adsys SRU
Christopher James Halse Rogers
raof at ubuntu.com
Wed Jun 14 06:26:31 UTC 2023
There's an Jammy/Lunar adsys SRU¹ in the queue at the moment, and I
think it needs bringing to up to the list for discussion.
The changelog looks like approximately 9 months of normal feature
development. The diff against Jammy is >3MB in size (due largely to
significant vendored-dependency churn it seems). The relevant part of
SRU policy - “Other safe cases”² - allowing feature addition, says
“If existing software needs to be modified to make use of the new
feature, it must be demonstrated that these changes are unintrusive,
have a minimal regression potential, and have been tested properly”.
It looks like adsys is well tested, but I'm not sure about these being
minimal changes or with minimal regression potential ☺.
It's true that we've done a wholesale backport of adsys 0.9.2³ to
Jammy in the past; however, in that case the changes were mostly listed
bugfixes or FTBFS fixes, and the feature addition was shipping a
*Windows* binary.
I'm writing this to ubuntu-release@ for two main reasons:
1. It seems valuable to include adsys updates in LTS releases; however,
I'm not sure that the scope of changes (and seeming criticality of the
system - “failures might prevent users from logging in” seems
pretty bad) falls under the existing delegation of power from the Tech
Board to the SRU team.
2. There's a *lot* of vendored code churn, and from the SRU perspective
I have no information as to whether that's appropriate. I understand
that the Go ecosystem does not follow our ideas of stable releases and
there's a real tension here - it's a huge amount of work to vet
dependency updates, and such updates are *likely* to include bug fixes.
I don't think “we just update all our vendored dependencies each SRU
to whatever upstream is most recently shipping” is an appropriate
standard, though. I'm not sure what *is* the right balance, though.
So, in summary: I have two questions - does this exceed SRU authority,
and need Tech Board approval, and what level of justification is there
for wide ranging vendored code updates in the SRU?.
¹: https://bugs.launchpad.net/ubuntu/+source/adsys/+bug/2020682
²: https://wiki.ubuntu.com/StableReleaseUpdates#Other_safe_cases
³:
https://bugs.launchpad.net/ubuntu/+source/adsys/+bug/1982351/comments/10
More information about the Ubuntu-release
mailing list