED 3TB + 1x WD RED 4TB + Crucial MX300 525 GB SSD.

    Powered by Proxmox VE

  • Thanks for going into detail.

    I'm not official and there are too many questions but ...



    It actually said it won't be before 10.1 is released. It does not say it will be released as soon as 10.1 is out.

    Oh sorry! I misunderstood that!


    You do realize there is a 1.0 final, 2.0 final, 3.0 final, 4.0 final? So, the developer (there is only one - votdev) knows how to play the "get to final" game.

    Don't get me wrong. I also found the older finals but things might change over time. I don't know how long the other versions had beta status but >10 months for OMV5 beta are a long time.
    I didn't know that this is in fact a one man show. In this case votdev has my utmost respect for driving this project!


    I would call OMV 5 a release candidate. I don't understand why you put open source in this boat when many, many closed source software companies release beta quality software (windows???). Wouldn't you be happy that a stable release is declared stable when it is ready?

    You are right that calling a software 'stable' or 'ready for production' is also a weak definition in terms of proprietary software. In contrast to that I know open source projects that are calling their in fact stable software 'beta' for years and years just to point out that they do not guarantee any function or support (while at the same time offering better community support than most commercial competitors). For someone like me, who is new to OMV, it is really hard to predict what beta means in context of OMV.



    Just remember OMV is just a web interface on top of a super stable Debian. If you set your settings and never change anything like a normal prod system, OMV 5 is fine.

    I'm not feeling well with running a any software on my servers that provides access through a web interface while not being updated anymore. ;)
    Apart from that the planned Debian 9/10 EOL also speak more for OMV5 than 4.



    As with all software. OMV only has one dev. So, there is no LTS release. You should upgrade when the system is EOL. If this doesn't work, then something is probably a better option. And OMV being declared EOL just means no bug fixes or code changes. If the underlying Debian is still supported and that OMV version works, you don't *have* to upgrade.

    I understand that small projects (not just one man projects) are not able to actively support several versions in parallel but sustainability is an important factor for choosing a software. When I searched the forum I found people expecting OMV5 getting final /OMV4 getting EOL 'next month' for half a year now. This kind of uncertainty is concerning to me.



    Anyway, thanks for answering my questions!

  • just putting this here as a potential source of inspiration: https://doublecmd.sourceforge.io/mantisbt/roadmap_page.php open source software, developed by a single person. a nice proof that if you want to, you really can avoid flooding your discussion forum with hundreds of "when it will be ready??" posts

    Sorry votdev for beeing part of the flood of asking people! Some roadmap linked on the website might be indeed useful to estimate the current release state. Right now I have no idea what problems stop you from releasing OMV5.

  • I don't know how long the other versions had beta status but >10 months for OMV5 beta are a long time.

    Being a plugin dev, I guess I understand the development cycle better than most. While 10 months is a long time, it is a moving beta. The first beta release is barely changed from the previous release. That is why it is beta quality. The features/changes develop over the next months while the previous release is maturing. Some of the features/fixes from the beta version get tested and find their way back to the maturing release. It is a pretty smooth cycle that works well. This happens to be exactly how Debian does it as well. When Debian 9 was released, the development of Debian 10 started right away. So, each Debian release is in alpha or beta for 18 months. Their support is longer but they have hundreds of devs.


    I'm not feeling well with running a any software on my servers that provides access through a web interface while not being updated anymore.

    You would be amazed how many packages that haven't been updated in the Debian repos. And just because OMV isn't receiving updates (probably doesn't need any), nginx and php are receiving updates from Debian. So, what is your worry?


    I understand that small projects (not just one man projects) are not able to actively support several versions in parallel but sustainability is an important factor for choosing a software. When I searched the forum I found people expecting OMV5 getting final /OMV4 getting EOL 'next month' for half a year now. This kind of uncertainty is concerning to me.

    You worry too much about labels. And I have heard nothing about OMV 4 other than it won't receive new features. No new features is not the same as end of life.

    omv 5.6.6 usul | 64 bit | 5.11 proxmox kernel | omvextrasorg 5.6.1
    omv-extras.org plugins source code and issue tracker - github


    Please read this before posting a question.
    Please don't PM for support... Too many PMs!

  • Being a plugin dev, I guess I understand the development cycle better than most. While 10 months is a long time, it is a moving beta. The first beta release is barely changed from the previous release. That is why it is beta quality. The features/changes develop over the next months while the previous release is maturing. Some of the features/fixes from the beta version get tested and find their way back to the maturing release. It is a pretty smooth cycle that works well. This happens to be exactly how Debian does it as well. When Debian 9 was released, the development of Debian 10 started right away. So, each Debian release is in alpha or beta for 18 months. Their support is longer but they have hundreds of devs.

    Don't want to be disrespectful to votdev and to you as omv-extras maintainer, but as you brought this subject on the stage: OMV relies heavily on its debian base. Why doesn't it align better with debians release cycle? Wouldn't it be better to beta test OMV with debian testing and when a Debian version gets stable, the corresonding OMV gets stable too? As I (not being involved in OMV development) cannot see any reason for not releasing OMV 5, might it be that OMV is targeting debian oldstable in general?


    You would be amazed how many packages that haven't been updated in the Debian repos. And just because OMV isn't receiving updates (probably doesn't need any), nginx and php are receiving updates from Debian. So, what is your worry?

