Re: Proposal: Repository for fast-paced package backports

[Philipp Kern <pkern@debian.org>]

On 26/12/2018 19:31, Dominik George wrote:
> > >    - The package must not be in testing, and care must be taken for the
> > >      package not to migrate to testing.
> > So what would a user of testing do? Will there be a $codename-volatile[1]
> > suite for testing users? Or would they directly install unstable with no
> > other pre-release staging ground? (Which seems like a bad idea.)
>
> The testing distribution and this concept contradict each other. The
> testing distribution is the least supported stage in the Debian release
> cycle, and if used, shall only be used for testing the next Debian
> release. Especially, there are no timely security updates in testing,
> neither by the security nor by the maintainer. So using it for anything
> other than testing the next Debian release in a laboratory is a bad
> idea.
>
> This proposal, however, is about providing fast-paced software as an
> exception on an otherwise stable system.
>
> So if anyone wants to test fast-paced software within a Debian testing
> system, they should use the package from unstable, yes. (Having testing
> on a system without the sid zources is close to impossible outside the
> freeze anyway.)

Of course you can use testing without having sid available, that's the 
point of testing[1]. I think there's a misunderstand about testing 
lurking here, too. And the requirement of backports for the package to 
be in testing is also to get a sane upgrade path from stable to 
next-stable. So you have to support your thing alongside testing, too. 
At least during the freeze, but optimally shortly after the release has 
been cut.

> > Similarly what are the constraints you set for upgrading, if any? How far
> > back will upgrades work and how current do users need to keep their system
> > in order to still be able to upgrade? For one, I think you will need to set
> > expectations here towards the maintainers if a package is never included in
> > a stable release, as they get very muddy otherwise. Plus you need to set
> > expectations for the users as the next package (maybe not gitlab) might come
> > up with requirements that upgrades need to go through every version on the
> > way to, say, update the database properly. And that's hardly supportable
> > unless everyone knows to update quickly.
>
> That certainly is something maintainers need to care about. (I consider
> a software not supporting skipping versions on upgrade a bug, anyway.)
>
> But most importantly, this is nothing that is specific to the -volatile
> proposal - it is the same for regular backports. So discussing this
> general backporting issue should not be mixed with the discussion of
> this proposal.

For backports the general supportability assumption is that you provide 
a sane upgrade path from stable to the backports and from the backport 
to the next stable (optimally the same package). Once you take the 
presence of the stable package out of the mix, it becomes weird. How 
long do you need to preserve compatibility code? How does an agile 
package that does not fit Debian's release cycle cater to these 
requirements?

Just discounting that on the grounds of "that's normal for backporting" 
if it's unique to your proposal is not quite satisfactory to me.

Kind regards
Philipp Kern

[1] You can make the argument that there's a problem with security 
update. But that's why the urgency system exists and maintainers can 
declare that a certain package needs to migrate with minimal waiting 
time. And most of the time (not always) the exploits start to 
materialize later.