[openstack-dev] [all] [stable] No longer doing stable point releases
Alan Pevec
apevec at gmail.com
Sun May 31 22:50:21 UTC 2015
2015-05-29 18:30 GMT+02:00 Jeremy Stanley <fungi at yuggoth.org>:
> On 2015-05-29 16:30:12 +0100 (+0100), Dave Walker wrote:
>> This is generally my opinion as-well, I always hoped that *every*
>> commit would be considered a release rather than an arbitrary
>> tagged date.
> [...]
>
> If we switch away from lockstep major/minor release versioning
> anyway (again separate discussion underway but seems a distinct
> possibility) then I think the confusion over why stable point
> releases are mismatched becomes less of an issue. At that point we
> may want to reconsider and actually tag each of them with a
> sequential micro (patch in semver terminology) version bump. Could
> help in communication around security fixes in particular.
Yes, if dropping stable point releases, sub-version schema is still
needed for clear communication in OSSAs and proposed continuous
releases notes.
One issue is how would we provide source tarballs, statically hosting
tarballs for each and every micro version is not realistic, also those
wouldn't be signed.
RPM packages traditionally expect pristine upstream tarballs which can
be verified and generating them from git is not reproducible e.g.
right now in nova stable/kilo branch:
python ./setup.py sdist
mv dist/nova-2015.1.1.dev20.tar.gz dist/nova-2015.1.1.dev20.tar.gz-TAKE1
python ./setup.py sdist
diff dist/nova-2015.1.1.dev20.tar.gz-TAKE1 dist/nova-2015.1.1.dev20.tar.gz
Binary files dist/nova-2015.1.1.dev20.tar.gz-TAKE1 and
dist/nova-2015.1.1.dev20.tar.gz differ
Before dropping point releases, I would like to have:
* idempotent sdist on the same SHA
* dynamic tarball generation service like github archive
* switch to micro-version i.e. current nova stable/kilo would be 2015.1.20
Cheers,
Alan
More information about the OpenStack-dev
mailing list