[openstack-dev] [all] [stable] No longer doing stable point releases
Dave Walker
email at daviey.com
Fri May 29 19:36:21 UTC 2015
Responses inline.
On 29 May 2015 6:15 pm, "Haïkel" <hguemar at fedoraproject.org> wrote:
>
> 2015-05-29 15:41 GMT+02:00 Thierry Carrez <thierry at openstack.org>:
> > Hi everyone,
> >
> > TL;DR:
> > - We propose to stop tagging coordinated point releases (like 2015.1.1)
> > - We continue maintaining stable branches as a trusted source of stable
> > updates for all projects though
> >
>
> Hi,
>
> I'm one of the main maintainer of the packages for Fedora/RHEL/CentOS.
> We try to stick as much as possible to upstream (almost zero
> downstream patches),
> and without intermediate releases, it will get difficult.
If you consider *every* commit to be a release, then your life becomes
easier. This is just a case of bumping the SemVer patch version per commit
(as eloquently put by Jeremy). We even have tooling to automate the
version generation via pbr..
Therefore, you might want to jump from X.X.100 to X.X.200 which would mean
100 commits since the last update.
> I'm personally not fond of this as it will lead to more fragmentation.
> It may encourage
> bad behaviors like shipping downstream patches for bug fixes and CVE
instead
> of collaborating upstream to differentiate themselves.
> For instance, if we had no point-based release, for issues tracking
> purposes, we would
> have to maintain our sets of tags somewhere.
I disagree, each distro already does security patching and whilst I expect
this to still happens, it actually *encourages* upstream first workflow as
you can select a release on your own cadence that includes commits you
need, for your users.
> There's also the release notes issue that has already been mentioned.
> Still continuous release notes won't solve the problem, as you wouldn't
> be able to map these to the actual packages. Will we require operators
> to find from which git commit, the packages were built and then try to
figure
> out which fixes are and are not included?
Can you provide more detail? I'm not understanding the problem.
> > Long version:
> >
> > At the "stable branch" session in Vancouver we discussed recent
> > evolutions in the stable team processes and how to further adapt the
> > work of the team in a "big tent" world.
> >
> > One of the key questions there was whether we should continue doing
> > stable point releases. Those were basically tags with the same version
> > number ("2015.1.1") that we would periodically push to the stable
> > branches for all projects.
> >
> > Those create three problems.
> >
> > (1) Projects do not all follow the same versioning, so some projects
> > (like Swift) were not part of the "stable point releases". More and more
> > projects are considering issuing intermediary releases (like Swift
> > does), like Ironic. That would result in a variety of version numbers,
> > and ultimately less and less projects being able to have a common
> > "2015.1.1"-like version.
> >
>
> And that's actually a pain point to track for these releases in which
> OpenStack branch belong. And this is probably something that needs to
> be resolved.
>
> > (2) Producing those costs a non-trivial amount of effort on a very small
> > team of volunteers, especially with projects caring about stable
> > branches in various amounts. We were constantly missing the
> > pre-announced dates on those ones. Looks like that effort could be
> > better spent improving the stable branches themselves and keeping them
> > working.
> >
>
> Agreed, but why not switching to a time-based release?
> Regularly, we tag/generate/upload tarballs, this could even be automated.
> As far as I'm concerned, I would be more happy to have more frequent
releases.
>
> > (3) The resulting "stable point releases" are mostly useless. Stable
> > branches are supposed to be always usable, and the "released" version
> > did not undergo significantly more testing. Issuing them actually
> > discourages people from taking whatever point in stable branches makes
> > the most sense for them, testing and deploying that.
> >
> > The suggestion we made during that session (and which was approved by
> > the session participants) is therefore to just get rid of the "stable
> > point release" concept altogether for non-libraries. That said:
> >
> > - we'd still do individual point releases for libraries (for critical
> > bugs and security issues), so that you can still depend on a specific
> > version there
> >
> > - we'd still very much maintain stable branches (and actually focus our
> > efforts on that work) to ensure they are a continuous source of safe
> > upgrades for users of a given series
> >
> > Now we realize that the cross-section of our community which was present
> > in that session might not fully represent the consumers of those
> > artifacts, which is why we expand the discussion on this mailing-list
> > (and soon on the operators ML).
> >
>
> Thanks, I was not able to join this discussion, and that was the kind
> of proposal
> that I was fearing to see happen.
>
> > If you were a consumer of those and will miss them, please explain why.
> > In particular, please let us know how consuming that version (which was
> > only made available every n months) is significantly better than picking
> > your preferred time and get all the current stable branch HEADs at that
> > time.
> >
>
> We provide both type of builds
> * git continuous builds => for testing/CI and early feedback on potential
issues
> * point-release based builds => for GA, and production
>
> Anyway, I won't force anyone to do something they don't want to do but I'm
> willing to step in to keep point releases in one form or another.
>
> Regards,
> H.
>
> > Thanks in advance for your feedback,
> >
> > [1] https://etherpad.openstack.org/p/YVR-relmgt-stable-branch
> >
> > --
> > Thierry Carrez (ttx)
> >
> >
__________________________________________________________________________
> > OpenStack Development Mailing List (not for usage questions)
> > Unsubscribe:
OpenStack-dev-request at lists.openstack.org?subject:unsubscribe
> > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>
> __________________________________________________________________________
> OpenStack Development Mailing List (not for usage questions)
> Unsubscribe: OpenStack-dev-request at lists.openstack.org?subject:unsubscribe
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20150529/ea291022/attachment.html>
More information about the OpenStack-dev
mailing list