    Because of these abandoned packages I use minimal os installs whenever possible. And aside from basic system tools most needed software provides own repos or dockers that are updated on a regular basis. If this philosophy was safe why are there security updates for most popular webapps all the time? Why constantly updating phpmyadmin, Wordpress, Netcloud, ... when nginx and php are already up to date? Ok, a NAS is usually placed on the intranet but this should never ever be an excuse for having unmaintained and potentially insecure software in use. Our NAS is the place where most of our sensitive data lives.


    You worry too much about labels. And I have heard nothing about OMV 4 other than it won't receive new features. No new features is not the same as end of life.

    Labels should have a meaning. beta usually tells people not to use this for production systems. But in open source world there are some exceptions to the rule. I asked because I'm not sure what the OMV5 beta label wants to tell me.


    Please have a look here:
    https://www.openmediavault.org/?paged=13&page_id=1271


    On the release day of OMV4 volker (=votdev?) stated that OMV3 won't get further security fixes after 50 days of transition time. No offense but to me this doesn't sound as if using OMV3 would have been a good choice after that. If votdev decides to officially release OMV5 tomorrow I expect the same 50 days of transition time.


    So now I have the choice between a software that is beta for (to me and others) unknown reasons and another software that might be EOL (and without further security fixes) in 51 days.
    This uncertainty is not a good advertising for OMV... :huh:

  • Why doesn't it align better with debians release cycle?

    I don't know. You would have to ask Volker. As a plugin dev, I can't start my work until the next version of OMV exists.


    Wouldn't it be better to beta test OMV with debian testing and when a Debian version gets stable, the corresonding OMV gets stable too?

    Maybe he doesn't want to try and write code against a moving target? Can't answer that either.


    might it be that OMV is targeting debian oldstable in general?

    No.


    f this philosophy was safe why are there security updates for most popular webapps all the time? Why constantly updating phpmyadmin, Wordpress, Netcloud, ... when nginx and php are already up to date? Ok, a NAS is usually placed on the intranet but this should never ever be an excuse for having unmaintained and potentially insecure software in use. Our NAS is the place where most of our sensitive data lives.

    You can't compare an app designed to be facing the internet all the time with an app designed to never be on the internet. Maybe OMV's web interface is written better?? And what exactly is going to attack the OMV web interface? And just because there are no security updates doesn't mean someone is sitting out there with a bunch of 0 day exploits waiting to attack your NAS that isn't on the internet. This is just paranoia. I only remember a few security patches over the entire life of OMV since 0.2. Even if you NAS was attacked, you should have an offsite backup. Commercial NASes aren't supported for more than a couple of years and rarely patched even when they are still in support. People keep using them and amazingly don't lose their sensitive data.

    So now I have the choice between a software that is beta for (to me and others) unknown reasons and another software that might be EOL (and without further security fixes) in 51 days.
    This uncertainty is not a good advertising for OMV.

    This doesn't make any sense. OMV 4.x was released officially almost two years ago. So, you come into the game late and complain you will have to update soon? You know that OMV 5.x is very close to release. I don't care about a beta tag on a release from nine months ago. Why not just use OMV 5.x and then you probably won't have to update for well over a year.

    omv 5.6.6 usul | 64 bit | 5.11 proxmox kernel | omvextrasorg 5.6.1
    omv-extras.org plugins source code and issue tracker - github


    Please read this before posting a question.
    Please don't PM for support... Too many PMs!

  • I don't agree with you in the point of using (any) outdated software. The fact that other people ignore the risks of using unmaintained software is not a good argument for making the same mistake. I remember the days last year when some ransomware nuked hospitals, governmental authorities, large companies and LOTS OF ordinary users out of business by encrypting their most precious files. Some of those companies and authorities had large security departments but turned out that most of this mess could have been prevented by just keeping the it systems somewhat up to date. I'm confident, one day in the future millions of owners of outdated Synology NAS boxes will sit in front of their encrypted files. And you know what? People will laugh at them saying its their own fault that they didn't migrate to a supported platform in time. Same goes for outdated Linux boxes, Windows 7 PCs etc. In terms of backups we have two independent NASes in two buildings that mirror each other and on top of that offsite HDD backup, but why taking avoidable risks? You call it 'paranoia', I 'risk minimization'. Without our data, we're screwed. So better safe than sorry.



    But you are right that this might be bad time for switching to OMV. I decided to wait with the migration until OMV5 gets final and in the meantime I'm going on with using a VM to set up everything. So that I'm able to port the settings later on. Using beta software for production goes against my principles.



    And one other thing. I saw some other people on the forum complaining about missing announcement of a release date for OMV5. I think this misses the point. From my perspective as part time it guy in our small company knowing EOL dates of systems is way more important than knowing a release date. When you set up a new machine/service for your employer he wants to have an estimation of the approximate costs of ownership for the next years. And as majority of the work falls into installation and configuration phase the expected lifetime of a system is a very important factor. But I know that for OMV the EOL is tight bound to the release of new versions. The missing EOL dates of OMV are actually a larger issue for business use than the missing release dates. :whistling:


    Ralph

Participate now!

Don’t have an account yet? Register yourself now and be a part of our community!