[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#784373: [Ceph-maintainers] Bug#784373: jessie-pu: package ceph/0.80.9-2 (pre approval)

On Tue, Jan 5, 2016 at 1:32 PM, Gaudenz Steinlin <gaudenz@debian.org> wrote:
>
> [ CCing the upstream package maintainers list ]
>
> Hi
>
> Julien Cristau <jcristau@debian.org> writes:
>
>> On Fri, Sep 18, 2015 at 22:57:27 +0200, Gaudenz Steinlin wrote:
>>
>>>
>>> Hi debian-release
>>>
>>> Gaudenz Steinlin <gaudenz@debian.org> writes:
>>>
>>> > Gaudenz Steinlin <gaudenz@debian.org> writes:
>>> >> I'd like to update ceph in jessie to the latest upstream bugfix release.
>>> >> The version of ceph in jessie is a long term support (LTS) release which
>>> >> will receive updates at least until January 2016. Updates will be bugfix
>>> >> only. New features go into new release which are developed in parallel.
>>> >> See at the end of this report for the upstream changelog.
>>> >>
>>> >> See http://ceph.com/docs/master/releases/ for the ceph release timeline
>>> >> and support statement.
>>> >>
>>> >
>>> > Just as an additional data point, Ubuntu has a "Minor Release Exception"
>>> > for stable updates for their ceph package [1].
>>>
>>> In the meantime another stable point release of ceph 0.80 (0.80.10) was
>>> released and on top of that there is a (minor) security issue which
>>> won't be fixed through a security update but which would be nice to fix
>>> by a stable update (see bug #798567 / CVE-2015-5245)).
>>>
>>> As another stable update has passed, it would be nice if someone of the
>>> stable release team could comment on this and eventually decide if they
>>> are OK with the proposal to follow the ceph stable branch or if they
>>> don't like it and would prefer an update just fixing the security bug.
>>> It would be nice to have a decision soon, so that there is enough time
>>> to prepare and test the update for the next stable point release.
>>>
>> What does the QA process on upstream's bugfix releases, and on the
>> Debian side for the proposed stable updates, look like?
>
> The QA processes on the upstream side are quite extensive. They run
> integration and upgrade tests on a regular basis. They use their test
> framework theutology[1] for these tests. Their QA configuration is
> available in the ceph-qa-suite repository [2].
>
> Unfortunately it's not easy to see how this testing is actually done and
> if the tests all pass at release time. Maybe someone from upstream Ceph
> can shed some more light on this and explain things in more detail. Some
> test results can be seen on Pulpito [3] but it's not clear to me how
> these results relate to actual releases.

We have some "gitbuilders" running on debian which you can see at
http://ceph.com/gitbuilder.cgi. Those build the source debs and run
"make check", which includes unit tests and some very simple running
cluster tests.

The stable releases and QA teams do affirmative checks to make sure
that all their releases are passing every test prior to tagging. Those
records are available in Redmine tracker tickets; I've added Loïc who
leads that effort and can speak more about it.
-Greg

>
> The QA on the Debian side is not as extensive. My resources are limited,
> but I do run my builds on my own test infrastructure. But I expect the
> changes to the Debian packaging side to be fairly minimal.
>
>>
>> So far I'm leaning towards rejecting this request, as I don't want to
>> spend that much time reviewing these changes, and as you see we're
>> already way behind on stable update requests.
>
> I don't think it's reasonable to expect the release team to review the
> upstream changes. If you don't trust them enough to not break things,
> then we should not upgrade the package. On the other hand other major
> Linux distribution do trust them enough as I wrote in my initial
> request.
>
> If you agree to do these stable updates they have to be done in a
> similar way to the postgres and linux kernel updates. I don't think the
> release team or any Debian developer reviews all upstream changes there.
> So it's really a matter of trust.
>
> Upstream also provides their own Debian packages which are always
> updated to the latest bugfix point releases. I guess many users use
> these packages instead of the packages from Debian because they are
> up to date wrt bugfix releases. IMO this is sad as I think Debian should
> aim at providing the most useful experience out of the box without 3rd
> party repositories.
>
> Gaudenz
>
> [1] https://github.com/ceph/teuthology
> [2] https://github.com/ceph/ceph-qa-suite/tree/firefly
> [3] http://pulpito.ceph.com/?branch=firefly
>
> _______________________________________________
> Ceph-maintainers mailing list
> Ceph-maintainers@lists.ceph.com
> http://lists.ceph.com/listinfo.cgi/ceph-maintainers-ceph.com
>
Reply to: