Re: release-notes: no new ssh connections during upgrade

To: debian-doc@lists.debian.org
Cc: Paul Gevers <elbrus@debian.org>
Subject: Re: release-notes: no new ssh connections during upgrade
From: Justin B Rye <justin.byam.rye@gmail.com>
Date: Fri, 6 Aug 2021 18:23:16 +0100
Message-id: <[🔎] 20210806172316.GA31715@jbr.me.uk>
In-reply-to: <[🔎] 8b1fd247-88d5-e285-c288-d98030061d85@debian.org>
References: <[🔎] 8b1fd247-88d5-e285-c288-d98030061d85@debian.org>

Paul Gevers wrote:
> Please find attached my proposal for the release notes to cover bug #990069.
> 
> Disclaimer: I (or somebody else) still have (has) to verify that the
> procedure works as intended. One can clearly start a very limited
> upgrade with only openssh-server, but what needs checking is that:
> a) ssh login works after the partial upgrade
> b) with openssh-server upgraded, the downtime for accepting new
> connections is greatly reduced.

Unfortunately my own testing facilities are currently limited until
replacement parts arrive for my testbed machine...

> +  <section id="ssh-not-available">
> +    <title>No new ssh connections possible during upgrade</title>
                     ^^^
I think the protocol (as opposed to the executable) should be "SSH";
if convenient we might even want to say "Secure Shell (SSH)" the first
time we refer to it in the body.

I was considering changing the title to
       <title>No new connections possible during SSH upgrade</title>
since some parts of the dist-upgrade process are perfectly safe, but
apparently it's more complicated than that.

> +    <para>
> +      Due to unfortunate circumstances it's not possible to establish
> +      new <command>ssh</command> connections for a bigger part of the

I'd like to avoid "big(ger) part" for a period of time.

> +      upgrade than during previous release upgrades. As usual,
> +      existing connections should continue to work, but if the upgrade
> +      is done over <command>ssh</command> and the
> +      <command>ssh</command> connection is not trusted to last for the

Express the "trust" part in terms of a risk of interruption rather
than a fear of betrayal.

> +      full upgrade period, it's adviced to upgrade <systemitem
                                       ^
"Advised" (and not "-ized" even in en_US), except that "it's advised"
seems somehow more impersonal than "it's recommended/suggested" (other
approaches: "it's advisable", "you're advised").

> +      role="package">openssh-server</systemitem> before upgrading the
> +      full system.
> +    </para>
> +  </section>

Thinking about the overall structure, it might work better to move the
"good news" part to the start...

     <section id="ssh-not-available">
       <title>No new SSH connections possible during upgrade</title>
       <para>
         Although existing Secure Shell (SSH) connections should continue to
         work through the upgrade as usual, due to unfortunate circumstances
         the period when new SSH connections cannot be established is longer
         than usual. If the upgrade is being carried out over an SSH
         connection which might be interrupted, it's recommended to upgrade
         <systemitem role="package">openssh-server</systemitem> before
         upgrading the full system.
       </para>
-- 
JBR	with qualifications in linguistics, experience as a Debian
	sysadmin, and probably no clue about this particular package

Reply to:

Follow-Ups:
- Re: release-notes: no new ssh connections during upgrade
  - From: Paul Gevers <elbrus@debian.org>

References:
- release-notes: no new ssh connections during upgrade
  - From: Paul Gevers <elbrus@debian.org>

Prev by Date: release-notes: no new ssh connections during upgrade
Next by Date: Re: release-notes: no new ssh connections during upgrade
Previous by thread: release-notes: no new ssh connections during upgrade
Next by thread: Re: release-notes: no new ssh connections during upgrade
Index(es):
- Date
- Thread