MRE for juju-core/juju-mongodb

[James Page]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Hi Adam

On 07/04/14 09:54, Adam Conrad wrote:
>> MongoDB upstream maintain even point releases as stable releases
>> which
>>> only receive bug fixes as part of minor point releases (see [1]
>>> for an example).  That said, stable releases are only
>>> maintained for 18->24 months (obviously counter to the 5 year
>>> support period for 14.04). For this reason, we’d also like
>>> permission to introduce new stable versions of MongoDB via this
>>> package in the future.
> A vast majority of our upstreams don't maintain stable releases for
> the length of our LTS, this isn't (on its own) a valid reason to go
> bumping to new major versions willy-nilly.  We backport security
> fixes as holes are found, we don't just toss our hands in the air
> on the promise of an LTS having stable APIs and ABIs because it's
> "too hard".

When we discussed this a vUDS many moons ago I think the rationale for
this was if we hit a critical or security bug which could not be
backported to the stable release on MongoDB, based on complexity and
associated risk, rather than generally as and when.

I guess we would deal with that as an exceptional SRU rather than
requiring a blanket 'you can do major release upgrades' from the TB.
It would require deeper testing than a regular point release anyway.

Does that sound like a more sensible approach?

- -- 
James Page
Ubuntu and Debian Developer
james.page at ubuntu.com
jamespage at debian.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBCAAGBQJTQsysAAoJEL/srsug59jDpFIP/i5qOZpC+1jZ4d1fwl4xcTv8
7A7j/yPnd+IFDWAu9eFCEv3VzWP6xnzBKu66xQ1ETQVQDHhfwZypLyy5QP847bmt
YixABk5zqN7UXWNAM0iBiIt9yzsBs3dO7NmEG6z09dt5EBybhRy4gHiHkBnXBfos
TDhJon3OQJ1gFMb9IrDoEMKlI/kBEnDlZ6yDsnOrGPezmVdXzNypX81E67GvIsCz
1Tt1wEDa5Cb5xeBtZhZG5TM25ofVukrhkotsXZ/8u+l6+8Xm39qExyQhaRFcl8ZF
B9oNL6Gzq8MUu+uqwKhTlXwcTU3p6rbYu0xcqBsZ1j3TvhVd6F33j1cWxll8oJ7e
spADuhbN14hKnZ6PF6bJIKVp6Ht6Na8Ccv9EQZEzg3qYG9jsiF9Uo5YPF5hIizjO
jQtP/mDYvZZ84Ea1XvBdSzENpy+MZNALXNFYWu9cKH05LHakKUS/9DD5/5pkPDLs
AR0lqSccxD9Fu/3XlRpepiBwK/g1tnGe4seg0vhM0y0xXbk/enYdenAQtKlQ1q7o
dg8aMCkQBx/E790HoiP0Br6wISV8o4zcAT+aOvSVRdrwx13HEwlyrbQ88mVCCf6b
O36SMzMYr8RR6bM5pKYpus+1Tl0LMuKyGkh12Vn3jHF302+BHd7QsjNZJ4uYlsu9
xDTFP9WN6VuGAxt0Z66p
=tDMA
-----END PGP SIGNATURE-----