[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bits from the RM

Hello world,

Sorry: this is long, and it's probably all relevant. Get a snack and
something to drink while you read it maybe.

So, it's time we start doing more than think about the next release. Since
I'm all for aggressive goals, let's aim for sometime in December -- how 
about 2003-12-01 00:00:00 UTC?

Perhaps I shouldn't have suggested getting the drink. It's okay, get a
cloth, I can wait, and you're not going to be able to read the rest of
this email until you clean that monitor up.

Anyway, obviously this is aggressive, but I think it's entirely
achievable. Exactly how we achieve it may be a little bit unclear, but
hopefully the following will address some of that. To setup the context,
we'll begin by discussing some of our longer term goals wrt releases,
and the problems we're having with those.

One reasonable question some people ask is why we have stable releases at
all. A fair number of people are happily running testing and unstable on
their desktops and servers, and if they're not already as secure, reliable
and featureful as stable is, they can certainly be made to be. The
key difference that we want to keep is updates: testing and unstable
will change the way your system works in small ways quite regularly,
requiring constant attention from a sysadmin to ensure the system still
does what it's supposed to.  By contrast, the regular security updates and
occassional point releases of stable generally make a point of not adding
any new features, nor breaking *any* behaviour admins or users might
be relying on. Basically, it's the difference between having a sysadmin
spending fifteen minutes every day or week tweaking your server to keep
it running, or having a sysadmin come in for a week once a year to do a
major upgrade. In some environments the latter is by far the more feasible
option, and it's there that Debian stable releases are most useful.

One major issue for these types of users is predictability: you don't
want to schedule your admins to come on site, then find you need to do
a major Debian upgrade a month later, and have to bring them back out.
The same argument applies even more so to people trying to pre-install
Debian and ship it to people: if features you need are only available
in testing/unstable, you either need to wait an indeterminate amount of
time until a release happens or maintain a possibly large set of security
updates in a timely fashion yourself.

So one thing we've been working on, and will continue to work on, is
ensuring we can plan a release well in advance of it happening, and that
our plans actually pan out. One of the functions of setting as aggressive
a goal as we are this time is to see just how effective we can be.

The other goal of our "releases", using the term more loosely to refer to
our daily releases of packages in suites other than stable, is to support
people who *are* willing to tweak their system on a daily or weekly
basis. The tradeoff still to be made here is one of "features" versus
"reliability"; the value of new changes, versus the risk that the changes
will break something you need. Essentially we want to allow people to make
a choice between newer software that we're confident works fairly well,
and software that's as new as possible, possibly so new we can't make any
promises at all about it. We're trying to make this distinction with the
"testing" and "unstable" suites, letting people choose to take all their
software one way or the other, or using pinning, just some of it.

Our primary failure here is that in order to keep testing as current as
we can, we're skimping on keeping unstable as new as we might otherwise.
This includes being slow to upload released software that we're not as
confident with, and being very hesitant to upload CVS versions of packages
at all. These aren't necessarily bad choices. They are, however, choices
we should be aiming to leave up to our users, not making ourselves.

Hopefully none of the above should be particularly controversial. People's
priorities will obviously lie in different areas, but keeping the above in
mind should allow us to avoid getting in conflict too much.

Because conflict is probably going to be coming up. One thing that an
aggressive schedule implies is that we're going to have to experiment a
little: if we could just keep doing the same old thing, it'd be an easy
schedule, if we only had to try a little harder, it'd be a difficult
schedule.  This isn't either of those things, so in order to try to
achieve it, we're going to mix things up a bit.

("Try to achieve it"? Tsk, what would Yoda say?)

