Proposal to do regular jenkins updates via jessie-updates (Was: Re: Removing Jenkins from Jessie)
On 2015-04-08 22:45, Miguel Landaeta wrote:
> On Wed, 08 Apr 2015 18:17:59 +0200, Niels Thykier escribió:
>> [...]
>>
>> I had a chat with James Page and Emmanuel Bourg about Jenkins over IRC.
>> We concluded that it was infeasible for Debian to maintain Jenkins due
>> to the lack of upstream commitment to a LTS release-cycle of sufficient
>> length to match the length of Jessie[1].
>
> Do you think is feasible or acceptable to maintain Jenkins in
> jessie-updates suite instead?
>
I am not entirely convinced that Jenkins applies to stable-updates
criteria[1]. However, I am leaving the final call on that to the SRMs.
My view on this:
* There are several jenkins-* packages that will (presumably) need to
be updated as often as Jenkins itself.
* Doing this will imply pulling a new Jenkins LTS release almost
immediately (the current one have several critical security flaws and
is probably EOL).
- NB: Jenkins "LTS" is supported for 3 or 6 as far as I recall - but
"[citation missing]".
* I would do with an assessment of how like you think it is that the
Jenkins packages (jenkins + jenkins-*) will remain buildable,
supportable, and installable in Jessie (at least 3 years) without
needing to do updates to other packages (or introduce new packages).
- 5 if you want to support it for a possible jessie-lts (ignoring
for a moment that jessie-lts is technically handled by a separate
team).
* We would probably want to add a disclaimer in the release-notes if we
were to do this. If only to say that security updates are bundled
with new upstream releases as we cannot reliably backport minimal
fixes.
I have put my removal on hold for now until the SRMs have had a chance
to look at this.
Thanks,
~Niels
[1] https://lists.debian.org/debian-devel-announce/2011/03/msg00010.html
I suspect it would have to fall under the "Packages that need to be
current to be useful (e.g. clamav)."-clause if Jenkins was applicable.
Reply to: