Here's an update on how this issue is shaping up.
As a reminder, the issue is that the Cinder project team has proposed to
EOL and delete all current EM branches (that is, stable/train through
stable/xena) due to the complexity of coordinating a fix for
CVE-2023-2088 across all affected projects in the EM branches. Given
the badness of CVE-2023-2088, the team did not want any unfixed branches
sitting around for people to use.
In the meantime, there has been a Forum session at the recent OpenInfra
Summit and ongoing discussion in the TC culminating in the following
proposal that I believe is coming close to agreement:
"Unmaintained status replaces Extended Maintenance"
https://review.opendev.org/c/openstack/governance/+/888771
For clarity, will this new model affect all the OpenStack projects or is it an alternative to the current EM model based on each project election?
Best regards,
Alfredo
Here's my understanding of how the new Unmaintained status (and its
transition plan) impacts the Cinder team's proposal to EOL all the EM
branches.
1. stable/train and stable/ussuri can be tagged EOL and deleted. (For
cinder, at least, stein and older are already EOL.)
2. stable/victoria, stable/wallaby, and stable/xena will immediately
transition from EM to Unmaintained status. This means that the Cinder
project team has *no obligations* with respect to maintaining these
branches or their gates. (Technically, we never did, but now it will be
completely clear.) The branches will be renamed to
unmaintained/victoria, unmaintained/wallaby, and unmaintained/xena to
make their Unmaintained status unmistakable.
The maintenance of the Unmaintained branches will fall to a
cinder-unmaintained-core team, whose exact composition is still under
discussion on [0], but which will be completely separate from the
cinder-core and cinder-stable-maint teams. The cinder-core and
cinder-stable-maint members have no obligation to participate in
cinder-unmaintained-core (though they can if they want to).
3. The existence and ultimate EOL and deletion of
unmaintained/{victoria,wallaby,xena} will follow the Unmaintained branch
policy. A sketch of what this means over the next few cycles is mapped
out in this etherpad:
https://etherpad.opendev.org/p/24gf87QcmV6xF4StbLQx
This email you are reading right now only concerns the way the new
Unmaintained status proposal affects the Cinder project's plans with
respect to the current Extended Maintenance branches. I encourage
everyone to read the full proposal [0] to understand how Unmaintained
status will be applied across all projects going forward.
My personal opinion is that Unmaintained status and its transition plan
addresses the concerns of the Cinder project team with respect to the
current EM branches; the Cinder team will decide the team's position on
this issue at today's weekly meeting (1400 UTC) [1].
cheers,
brian
[0] https://review.opendev.org/c/openstack/governance/+/888771
[1] https://etherpad.opendev.org/p/cinder-bobcat-meetings
On 7/6/23 2:01 PM, Brian Rosmaita wrote:
> On 7/6/23 1:05 PM, Nikolla, Kristi wrote:
> [snip]
>> As a courtesy to allow the TC to provide a resolution with coordinated
>> guidelines for EOL-ing branches across projects, we please ask that
>> you wait until the end of July at the latest.
> [snip]
>
> This seems reasonable to me. The Cinder project has announced its
> intentions, namely, that we will not fix the gates for any of the
> branches currently in EM, and that the EOL tags will (eventually) be
> made at the hashes indicated in the proposed release patches:
>
> https://review.opendev.org/q/topic:cinder-eol-june2023
>
> If anyone in the wider OpenStack Community has a desire to have
> backports merged into these branches, or to keep these branches open
> longer, now would be a good time to step up and do all appropriate work
> to make that happen.
>
> cheers,
> brian
>