The first new feature we have for this release is distributed release
management. It's hierarchial, not peer to peer, but hey, it's a start.
After replying to the "Help wanted" mail from March, and surviving a
series of grueling challenges on the debian-release list, Joey Hess
<joeyh@debian.org>, Steve Langasek <vorlon@debian.org> and Colin
Watson <cjwatson@debian.org> (Kamion) have each been granted powers
above and beyond mere mortal developers and the grand title of Release
Assistant. In particular if you don't understand why your packages aren't
getting into testing, they'll usually be able to either explain why, or
fix it. They're also able to offer good advice on all manner of things
should you be feeling confused, or need some help. They all IRC, and
amongst all of us, we should cover most timezones. So don't be afraid
to ask for help or advice. If you don't know what to work on, don't be
afraid to ask for suggestions.

In order to ease some of the pressure on unstable, we're encouraging
greater usage of experimental. The plan here is that you should upload the
latest, release-quality packages to unstable; and the latest development
packages to experimental. This means daily snapshots, CVS versions,
alphas, pre-releases and so forth. If you're currently maintaining
a foo-snapshot package in unstable, you should consider dropping the
-snapshot, and uploading it to experimental. It also means you should make
an extra effort to ensure that what you put in unstable is maintained at
the quality you'd expect from a Debian stable release, although obviously
with far more frequent changes. You won't always succeed, unless you're
some sort of packaging God, but that should definitely be your aim.

For people uploading to experimental, you should be aware of the following:

	* experimental uses the same overrides as unstable. Packages
	  already in unstable can be uploaded to experimental without
	  requiring any delay while an ftpmaster reviews licenses and
	  such; and similarly once a NEW package uploaded to experimental
	  has been approved, no further delay will be required when it's
	  uploaded to unstable.

	* there is an "experimental" tag in the BTS you can use to help
	  differentiate bugs in the unstable and experimental versions
	  of your package. Automated version tracking for the BTS is
	  under development, but in the meantime this is your best bet.

	* Bugs fixed in uploads to experimental will be automatically tagged
	  as "fixed-in-experimental", rather than closed.

	* experimental is not, and will not be, automatically built by our
	  standard buildd infrastructure. Instead, you should ask other
	  developers who own machines of the various architectures to
	  do a build for you; please wait for your source upload to hit
	  the mirrors, and include the package name, version, and a list
	  of any dependencies that should be satisfied from experimental
	  rather than unstable in your request.

	  We hope that eventually we'll be able to incorporate this
	  mechanism into the standard buildd infrastructure, but it's
	  expected experimental will only ever be built-on-request.

	  On-request experimental builders are encouraged to make an
	  unsigned .changes file, a build log, and, ideally, the finished
	  build tree (with .o files, etc) available to the maintainer
	  along with the compiled .debs, rather than uploading straight to
	  the archive.

	  Developer accessible porting machines are listed at
	  http://db.debian.org/machines.cgi, and unstable chroots are
	  available for almost all architectures. Contact debian-admin
	  about any packages you need installed.

	* apt-get will not automatically install packages from
	  experimental when you add it to your sources.list, you'll need
	  to select them manually, or make use of pinning.

	* experimental is otherwise the same as the other suites, with the
	  same restrictions. Once you upload an .orig.tar.gz, eg, you
	  cannot change it, including when you're eventually ready to
	  upload to unstable.

Note that once you upload to unstable, you're committed to making what
you've uploaded release-quality. If you have any doubts, try to get rid
of them by uploading to experimental first.

Please be careful when you're using experimental -- we haven't done much
with it now, so some things can get screwed up. We've already had one
instance of this with a sparc build of an experimental version of glibc
making its way into unstable; katie should REJECT that sort of thing now,
but there may yet be other kinks that haven't been worked out. Yet.

Obviously, we also need to massively reduce the release-critical bug
count.  As such, you should consider every weekend from now until the
release a "bug squash party" in the usual sense.  If you've got some free
time, look through the release-critical bug list and help reproduce bugs,
supply patches, test fixes, or do NMUs. Of interest, if you haven't been
paying close attention, might be the little extra bits of information
in the RC bug list: bugs tagged help, patch or pending are now coloured
purple, green and orange to make them a little easier to spot, and
the number of bugs marked patch and pending are listed at the top to
give an overview of how we're going. At the rate we'd like to be going,
we'll need to shorten the RC bug list by between 50 and 100 bugs a week,
or close about 10-20 RC bugs a day.  On average, every developer will
need to at least help resolve one RC bug every two weeks from now until
release, and since simply reading this puts you slightly above average
in the activeness stakes, you'll need to do slightly more than this for
us to meet our goal.

To help coordinate RC bug fixing and BSPs, you can make use of the
"BugSquash Claims" page, at:


It's populated by creating files in


named after your username @debian.org, and entering one bug number per
line.  Developers who're participating in the BSP should enter the bugs
they're working on into there, and might like to check to see if anyone
else has "claimed" the bug to avoid duplication of work. Once you've
got the bug patched and NMUed, it'll remain on the page for a while,
for bragging rights. Also interesting might be urls such as:


Remember, we're not prospecting for gold here: claims are advisory
only; if you really want to fix a bug, and can't seem to get a hold of
whoever's got a claim, don't worry about it -- fix the bug yourself, and
mail your findings to the bug report. If you want to do duplicate work,
that's your business.

While the above is nice and all, and will hopefully be useful during
future releases as well, it's probably not going to shake things up
quite enough to get sarge out by December. As stronger medicine, we're
going to spend the next few weeks -- in particular, the period between
Saturday 23rd August and Sunday 14th September -- experimenting with
an excessively liberal policy for NMUs, namely, "NMU whatever you like,
whenever you like".  You can look at this in a few ways:

	* If you're uploading NMUs for the BSP during this period,
	  you should skip DELAYED, and just upload straight to
	  queue/unchecked (f.k.a Incoming).

	* You should consider yourself a co-maintainer of every package
	  in the distribution, and feel obliged to fix the bugs you see,
	  and apply any outstanding patches.

	* You should consider this perhaps your one and only chance to get
	  some fix you desperately need into sarge, whether it be to a
	  release-critical bug, an important bug, a normal bug, a minor
	  bug, or in many cases even a wishlist bug.

There are caveats. You should follow the usual traditions wrt NMUs:
use a point version number, make sure the problems you're fixing are
reported, mail patches to the BTS, make sure the maintainer knows what
you're doing, don't make irrelevant changes to the package, don't make
major changes to the package, be respectful of the maintainer at all
times especially when disagreeing, fix any bugs that you cause even
more promptly than you would in your own packages, and generally act
according to the highest standards.

If you're going to mention this 0-day NMU rule in passing to anyone,
make sure you cover the entire paragraph above, and emphasise it. We're
temporarily reducing the level of courtesy and bureaucracy involved in
making NMUs, not the quality we expect of them.

Additionally, you should realise that this is a strictly limited offer,
so while you should take advantage of it, don't waste your time or our
users' time, adding features that you know the maintainer will simply
remove in his or her next upload.

On the other hand, as a maintainer, while you're certainly encouraged
to spend the next few days fixing any outstanding issues that you think
might be targetted come the 23rd, one of the points to this experiment
is to encourage you not to see an NMU as a particularly bad thing. So
try not to be too NMU-averse.

If you find you have a particularly good or bad experience with this,
as either a maintainer or an NMUer (or possibly as a user), please keep
a note of your thoughts and post them to debian-devel on the 15th of
September, so that we can do an experiment report, determine what worked
and what didn't, and see if we want to update our regular NMU policy
(or if individual maintainers might want to update their personal NMU

This is a risky policy. That's why it ends early, so we still have time
to clean up any mess. Do take care.

Continuing on in the "no pain, no gain" school of thought, we'll also
be attempting to reduce the number of release-critical bugs affecting
sarge by removing a significant number of packages. Candidates for
removal will be all packages with release-critical bugs: if the version
of your package in testing has release-critical bugs it will probably
be removed from testing; if it has release-critical bugs in unstable,
and looks otherwise unmaintained under a guilty-until-proven-innocent
policy, there's a real chance it will also be removed from unstable.

