[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: request to remove "-updates" repository


On 4/5/20 13:39, Samuel Henrique wrote:
> Hello Adam,
> 
> On Sun, 5 Apr 2020 at 20:15, Adam D. Barratt <adam@adam-barratt.org.uk> wrote:
>>
>> On Sun, 2020-04-05 at 19:51 +0100, Samuel Henrique wrote:
>>> For the scope of "stable-updates" only then, would you say it makes
>>> sense to just use "stable" instead, for the reasons I mentioned?
>>> What do you say would be the negative impact of that (if any), since
>>> the repository is already enabled by default and not using it is
>>> equivalent to not updating the system until a point release gets out?
>>
>> Changing "stable" only happens at point releases, since it requires
>> (amongst other things) combined GPG signatures from the FTP Team and
>> Release Team. It's also a multiple hour process, involving both ftp and
>> release teams together with the press and images teams, updated
>> installers and so on.
> 
> I wasn't aware of this whole process happening for a point release,
> this puts things in perspective.
> 
>> Removing stable-updates would mean that the only way that some changes
>> - for instance, timezone updates, clamav updates, critical regressions
>> introduced in a point release but not noticed until afterwards - would
>> reach users would be for us to perform a point release or for the users
>> to consume proposed-updates. I'm not convinced that either of those is
>> a useful alternative.
> 
> Agreed, my proposal does not works with the current workflow.
> I'm interested in this process, is there any documentation you
> recommend me to understand the under-the-hood details of this?
> 
> Thanks for the clarifications.
> 

As a long-time Debian user and former US government system manager and
administrator, I offer the following comment from a viewpoint I missed
in the string.

There are systems, maybe especially in national security environments,
where very tight control is required, along with significant testing,
before admitting application or other component version changes, but
security related changes need to be applied rapidly, sometimes within 15
days of availability. I include the stable-upgrade repository on some or
most of my personal systems, but in my prior government position I would
not have wanted to do that, with rare, special case, exceptions.
Incorporating new packages in the basic release-stable repository would
be a significant problem.

Apologies if this is some way out of order.

Thanks,
Tom Dial

>
Reply to: