[openstack-dev] [kolla][vote] exception for backporting upgrades to liberty/stable

Steven Dake (stdake) stdake at cisco.com
Mon Mar 7 17:41:28 UTC 2016



On 3/7/16, 10:16 AM, "Paul Bourke" <paul.bourke at oracle.com> wrote:

>This is a messy topic. I feel there's been some miscommunication and
>confusion on the issue which hopefully I can sum up.
>
>As far as I remember it, Sam is correct, we did always plan to do
>Liberty upgrades. However, over the course of time post Tokyo these
>plans didn't really materialise, at which point Micheal kindly stepped
>forward to kick things into action [0].
>
>Between now and then the focus shifted to "how do we get from Liberty to
>Mitaka", and the original discussion of moving between minor Liberty
>releases fell by the wayside. I think this is where the confusion has
>arisen.

This is accurate.  It wasn¹t a matter of not materializing, however, we
were capacity constrained.  We will have upgrades working for Mitaka but
it required a lot of everyone's time.

Regards
-stev

>
>As I mentioned before I have been opposed to backporting features to
>stable/liberty, as this is against the philosophy of a stable branch
>etc. etc. However, as has been mentioned many times before, this is a
>new project, hindsight is a great thing. Ideally users running Liberty
>who encounter a CVE could be told to go to Mitaka, but in reality this
>is an unreasonable expectation and operators who have gone on our
>previous release notes that Liberty is ready to rock will feel screwed
>over.
>
>So based on the above I am +1 to get upgrades into Liberty, I hope this
>makes sense.
>
>Regards,
>-Paul
>
>[0] 
>http://lists.openstack.org/pipermail/openstack-dev/2015-December/081467.ht
>ml
>
>On 07/03/16 16:00, Sam Yaple wrote:
>> On Mon, Mar 7, 2016 at 3:03 PM, Steven Dake (stdake) <stdake at cisco.com
>> <mailto:stdake at cisco.com>> wrote:
>>
>>     Hi folks,
>>
>>     It was never really discussed if we would back-port upgrades to
>>     liberty.  This came up during  an irc conversation Friday [1], and a
>>     vote was requested.  Tthe facts of the discussion distilled are:
>>
>>       * We never agreed as a group to do back-port of upgrade during our
>>         back-port discussion
>>       * An operator that can't upgrade her Z version of Kolla (1.1.1
>>         from 1.1.0) is stuck without CVE or OSSA corrections.
>>       * Because of a lack of security upgrades, the individual
>>         responsible for executing the back-port would abandon the work
>>         (but not tuse the abaondon feature for of gerrit for changes
>>         already in the queue)
>>
>>     Since we never agreed, in that IRC discussion a vote was requested,
>>     and I am administering the vote.  The vote request was specifically
>>     should we have a back-port of upgrade in 1.1.0.  Both parties agreed
>>     they would live with the results.
>>
>>     I would like to point out that not porting upgrades means that the
>>     liberty branch would essentially become abandoned unless some other
>>     brave soul takes up a backport.  I would also like to point out that
>>     that is yet another exception much like thin-containers back-port
>>     which was accepted.  See how exceptions become the way to the dark
>>     side.  We really need to stay exception free going forward (in
>>     Mitaka and later) as much as possible to prevent expectations that
>>     we will make exceptions when none should be made.
>>
>> This is not an exception. This was always a requirement. If you disagree
>> with that then we have never actually had a stable branch. The fact is
>> we _always_ needed z version upgrades for Kolla. It was _always_ the
>> plan to have them. Feel free to reference the IRC logs and our prior
>> mid-cycle and our Tokyo upgrade sessions. What changed was time and
>> peoples memories and that's why this is even a conversation.
>>
>>     Please vote +1 (backport) or ­1 (don¹t backport).  An abstain in
>>     this case is the same as voting ­1, so please vote either way.  I
>>     will leave the voting open for 1 week until April 14th.  If there I
>>     a majority in favor, I will close voting early.  We currently
>>     require 6 votes for majority as our core team consists of 11 people.
>>
>>     Regards,
>>     -steve
>>
>>
>>     [1]
>>     
>>http://eavesdrop.openstack.org/irclogs/%23kolla/%23kolla.2016-03-04.log.h
>>tml#t2016-03-04T18:23:26
>>
>>     Warning [1] was a pretty heated argument and there may have been
>>     some swearing :)
>>
>>     voting.
>>
>>     "Should we back-port upgrades
>>
>>     
>>_________________________________________________________________________
>>_
>>     OpenStack Development Mailing List (not for usage questions)
>>     Unsubscribe:
>>     OpenStack-dev-request at lists.openstack.org?subject:unsubscribe
>>     
>><http://OpenStack-dev-request@lists.openstack.org?subject:unsubscribe>
>>     http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>>
>>
>> Obviously I am +1 on committing to a stable _/stable_/ branch. And that
>> has always required Z upgrades. Luckily the work we did in master is
>> also usable for z upgrades. Without the ability to perform an update
>> after a vulnerability, we have to stable branch.
>>
>> I would remind every one we _did_ have this conversation in Tokyo when
>> we discussed pinning to stable versions of other projects rather than
>> using head of thier stable branch. We currently do that and there is a
>> review for a tool to make that even easier to maintain [1]. There was
>> even talk of a bot to purpose these bumps in versions. That means z
>> upgrades were expected for Liberty. Anyone thinking otherwise has a
>> short memory.
>>
>> [1] https://review.openstack.org/#/c/248481/
>>
>>
>> 
>>_________________________________________________________________________
>>_
>> OpenStack Development Mailing List (not for usage questions)
>> Unsubscribe: 
>>OpenStack-dev-request at lists.openstack.org?subject:unsubscribe
>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>>
>
>__________________________________________________________________________
>OpenStack Development Mailing List (not for usage questions)
>Unsubscribe: OpenStack-dev-request at lists.openstack.org?subject:unsubscribe
>http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev




More information about the OpenStack-dev mailing list