[openstack-dev] [tc] [all] OpenStack moving both too fast and too slow at the same time

Thierry Carrez thierry at openstack.org
Thu May 4 14:14:07 UTC 2017

Chris Dent wrote:
> On Wed, 3 May 2017, Drew Fisher wrote:
>> "Most large customers move slowly and thus are running older versions,
>> which are EOL upstream sometimes before they even deploy them."
> Can someone with more of the history give more detail on where the
> expectation arose that upstream ought to be responsible things like
> long term support? I had always understood that such features were
> part of the way in which the corporately avaialable products added
> value?

We started with no stable branches, we were just producing releases and
ensuring that updates vaguely worked from N-1 to N. There were a lot of
distributions, and they all maintained their own stable branches,
handling backport of critical fixes. That is a pretty classic upstream /
downstream model.

Some of us (including me) spotted the obvious duplication of effort
there, and encouraged distributions to share that stable branch
maintenance work rather than duplicate it. Here the stable branches were
born, mostly through a collaboration between Red Hat developers and
Canonical developers. All was well. Nobody was saying LTS back then
because OpenStack was barely usable so nobody wanted to stay on any
given version for too long.

Maintaining stable branches has a cost. Keeping the infrastructure that
ensures that stable branches are actually working is a complex endeavor
that requires people to constantly pay attention. As time passed, we saw
the involvement of distro packagers become more limited. We therefore
limited the number of stable branches (and the length of time we
maintained them) to match the staffing of that team. Fast-forward to
today: the stable team is mostly one person, who is now out of his job
and seeking employment.

In parallel, OpenStack became more stable, so the demand for longer-term
maintenance is stronger. People still expect "upstream" to provide it,
not realizing upstream is made of people employed by various
organizations, and that apparently their interest in funding work in
that area is pretty dead.

I agree that our current stable branch model is inappropriate:
maintaining stable branches for one year only is a bit useless. But I
only see two outcomes:

1/ The OpenStack community still thinks there is a lot of value in doing
this work upstream, in which case organizations should invest resources
in making that happen (starting with giving the Stable branch
maintenance PTL a job), and then, yes, we should definitely consider
things like LTS or longer periods of support for stable branches, to
match the evolving usage of OpenStack.

2/ The OpenStack community thinks this is better handled downstream, and
we should just get rid of them completely. This is a valid approach, and
a lot of other open source communities just do that.

The current reality in terms of invested resources points to (2). I
personally would prefer (1), because that lets us address security
issues more efficiently and avoids duplicating effort downstream. But
unfortunately I don't control where development resources are posted.

Thierry Carrez (ttx)

More information about the OpenStack-dev mailing list