[openstack-dev] [all] [stable] No longer doing stable point releases

Ian Cordasco ian.cordasco at RACKSPACE.COM
Mon Jun 15 15:19:51 UTC 2015


On 6/15/15, 09:24, "Thomas Goirand" <zigo at debian.org> wrote:

>On 06/08/2015 01:55 PM, Kuvaja, Erno wrote:
>> One thing I like about plan D
>> is that it would give also indicator how much the stable branch has
>>moved in
>> each individual project.
>
>The only indication you will get is how many patches it has. I fail to
>see how this is valuable information. No info on how important they are
>or anything of this kind, which is a way more important.
>
>Thomas

Are you implying that stable point releases as they exist today provide
importance? How is that case? They're coordinated to happen at (nearly)
the same time and that's about all. Perhaps the most important changes are
CVE fixes. Let's look at a two cases for a stable point release now:

1. A point release without a CVE fix
2. A point release with a CVE fix (or more than one)

In the first case, how does a tagged version provide information about
importance? A release would have been tagged whether the latest commit (or
N commits) had been merged or not. In the second case, downstream
redistributors (or at least Debian) has already shipped a new version with
the fix. The importance of that CVE fix being included in a tag that was
created arbitrarily is then different than the importance it might have if
Debian didn't patch the existing versions. (Note, I'm not advocating you
change this practice.) I don't see how tags detail the importance of the
included commits any more than their existence on a stable branch.



More information about the OpenStack-dev mailing list