From owner-freebsd-ports@freebsd.org Wed Dec 14 19:35:18 2016 Return-Path: Delivered-To: freebsd-ports@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 97A01C80272 for ; Wed, 14 Dec 2016 19:35:18 +0000 (UTC) (envelope-from julian@freebsd.org) Received: from vps1.elischer.org (vps1.elischer.org [204.109.63.16]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "vps1.elischer.org", Issuer "CA Cert Signing Authority" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 7FF4B1A99 for ; Wed, 14 Dec 2016 19:35:17 +0000 (UTC) (envelope-from julian@freebsd.org) Received: from Julian-MBP3.local (ppp121-45-230-194.lns20.per1.internode.on.net [121.45.230.194]) (authenticated bits=0) by vps1.elischer.org (8.15.2/8.15.2) with ESMTPSA id uBEJZAAL046556 (version=TLSv1.2 cipher=DHE-RSA-AES128-SHA bits=128 verify=NO); Wed, 14 Dec 2016 11:35:13 -0800 (PST) (envelope-from julian@freebsd.org) Subject: Re: (In)Stability of the Quarterly Branch To: "Vlad K." , Freebsd Ports References: <3e7f94efc6428181a289742d7dd627df@acheronmedia.com> From: Julian Elischer Message-ID: <32224185-936b-adfa-9db1-a3c11c5bfc6c@freebsd.org> Date: Thu, 15 Dec 2016 03:35:05 +0800 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.11; rv:45.0) Gecko/20100101 Thunderbird/45.5.1 MIME-Version: 1.0 In-Reply-To: <3e7f94efc6428181a289742d7dd627df@acheronmedia.com> Content-Type: text/plain; charset=windows-1252; format=flowed Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-ports@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: Porting software to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 14 Dec 2016 19:35:18 -0000 Please add my voice to this.. It's not really that much that needs to be done. lets just call it 'learning from experience' Also, the quarterly PACKAGES should be kept around a bit longer too. and the pkg archives need to be in a layout that the system installer can be pointed at them in 4 years time when you want to rebuild a legacy machine. On 16/11/2016 8:17 PM, Vlad K. wrote: > The quarterly branch (Q) is intended to provide a set of "stable" > packages that in the lifetime of such a branch, receive only bug and > security fixes. That is the theory and intent behind the branch. In > practice, however: > > 1. The Q branch is cut off at predetermined dates (ie. not when it's > stable and ready), and it is cut off from HEAD, thus including the > state of ports at that moment. This breaks the promise of stability > and guarantees that every 3 months there will be uncertainty as to > whether the fresh new versions are working or not. There is no such > thing as a "Pre-Quarterly repo" which would receive all updates for > the NEXT Q branch-off, and which would freeze and stabilize for some > time before branch-off. And even if it did, 3 months would be too > short. > > It is effectively not much different from tracking HEAD and doing > updates only every three months, with the added benefit that SOME > security updates will come down sooner. But: > > 2. Unfortunately not all "security or bug-only fixes" are MFH'd, and > as a bugzilla triager I've had the opportunity to observe this in > practice. It can be as simple as accepting a minor upstream version > bump, or as complex as requiring cherry-picking and backporting code > if upstream mixes security, bug fixes with new features. It is > none-the-less a manual work requiring ports-secteam to review and > accept the patches. It is not clear who is supposed to do > cherry-picked backporting if the patches to HEAD cannot be MFH'd as > they are. It is also additional burden to the ports-secTEAM which at > the moment is, effectively, one person. In out current build environment at $JOB we check out every package we need in ports at it's own SVN revision. Usually that is defined to be a default, but sometimes in order to get a fully working set we need to slide a port or two forwards or backwards a bit. (and hope it doesn't hit a ports API change). (this means we really need to stay on head though) > > As it is obvious that the promise of a stable repo in its current > form requires manpower and manual work which we do not have, my > proposal is to abandon the promise of "security/bugfix" only changes > and adopt the approach not unlike Gentoo's, in which a "STABLE" > repository receives ALL the updates from HEAD, but only after > certain criteria has been met, like minimal age of changes, no open > issues, a certain battery of regression/integration/unit tests is > performed, etc... > > The key, I believe, is in automation which we can achieve with this, > and with that offer at least SOME level of stability without broken > promises. The key to this automation is no manual review, which can > only be achieved if we accept ALL changes, but stabilized to certain > degree. > > The idea of a "stable" repository is a valiant one, we definitely > need it if we want to increase the usage of FreeBSD in production as > more than just a base OS that does routing and ZFS storage -- namely > production use of stable ports. And IMHO we only need to balance > between how stable we can provide/guarantee it and what resources > and manpower we have available to do so. > > > What are the community's thoughts on this? > >