[Pkg-xen-devel] [Xen-devel] Notes from Xen BoF at Debconf15

Lars Kurth lars.kurth.xen at gmail.com
Tue Sep 8 10:15:21 UTC 2015


> On 8 Sep 2015, at 10:47, Jan Beulich <jbeulich at suse.com> wrote:
> 
>>>> On 08.09.15 at 11:24, <ian.campbell at citrix.com> wrote:
>> Release cycle
>> =============
>> 
>> Waldi commented that the stable release cycle was too long. Would like
>> to see a release after any large security update.
>> 
>> We asked if the RCs for stable releases were valuable, the answer was
>> "not so much".
>> 
>> Waldi would prefer to avoid cherry-picking security fixes if possible.
>> 
>> We asked if we thought Xen stable releases could be added to Debian
>> point releases. Waldi thought they likely could be, citing the
>> inclusion of Linux stable releases in point releases.
>> 
>> Our stable releases follow a similar set of rules to Linux, we think
>> we implement them more faithfully (less feature or feature-like
>> backports)
>> 
>> ACTION: Talk to Jan about making changes to stable release process.
> 
> That's kind of the opposite of what we quite recently changed to
> (a [hopefully] more predictable four month cycle). Apart from the
> question what "large" is, doing a release after any large security
> update seems unreasonable to me (not only because of giving up
> the predictability, but also because of the overhead involved,
> which is there even if we ditched the RCs).

I suppose the question is what the real problem for distros is: 

If it is the process of cherry picking and merging, then we could create a tag on a stable branch more frequently (e.g. every month), which makes it easier for distros to consume a number of security fixes, while not creating all the overhead of creating a release. 

Whether such a tagged stable branch is an RC (without a tarball) or not, would be a different question.

> I have to admit that I
> fail to see why Debian would be different than other distros, all
> cherry picking security fixes until a new stable release becomes
> available. If otoh other major distros voiced similar desires, I
> think we'd have to once again re-think our stable release cadence.

A fully tested maintenance release, created more frequently would be a lot more challenging and require a lot more effort.
I do agree with Jan that we ought to approach other distros and then re-think. 

Lars


More information about the Pkg-xen-devel mailing list