1 |
On Friday, January 02, 2015 02:18:24 PM Rich Freeman wrote: |
2 |
> On Fri, Jan 2, 2015 at 1:10 PM, Ian Stakenvicius <axs@g.o> wrote: |
3 |
> > The thing about stable gentoo-sources is that it shows that it's been |
4 |
> > tested, and ideally that testing's been done against the rdeps of the |
5 |
> > kernel package too (ie, external modules). ... |
6 |
> > That said, given the frequency of security updates, I do think it |
7 |
> > makes sense to try and keep the stabilization of LTS kernel versions |
8 |
> > in sync with upstream as much as possible, including |
9 |
> > quick-stabilization whenever we can. |
10 |
> |
11 |
> ++ and ++ |
12 |
> |
13 |
> Would an approach like this make sense: |
14 |
> 1. For ~arch keep doing what we're doing (which seems to be generally |
15 |
> following the upstream stable branches). |
16 |
> 2a. For stable always target the latest longterm, and commit straight |
17 |
> to stable. |
18 |
> or |
19 |
> 2b. For stable just follow ~arch a few days behind. |
20 |
> 3. Either way immediately remove packages that aren't |
21 |
> upstream-supported (by all means keep all the longterm/stable |
22 |
> branches, but don't leave cruft hanging around or abandoned stable |
23 |
> branches - if somebody ~arch tagged a particular branch and didn't get |
24 |
> the news that it won't go longterm then they'll either downgrade to a |
25 |
> supported stable or notice and adjust their keywords to go to the next |
26 |
> stable). |
27 |
> |
28 |
> 2a is extremely unlikely to break anything, but probably won't get any |
29 |
> testing so you might as well commit straight to stable (nobody running |
30 |
> ~arch is going to be running longterm as well). 2b is more likely to |
31 |
> break stuff, but on the other hand will be more likely to have actual |
32 |
> bugs reported so it will be more tested. |
33 |
> |
34 |
> The biggest issue I see is with packages that actually use recent |
35 |
> kernel features (systemd comes to mind, maybe udev to a lesser degree, |
36 |
> and I'm sure there are others). These kinds of packages should have |
37 |
> clear kernel dependencies though. In some sense EVERYTHING is an rdep |
38 |
> of the kernel so breakage could conceivably happen anywhere - but the |
39 |
> risk is higher in some places. |
40 |
> |
41 |
> I think the classical stable user is probably best off following |
42 |
> upstream longterm anyway, unless they just bought a new laptop or |
43 |
> something like that. |
44 |
> |
45 |
> In general though I think that it is perfectly acceptable to have a QA |
46 |
> policy specific to the kernel since upstream has very robust stable |
47 |
> branch support, and the level of QA and release maturity is extremely |
48 |
> high. |
49 |
> |
50 |
> I do think that it makes sense to not throw stable Gentoo users at |
51 |
> kernels that were mainline release candidates only a day before. |
52 |
|
53 |
I understand your point. Maybe waiting a few days to auto stable makes sense, |
54 |
because less than 7 days later, a new version with bug/security fixes is |
55 |
released. |
56 |
|
57 |
Isn't our current rate of stabilization "selling" a promise of stability we |
58 |
can't stand behind? |
59 |
|
60 |
Mike |
61 |
|
62 |
-- |
63 |
Mike Pagano |
64 |
Gentoo Developer - Kernel Project |
65 |
Team Lead - Gentoo Sources |
66 |
E-Mail : mpagano@g.o |
67 |
GnuPG FP : EEE2 601D 0763 B60F 848C 9E14 3C33 C650 B576 E4E3 |
68 |
Public Key : http://pgp.mit.edu:11371/pks/lookup?search=0xB576E4E3&op=index |