[openstack-dev] [all] [stable] No longer doing stable point releases
zigo at debian.org
Wed Jun 10 08:48:14 UTC 2015
On 06/09/2015 04:54 PM, Jeremy Stanley wrote:
> On 2015-06-09 10:55:55 +0200 (+0200), Thomas Goirand wrote:
>> That's far from being in place. Also, while we are removing point
>> releases, and support for Icehouse, we still don't have a common private
>> Gerrit for security, which we've been told about 2 years ago.
>> Removing collaboration tools before new ones are in place is
>> definitively not the way to go.
> In the stable branch management session at the Liberty summit, the
> Infrastructure Team position was confirmed that we can't maintain
> non-supported branches in a second Gerrit any more than we can in
> the primary one. The idea that there might be some branch of an
> OpenStack project which we just give up on testing but keep
> available for new changes is distasteful from a quality perspective.
> If there is sufficient interest from distro representatives in
> collaborating upstream on backports to, for example, stable/icehouse
> then that interest needs to include the resources necessary to
> maintain sufficient testing upstream (as defined by the upstream
I have made a round table in Paris, and I have names of interested
people who would work on this. But without a collaboration tool (and at
least a common Git repository to work on), it is going to be harder to
work on together.
> So, I'm sorry, but don't look to an OpenStack-maintained non-public
> code review system as a workaround for continuing to collaborate in
> private on branches unsupported upstream in public. Most of the time
> it ends up being non-distro upstream developers (quality assurance,
> release management, infrastructure, vulnerability management,
> individual projects) who bear the majority of the responsibility for
> keeping testing working on those branches and we're clearly at our
> breaking point now trying to maintain three besides our master
I understand, and I haven't asked the VMT or anyone upstream to work on
> If the interested distributions come back with teams of people to
> dedicate to this work, which means getting deeply embedded in the
> groups who currently maintain the existing testing and release
> management for stable branches and are currently understaffed for
> that effort, then we can certainly revisit the number of branches
> we're able to maintain in both the public and (future) embargoed
> security review systems.
As we discussed, the goal isn't to maintain upstream CI, but to have a
place to share our work between distributions. We would do the testing
downstream, not using OpenStack infra.
Please get this security gerrit up, so that we can work on a patch
during the embargo period.
Thomas Goirand (zigo)
More information about the OpenStack-dev