[openstack-dev] [all] [stable] No longer doing stable point releases
Thomas Goirand
zigo at debian.org
Sun Jun 7 08:47:23 UTC 2015
On 05/29/2015 09:36 PM, Dave Walker wrote:
> Responses inline.
>
> On 29 May 2015 6:15 pm, "Haïkel" <hguemar at fedoraproject.org
> <mailto:hguemar at fedoraproject.org>> wrote:
>>
>> 2015-05-29 15:41 GMT+02:00 Thierry Carrez <thierry at openstack.org
> <mailto:thierry at openstack.org>>:
>> > Hi everyone,
>> >
>> > TL;DR:
>> > - We propose to stop tagging coordinated point releases (like 2015.1.1)
>> > - We continue maintaining stable branches as a trusted source of stable
>> > updates for all projects though
>> >
>>
>> Hi,
>>
>> I'm one of the main maintainer of the packages for Fedora/RHEL/CentOS.
>> We try to stick as much as possible to upstream (almost zero
>> downstream patches),
>> and without intermediate releases, it will get difficult.
>
> If you consider *every* commit to be a release, then your life becomes
> easier.
What does this mean? Am I supposed to upload a patched release to Debian
every day? I suppose I didn't understand you correctly here.
If we were to do this in downstream distros, we wouldn't have an
upstream number matching each commit. This would be a problem because we
would loose track of what version we're at between distros.
>> I'm personally not fond of this as it will lead to more fragmentation.
>> It may encourage
>> bad behaviors like shipping downstream patches for bug fixes and CVE
> instead
>> of collaborating upstream to differentiate themselves.
>> For instance, if we had no point-based release, for issues tracking
>> purposes, we would
>> have to maintain our sets of tags somewhere.
>
> I disagree, each distro already does security patching and whilst I
> expect this to still happens, it actually *encourages* upstream first
> workflow as you can select a release on your own cadence that includes
> commits you need, for your users.
We are discussing point releases. This is only far related to security
fixes. Point releases are including bug fixes which, most of the time,
aren't security fixes which are by the way always backported to the
previous point release, and uploaded as hotfixes to distributions.
Cheers,
Thomas Goirand (zigo)
More information about the OpenStack-dev
mailing list