Open Stack

Hi,

this thread was bit of forgotten, sorry for that. A bit more than two
weeks ago we had a discussion on #openstack-release about this [1].

So, to summerize, there are the issues:
- stable/rocky's gate is mostly broken
- more than one third of the repositories have transitioned their
  stable/rocky branch to EOL (including multiple core component)
- old, unmaintained CI jobs, testing environments, hinders refactoring
  of Zuul jobs and other configurations

On the other hand, as Thomas mentioned, there is the need for some
to be able to cooperate (as an example: recent security issue [2],
mentioned in previous mail or in our IRC discussion) on a common place,
namely in gerrit. This was originally the intention with Extended
Maintenance. We just haven't thought about eternity :)

It seems that teams feel that if a branch is 'open' and in 'Extended
Maintenance' then it still means it is 'fully supported', thus cannot
let the gate failing AND don't want to merge patches without gate
tests, that's one reason why teams rather EOL their branches.

We might need to think more about what is the best way forward.

[1] https://meetings.opendev.org/irclogs/%23openstack-release/%23openstack-release.2023-03-08.log.html#t2023-03-08T13:54:34
[2] https://security.openstack.org/ossa/OSSA-2023-002.html

Előd
irc: elodilles

________________________________
From: Thomas Goirand <zigo at debian.org>
Sent: Tuesday, February 14, 2023 7:31 PM
To: Elõd Illés <elod.illes at est.tech>
Cc: openstack-discuss at lists.openstack.org <openstack-discuss at lists.openstack.org>
Subject: Re: [all][stable][ptl] Propose to EOL Rocky series

On 2/10/23 18:26, Elõd Illés wrote:
> Hi,
>
> thanks for all the feedbacks from teams so far!
>
> @Zigo: Extended Maintenance process was created just for the same
> situation: to give space to interested parties to cooperate and keep
> things maintained even when stable releases are over their 'supported'
> lifetime. So it's good to see that there is interest in it!
> Unfortunately, with very old branches we've reached the state where
> gates can't be maintained and without a functional gate it's not safe to
> merge patches (yes, even security fixes) and they are just using
> resources (CI & maintainers' time). When gate is broken in such extent,
> then i think the community have to accept that it is not possible to
> merge patches confidently and needs to EOL that release.

That's where I don't agree. There are ways, outside of the OpenStack
gate, to test things, in such ways that merging patches there can be a
thing.

> Another aspect is that code cannot be cleaned up until those old
> branches are still present (CI jobs, project configurations, etc) which
> gives pain for developers.

Just disable gating completely then.

> So, however some vendors would appreciate probably to keep things open
> forever, for the community this is not beneficial and doable I think.

I don't agree. We need a place to share patches between distros. The
official Git feels like the natural place to do so, even without any
type of gating.

BTW, my Nova patches for CVE-2022-47951 in Rocky, Stein & Train are
currently wrong and need another approach. I was thinking about simply
disabling .vmdk altogether (rather than having a complicated code to
check for the VMDK subtype). I wonder what other distros did. Where do I
disucss this?

Cheers,

Thomas Goirand (zigo)

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.openstack.org/pipermail/openstack-discuss/attachments/20230328/6651aeee/attachment.htm>