Open Stack

Hi,

Thanks, Brian, for sharing Cinder team's view on this topic! I was thinking what to do now, and, because I agree that Rocky (and Stein, too) is probably a done business already, I'm planning to propose the rocky-eol patches for projects that are still open, and teams can signal their decision on those patches (such as: +1 to EOL their stable/rocky branch, or -1 to keep it open).

Thanks again for the responses,

Előd
________________________________
From: Brian Rosmaita <rosmaita.fossdev at gmail.com>
Sent: Wednesday, April 12, 2023 6:49 PM
To: openstack-discuss at lists.openstack.org <openstack-discuss at lists.openstack.org>
Subject: Re: [all][stable][ptl] Propose to EOL Rocky series

On 3/28/23 2:34 AM, Elõd Illés wrote:
> Hi,
>
> this thread was bit of forgotten, sorry for that. A bit more than two
> weeks ago we had a discussion on #openstack-release about this [1].
>
> So, to summerize, there are the issues:
> - stable/rocky's gate is mostly broken
> - more than one third of the repositories have transitioned their
>    stable/rocky branch to EOL (including multiple core component)
> - old, unmaintained CI jobs, testing environments, hinders refactoring
>    of Zuul jobs and other configurations
>
> On the other hand, as Thomas mentioned, there is the need for some
> to be able to cooperate (as an example: recent security issue [2],
> mentioned in previous mail or in our IRC discussion) on a common place,
> namely in gerrit.

The Cinder project team discussed this at the 2023.2 Bobcat vPTG and
decided that we will definitely EOL rocky AND stein.  Given that other
core projects have already done this, they've outlived their usefulness,
even if they were only to be used to discuss patches for those branches
in gerrit.  If a cinder patch requires patches in other services that
have EOL'd that branch, that other service's patches can't be discussed
in gerrit.  (And if there's an alternative place to discuss, for
example, a nova rocky patch, then that alternative place can be used to
discuss cinder EOL patches, too.)

> This was originally the intention with Extended
> Maintenance. We just haven't thought about eternity :)

We are also concerned about the eternal nature of older branches.  There
are some open source projects where the convention has been to never
delete a branch, even though at a certain point, no changes will be
accepted into such a branch.  OpenStack, however, is not such a project,
and we *do* delete branches.  There's a feeling among the project team
that while a branch exists, we are still responsible for it, and there's
an expectation that (no matter what the EM docs say), the project team
is keeping an eye on it.  So we support the current
declare-EOL-and-delete-the-branch policy.

Additionally, if we leave a branch in EM but turn off all CI because the
team has no intention of ever merging anything into that branch, using
gerrit for discussion of patches is probably unworkable as you start to
get a bunch of patches into merge conflict, and it looks like the whole
situation will just become a mess.

> It seems that teams feel that if a branch is 'open' and in 'Extended
> Maintenance' then it still means it is 'fully supported', thus cannot
> let the gate failing AND don't want to merge patches without gate
> tests, that's one reason why teams rather EOL their branches.

We agree.  "Not fully supported but still maintained" is a weird state.
The way OpenStack has signaled "no more" for a branch is to delete it,
so we continue to support the eol-and-delete policy.

> We might need to think more about what is the best way forward.

We think that rocky and stein are done deals because some projects have
already deleted them.  The next issue is train ... is it even
responsible to have a branch that supports Python 2 be in extended
maintenance?  We agree that this requires some more thought.

> [1]
> https://meetings.opendev.org/irclogs/%23openstack-release/%23openstack-release.2023-03-08.log.html#t2023-03-08T13:54:34
> [2] https://security.openstack.org/ossa/OSSA-2023-002.html
>
> Előd
> irc: elodilles
>
> ------------------------------------------------------------------------
> *From:* Thomas Goirand <zigo at debian.org>
> *Sent:* Tuesday, February 14, 2023 7:31 PM
> *To:* Elõd Illés <elod.illes at est.tech>
> *Cc:* openstack-discuss at lists.openstack.org
> <openstack-discuss at lists.openstack.org>
> *Subject:* Re: [all][stable][ptl] Propose to EOL Rocky series
> On 2/10/23 18:26, Elõd Illés wrote:
>> Hi,
>>
>> thanks for all the feedbacks from teams so far!
>>
>> @Zigo: Extended Maintenance process was created just for the same
>> situation: to give space to interested parties to cooperate and keep
>> things maintained even when stable releases are over their 'supported'
>> lifetime. So it's good to see that there is interest in it!
>> Unfortunately, with very old branches we've reached the state where
>> gates can't be maintained and without a functional gate it's not safe to
>> merge patches (yes, even security fixes) and they are just using
>> resources (CI & maintainers' time). When gate is broken in such extent,
>> then i think the community have to accept that it is not possible to
>> merge patches confidently and needs to EOL that release.
>
> That's where I don't agree. There are ways, outside of the OpenStack
> gate, to test things, in such ways that merging patches there can be a
> thing.
>
>> Another aspect is that code cannot be cleaned up until those old
>> branches are still present (CI jobs, project configurations, etc) which
>> gives pain for developers.
>
> Just disable gating completely then.
>
>> So, however some vendors would appreciate probably to keep things open
>> forever, for the community this is not beneficial and doable I think.
>
> I don't agree. We need a place to share patches between distros. The
> official Git feels like the natural place to do so, even without any
> type of gating.
>
> BTW, my Nova patches for CVE-2022-47951 in Rocky, Stein & Train are
> currently wrong and need another approach. I was thinking about simply
> disabling .vmdk altogether (rather than having a complicated code to
> check for the VMDK subtype). I wonder what other distros did. Where do I
> disucss this?
>
> Cheers,
>
> Thomas Goirand (zigo)
>


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.openstack.org/pipermail/openstack-discuss/attachments/20230417/113c4f66/attachment-0001.htm>