[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: What to do when DD considers policy to be optional? [kubernetes]


On 25.03.20 23:39, Dmitry Smirnov wrote:

>> Software packages like kubernetes, docker, and many of the other "hip
>> tools of the day" are moving way too fast for our release scheme.

> It is worth remembering that Debian is not only a stable release.
> Statically built Golang apps are easy to install from testing/unstable into 
> stable and packaging still provides certain benefits.

That, and in theory we also have a "volatile" archive for things that
move too fast.

> Stable Debian release protects users from sudden unexpected and disruptive 
> changes but some prefer to run their systems from "testing".

I'd expect people running container hosts to prefer stable, but if
upstream doesn't provide a "long term support" version (or anything that
actually has a version number instead of a commit ID) and at the same
time the software is too complex to branch off and maintain ourselves,
then our hands are kind of tied.

FWIW, I used to maintain software like this, and filed a "this software
is unstable and should not be part of a stable release" RC bug against
it, that's a completely valid state for a package to be in. For anything
but container host software, the existence of containers even makes this
somewhat manageable.

We have an awful lot of packages with version numbers of the forms
"0+git...", "0.0.2019..." or just a single large number, because
upstream does not believe in traditional releases, but the processes
Debian was built around expect software to be released and supported for
a while and expect maintainers to be able to forward bug reports
upstream and get a better reply than "tell your users to upgrade".

Getting Firefox and Thunderbird as ESR versions into Debian was a
massive amount of pain, but in the end it seems to have paid off,
because we managed to convince upstream that there is demand for stable
releases from users who do not want to roll out updates constantly and
deal with the resulting stability issues.

As a distribution, it is our job to communicate users' expectations to
upstream, not just to facilitate an unidirectional flow of packages.
Many upstreams already distribute .deb files from a robust mirror
infrastructure, our value proposition should be a bit stronger than "you
don't need to configure an additional source".


Attachment: signature.asc
Description: OpenPGP digital signature

Reply to: