Re: Disabling automatic upgrades on Sid by default?
On Mon, 2020-12-28 at 14:09 +0200, Adrian Bunk wrote:
> On Sun, Dec 27, 2020 at 10:58:10PM +0000, Lyndon Brown wrote:
> > ...
> > The problem with using testing as a rolling distro is that the
> > package
> > migration process often causes big delays that can block upgrades
> > that
> > include security fixes, making use of testing alone thus a big
> > security
> > risk.
>
> Debian testing is not and cannot be a proper rolling distro.
Yes, I did point out in an earlier reply to this thread that some were
referring to it as being an actual rolling distro when it is not. I
believe that many treat it as such though.
> Every 2 years testing/unstable is frozen for half a year with
> maintainers not permitted to upload new versions to unstable.
...except where exceptions are granted.
> If such 6 months delay is not a problem for you, Ubuntu releases are
> snapshots of Debian unstable taken every 6 months and security-
> supported
> for 9 months.
>
> > It is unfortunate that although sometimes upgrades with security
> > fixes are rushed into testing quickly to avoid this, I've seen too
> > many
> > examples before of this not happening for me to be comfortable
> > using
> > testing. It is for this reason alone that I personally choose to
> > use
> > unstable, and I'm sure that I'm far from alone.
>
> There used to be a separate testing-security team that monitored
> progression of security fixes from unstable to testing and did
> separate
> uploads to testing when necessary.
>
> It ceased existing 10 years ago for the usual reason, lack of people.
>
> > ...
> > We also have to consider not
> > only doing this for our own personal machines but also others which
> > we
> > may manage, like those of family members (should we choose to give
> > them
> > debian and not want to leave them with the "outdated" packages of
> > stable).
>
> Using Debian testing or any rolling release distribution for this
> usecase would be stupid.
>
> This is a clear case where everything has to be stable and non-
> changing.
I don't agree. This rather depends upon the requirements of each
person, no? If their machine is being used for daily work and it
possibly becoming unusable for a day or so now and then would be a huge
problem, then greater stability will obviously be a must and thus
choosing rolling/testing/unstable for it would indeed be stupid. This
will not always be the case though; not every linux family/friend
machine we may manage needs such stability guarantees and in such cases
they may prefer to take the risk for the benefit of getting big
software upgrades sooner.
Using something like Ubuntu may typically be a better choice though, I
can agree on that.
> > Given than many like myself use unstable for our personal daily-use
> > systems as though it were a proper rolling debian distro, it is
> > thus
> > very problematic for package maintainers to treat unstable as a
> > testing
> > ground to the extent of expecting that we must be "prepared for any
> > kind of breakage".
>
> The testing ground for maintainers is experimental, but all testing
> and
> QA happens between unstable and testing and any kind of breakage
> might
> by accident happen at any time in unstable.
Yes, those of us on unstable must obviously accept that risk that
breakage could happen at any time and thus must be prepared as best as
we can to cope with it. But, it is appreciated if maintainers keep us
in mind, doing their best to avoid causing us significant breakage,
rather than just casually thinking that it won't really matter if their
update breaks things on unstable, that only catching problems before it
reaches testing matters.
> > ...
> > What would be best for most people like myself using
> > testing/unstable
> > as though it were a real rolling distro, who for one reason or
> > another
> > cannot or do not wish to move to a real "rolling" distro like arch,
> > would be for debian to actually offer a real rolling channel
> > alongside
> > the stable one. Surely this would not be burdensome.
> >
> > As I envision it,
> > ...
>
> The internet is full of people who "envision" things, and who claim
> it
> "would surely not be burdensome" if other people would do the actual
> work for them.
>
> If you want this to happen, it is you who will have to implement and
> maintain it.
You seem to have misinterpreted what I wrote.
I was comparing the resource requirements of the current model to the
alternative I described. I was suggesting that the burden upon debian
resources (maintainer effort, etc) would surely be little different
from what it is now, as opposed to the alternate concept of adding a
whole new rolling release channel alongside what we already have.
> cu
> Adrian
Reply to: