[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#1107881: unblock: gst-plugins-good1.0/1.26.2-1

> > 3. Is there a policy that describes what upstream considers acceptable
> > for this upstream release?
> >
> > Quoting the upstream release manager and core developer here:
>
>
> Does upstream publish this somewhere to ensure everyone's on the same
> page? I'd like an URL.

I don't think there is an URL. I've been working in this community for
about 20 years now and the core developers are a very tight team. Most
of them are under the umbrella of Centricular. I have cross checked
this question with them (Tim-Philip Mueller). I've been working with
them in open source and in a capacity where Centricular offered
consultancy services.

> > 5. Does upstream test thoroughly?
> >
> > On every merge request, unit tests and integration tests are running
> > that need to succeed before a MR is merged.
>
>
> Can you share a link to an example?

sure:

https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/9296

There is one racy test that is allowed to fail.

> > 6. Has this package seen new upstream version uploads to stable in the
> > past to facilitate security support?
> >
> > Yes, there are semi regular uploads to stable, done by the security
> > team; assisted by upstream. Most of the time, the uploads include
> > backported patches from these stable bugfix releases.
>
>
> That's not exactly what this question was about. The question is if a
> new upstream version was uploaded in the past to the security archive. I
> checked until 20214 and didn't spot one.
>
> > In the case of
> > bookworm, this is still 1.22.0. We have suggested to upload 1.22.12;
> > but this was not yet accepted.
>
>
> Do you know why not?

No, I do not. There has been a discussion between the security team,
upstream and the maintainers where the security team wants to keep on
backporting patches to 1.22.0 while upstream prefers 1.22.12, because
it tackles all the concerns already. I've opened an unblock on
gstreamer1.0 but have not received a reply. I can only assume that the
security team is flooded or has missed the request. Ultimately is a
judgement call.

> > The changes in good can be inspected at
> > https://gstreamer.freedesktop.org/releases/1.26/#1.26.2
>
> I assume that if we accept this, you'll request 1.26.3 soon, right?
>
> I'm going to accept it, can you please reply to the questions I raised
> above?

No, certainly not. I was not really planning on getting this one in
trixie but I got some nudges left and right. The last nudge that
flipped the coin for me was bug 1107628 where we disabled a couple
modules in the bad plugins and we (the maintainers) decided we'd go
for the point release update to correct a regression in comparison
with bookworm (dependency issue that got fixed on arm).

I have uploaded 1.26.3 to experimental (today) to avoid any confusion
in that regard.

I've even posted as much on LinkedIn (not to include 1.26.2):
https://www.linkedin.com/posts/marcleeman_gstreamer-126-release-notes-activity-7335958533835747329-oYPo?utm_source=share&utm_medium=member_desktop&rcm=ACoAAAAN2iIBZ3hnrLiN8DaEohv290q7Gx9tG8I

I knew we were trying the release team, so apologies for testing your patience.

-- 
g. Marc

GPG: 827C FD74 BA46 8152 A041 F3A0 7A6A 4F17 5995 A65B
Reply to: