On 04/05/17 11:18 -0400, Jonathan Proulx wrote:
On Thu, May 04, 2017 at 04:14:07PM +0200, Thierry Carrez wrote: :I agree that our current stable branch model is inappropriate: :maintaining stable branches for one year only is a bit useless. But I :only see two outcomes: : :1/ The OpenStack community still thinks there is a lot of value in doing :this work upstream, in which case organizations should invest resources :in making that happen (starting with giving the Stable branch :maintenance PTL a job), and then, yes, we should definitely consider :things like LTS or longer periods of support for stable branches, to :match the evolving usage of OpenStack. : :2/ The OpenStack community thinks this is better handled downstream, and :we should just get rid of them completely. This is a valid approach, and :a lot of other open source communities just do that. : :The current reality in terms of invested resources points to (2). I :personally would prefer (1), because that lets us address security :issues more efficiently and avoids duplicating effort downstream. But :unfortunately I don't control where development resources are posted.
Have there been issues with downstream distros not addressing security fixes properly?
Yes it seems that way to me as well. just killing the stable branch model without some plan either internally or externally to provide a better stability story seems like it would send the wrong signal. So I'd much prefer the distro people to either back option 1) with significant resources so it can really work or make public commitments to handle option 2) in a reasonable way.
I think downstream distros are already doing #2, unless I'm missing something. How public/vocal they are about it might be a different discussion. I'd prefer #1 too because I'd rather have everything upstream. However, with the current flux of people, the current roadmaps and the current status of the community, it's unrealistic for us to expect #1 to happen. So, I'd rather dedicate time documenting/communicating #2 properly. Now, one big problem with LTS releases of OpenStack (regardless they happen upstream or downstream) is the upgrade path, which is one of the problems Drew raised. -- @flaper87 Flavio Percoco
signature.asc
Description: PGP signature
__________________________________________________________________________ OpenStack Development Mailing List (not for usage questions) Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
