Hi,
Forgive my ignorance guys, but why are you still discussing updating the firefly release in Jessie when ceph has released two major stable releases after it, one of them being an LTS (hammer)?
Why not just propose to upgrade Jessie's package to Hammer at least.
Hpcre
[ CCing the upstream package maintainers list ]
Hi
Julien Cristau <jcristau@debian.org> writes:
> On Fri, Sep 18, 2015 at 22:57:27 +0200, Gaudenz Steinlin wrote:
>
>>
>> Hi debian-release
>>
>> Gaudenz Steinlin <gaudenz@debian.org> writes:
>>
>> > Gaudenz Steinlin <gaudenz@debian.org> writes:
>> >> I'd like to update ceph in jessie to the latest upstream bugfix release.
>> >> The version of ceph in jessie is a long term support (LTS) release which
>> >> will receive updates at least until January 2016. Updates will be bugfix
>> >> only. New features go into new release which are developed in parallel.
>> >> See at the end of this report for the upstream changelog.
>> >>
>> >> See http://ceph.com/docs/master/releases/ for the ceph release timeline
>> >> and support statement.
>> >>
>> >
>> > Just as an additional data point, Ubuntu has a "Minor Release Exception"
>> > for stable updates for their ceph package [1].
>>
>> In the meantime another stable point release of ceph 0.80 (0.80.10) was
>> released and on top of that there is a (minor) security issue which
>> won't be fixed through a security update but which would be nice to fix
>> by a stable update (see bug #798567 / CVE-2015-5245)).
>>
>> As another stable update has passed, it would be nice if someone of the
>> stable release team could comment on this and eventually decide if they
>> are OK with the proposal to follow the ceph stable branch or if they
>> don't like it and would prefer an update just fixing the security bug.
>> It would be nice to have a decision soon, so that there is enough time
>> to prepare and test the update for the next stable point release.
>>
> What does the QA process on upstream's bugfix releases, and on the
> Debian side for the proposed stable updates, look like?
The QA processes on the upstream side are quite extensive. They run
integration and upgrade tests on a regular basis. They use their test
framework theutology[1] for these tests. Their QA configuration is
available in the ceph-qa-suite repository [2].
Unfortunately it's not easy to see how this testing is actually done and
if the tests all pass at release time. Maybe someone from upstream Ceph
can shed some more light on this and explain things in more detail. Some
test results can be seen on Pulpito [3] but it's not clear to me how
these results relate to actual releases.
The QA on the Debian side is not as extensive. My resources are limited,
but I do run my builds on my own test infrastructure. But I expect the
changes to the Debian packaging side to be fairly minimal.
>
> So far I'm leaning towards rejecting this request, as I don't want to
> spend that much time reviewing these changes, and as you see we're
> already way behind on stable update requests.
I don't think it's reasonable to expect the release team to review the
upstream changes. If you don't trust them enough to not break things,
then we should not upgrade the package. On the other hand other major
Linux distribution do trust them enough as I wrote in my initial
request.
If you agree to do these stable updates they have to be done in a
similar way to the postgres and linux kernel updates. I don't think the
release team or any Debian developer reviews all upstream changes there.
So it's really a matter of trust.
Upstream also provides their own Debian packages which are always
updated to the latest bugfix point releases. I guess many users use
these packages instead of the packages from Debian because they are
up to date wrt bugfix releases. IMO this is sad as I think Debian should
aim at providing the most useful experience out of the box without 3rd
party repositories.
Gaudenz
[1] https://github.com/ceph/teuthology
[2] https://github.com/ceph/ceph-qa-suite/tree/firefly
[3] http://pulpito.ceph.com/?branch=firefly
_______________________________________________
Ceph-maintainers mailing list
Ceph-maintainers@lists.ceph.com
http://lists.ceph.com/listinfo.cgi/ceph-maintainers-ceph.com