Here's an update on how this issue is shaping up. As a reminder, the issue is that the Cinder project team has proposed to EOL and delete all current EM branches (that is, stable/train through stable/xena) due to the complexity of coordinating a fix for CVE-2023-2088 across all affected projects in the EM branches. Given the badness of CVE-2023-2088, the team did not want any unfixed branches sitting around for people to use. In the meantime, there has been a Forum session at the recent OpenInfra Summit and ongoing discussion in the TC culminating in the following proposal that I believe is coming close to agreement: "Unmaintained status replaces Extended Maintenance" https://review.opendev.org/c/openstack/governance/+/888771 Here's my understanding of how the new Unmaintained status (and its transition plan) impacts the Cinder team's proposal to EOL all the EM branches. 1. stable/train and stable/ussuri can be tagged EOL and deleted. (For cinder, at least, stein and older are already EOL.) 2. stable/victoria, stable/wallaby, and stable/xena will immediately transition from EM to Unmaintained status. This means that the Cinder project team has *no obligations* with respect to maintaining these branches or their gates. (Technically, we never did, but now it will be completely clear.) The branches will be renamed to unmaintained/victoria, unmaintained/wallaby, and unmaintained/xena to make their Unmaintained status unmistakable. The maintenance of the Unmaintained branches will fall to a cinder-unmaintained-core team, whose exact composition is still under discussion on [0], but which will be completely separate from the cinder-core and cinder-stable-maint teams. The cinder-core and cinder-stable-maint members have no obligation to participate in cinder-unmaintained-core (though they can if they want to). 3. The existence and ultimate EOL and deletion of unmaintained/{victoria,wallaby,xena} will follow the Unmaintained branch policy. A sketch of what this means over the next few cycles is mapped out in this etherpad: https://etherpad.opendev.org/p/24gf87QcmV6xF4StbLQx This email you are reading right now only concerns the way the new Unmaintained status proposal affects the Cinder project's plans with respect to the current Extended Maintenance branches. I encourage everyone to read the full proposal [0] to understand how Unmaintained status will be applied across all projects going forward. My personal opinion is that Unmaintained status and its transition plan addresses the concerns of the Cinder project team with respect to the current EM branches; the Cinder team will decide the team's position on this issue at today's weekly meeting (1400 UTC) [1]. cheers, brian [0] https://review.opendev.org/c/openstack/governance/+/888771 [1] https://etherpad.opendev.org/p/cinder-bobcat-meetings On 7/6/23 2:01 PM, Brian Rosmaita wrote:
On 7/6/23 1:05 PM, Nikolla, Kristi wrote: [snip]
As a courtesy to allow the TC to provide a resolution with coordinated guidelines for EOL-ing branches across projects, we please ask that you wait until the end of July at the latest. [snip]
This seems reasonable to me. The Cinder project has announced its intentions, namely, that we will not fix the gates for any of the branches currently in EM, and that the EOL tags will (eventually) be made at the hashes indicated in the proposed release patches:
https://review.opendev.org/q/topic:cinder-eol-june2023
If anyone in the wider OpenStack Community has a desire to have backports merged into these branches, or to keep these branches open longer, now would be a good time to step up and do all appropriate work to make that happen.
cheers, brian