Ship bugfix release to stable

Scott Kitterman debian at kitterman.com
Sat Oct 12 20:14:09 BST 2024 


On October 12, 2024 2:07:10 PM UTC, Hefee <hefee at debian.org> wrote:
>Hey,
>
>at Akademy I had a discussion, if Plasma LTS is a success or useless. The KDE 
>devs are unhappy, that we don't ship the plasma lts bugfix releases to Debian 
>stable. And because distros don't ship the bugfix releases, the KDE devs don't 
>see the success of an LTS release.
>I tried to point out that the LTS is at least for Debian useful, as otherwise 
>we would have shipped Plasma 5.27.2.
>
>As KDE see a lot of bugreports from Debian users, for stuff that is already 
>fixed in an bugfix release. I asked Nate about the most annoying bug, that they 
>are facing:
>"""
>https://bugs.kde.org/show_bug.cgi?id=468180
>
>It's fixed in Plasma 5.27.9 or later, with a version of the KDE Qt Patch 
>Collection that includes 
>https://invent.kde.org/qt/qt/qtdeclarative/-/commit/
>453b1cb207cf3ce35b906c21c9f04a17d66074a7.
>"""
>
>Don't know about my time the next weeks, maybe I'll find some time to look into 
>it.

I have been involved with shipping clamav and postfix stable updates in Debian.  It is possible to do such things, but there are a few things to think about:

1.  Biggest is regression risk and support for quickly addressing regressions.  Acceptable risk for shipping a regression in a point release is approximately zero, so there needs to be testing and people need to react to issues identified once packages are in updates.

2.  Release team needs to be convinced this is good for users.  If upstream's policy for including fixes is similar to Debian's stable update policy, then this is not a hard sell.

Clamav we ship updates both to address the never ending arms race between malware writers and anti-virus and to keep up with security issues (historically clamav had a horrible security record - it's better recently, but they still happen).  Postfix we ship because upstream has a very strong reputation for quality and care so we can benefit users with negligible risk.

In both cases it also helps with upstream relations.

What's the case for it here, beyond upstream will be happy?

Scott K

More information about the pkg-kde-talk mailing list