This is the only warning you'll receive; the best way to ensure this
doesn't happen to you is to do a better job maintaining your packages than
I do maintaining mine. Keep your RC bug count down to approximately zero,
and make sure you don't leave any open for more than about a week.
Reply to bugs, and use tags to reflect their status. It's not a
particularly high standard, so you really shouldn't have any problems.

Should your package be removed from testing, you'll probably have time
to fix the bugs in the unstable version, and let that propogate back
into sarge. If you're worried about this, contact myself or any of the
release assistants to find out what's going on. The status of packages
being considered for inclusion in testing is available at:


Ask around if you don't understand what it some of the cryptic comments in
the contents mean.

Next on the list of changes to the way we do things is working out
what's a "severe policy violation". In particular, we're going to try
moving away from subtle semantic distinctions in the forty thousand word
document that is Debian Policy, and switching towards a simpler, bullet
point list of release-critical issues. This is located at


and should be considered canonical. Please briefly skim it just to make
sure you're familiar with all the issues listed. Also of interest may
be the introduction of the "sarge-ignore" tag, which will be used to
indicate which release-critical issues will be ignored for sarge. Note
that that tag should *only* be used by the release manager.

Going back to our original problem, namely, release predictability,
we have three things to address. One is making it clear what we've
decided. Another is making it clear that we can achieve what we've decided
-- that's what the above attempts. The other is making it clear whether
or not our plans are actually working out. In aid of that, here is a
rough dateline of what we're aiming to achieve, and when.


	* August 19th (now)

		0-day NMUs (as of the 23rd)

		Development versions of packages expecting to include
		major changes in sarge uploaded to experimental.

		Drop the RC bug list by ~150 bugs to ~700
		(via removals and fixes)

		Beta testing of debian-installer by adventurous users
		(subscribe to debian-boot, and try CVS or the images at

		Beta testing of upgrades over the network and with sarge
		CD images
		(available under http://gluck.debian.org/cdimage/ . May
		be bootable, depending on your luck. Only for the truly

	* September 1st

		0-day NMUs

		Last major changes to toolchain packages

		Drop the RC bug list by ~200 bugs to ~500
		(via removals and fixes)

		HOWTO use debian-installer to install sarge posted to
		-devel-announce (volunteers appreciated)

		Beta testing of installation with sarge CD images by
		adventurous users

	* September 15th

		Drop the RC bug list by ~150 bugs to ~350
		(via better accounting, removals and fixes)

		Beta testing of the installation (debian-installer, tasksel,
		base-config, package installs, CD images, everything)

		debian-installer hackfest at Oldenburg, Germany

		Last major changes to major packages uploaded to unstable

	* October 1st

		Drop the RC bug list by ~150 bugs to ~100
		(via removals, fixes and workarounds)

		1st test cycle, public request for comments

		Last minute fixes and changes to the installer

	* October 15th

		Drop the RC bug list by ~100 bugs to ~0
		(via fixes, workarounds, wishful thinking and ignorance)

		Final, last minute, low-risk bug fixes only

		Get support for sarge up and running on security.debian.org

		2nd test cycle, public request for comments

	* November 1st

		Get any remaining security bugs patched

		3rd and final test cycle, public request for comments

		Minimal package updates -- manual approval by RM only

	* November 15th

		Final tweaks

		Minimal package updates -- manual approval by RM only

	* December 1st


You're strongly encouraged to work out your own schedule for packages you
work on, to make sure you don't leave it too late to get any changes you
want properly tested before the release. Please don't forget to include
the lag from the 10-day testing delay. Also make sure to include some
leg room if you depend on packages that have a tendency to be buggy
(glibc, for example).

So, that's the plan, and the end of this email. If the heart attack at
the beginning didn't get you, perhaps the exhaustion will.

What's that? You're hungry? Well, I did say you should get a snack. That's
not what you meant? You're hungry for *action*, you say? Well, get to it!

a "corny lines 'r' us" j

Anthony Towns <ajt@debian.org>
Debian Release Manager

Attachment: pgprW7HKEXWK6.pgp
Description: PGP signature

Reply to: