adsys SRU

Christopher James Halse Rogers raof at ubuntu.com
Wed Jun 14 06:26:31 UTC 2023 

There's an Jammy/Lunar adsys SRU¹ in the queue at the moment, and I 
think it needs bringing to up to the list for discussion.

The changelog looks like approximately 9 months of normal feature 
development. The diff against Jammy is >3MB in size (due largely to 
significant vendored-dependency churn it seems). The relevant part of 
SRU policy - “Other safe cases”² - allowing feature addition, says 
“If existing software needs to be modified to make use of the new 
feature, it must be demonstrated that these changes are unintrusive, 
have a minimal regression potential, and have been tested properly”. 
It looks like adsys is well tested, but I'm not sure about these being 
minimal changes or with minimal regression potential ☺.

It's true that we've done a wholesale backport of adsys 0.9.2³ to 
Jammy in the past; however, in that case the changes were mostly listed 
bugfixes or FTBFS fixes, and the feature addition was shipping a 
*Windows* binary.

I'm writing this to ubuntu-release@ for two main reasons:

1. It seems valuable to include adsys updates in LTS releases; however, 
I'm not sure that the scope of changes (and seeming criticality of the 
system - “failures might prevent users from logging in” seems 
pretty bad) falls under the existing delegation of power from the Tech 
Board to the SRU team.
2. There's a *lot* of vendored code churn, and from the SRU perspective 
I have no information as to whether that's appropriate. I understand 
that the Go ecosystem does not follow our ideas of stable releases and 
there's a real tension here - it's a huge amount of work to vet 
dependency updates, and such updates are *likely* to include bug fixes. 
I don't think “we just update all our vendored dependencies each SRU 
to whatever upstream is most recently shipping” is an appropriate 
standard, though. I'm not sure what *is* the right balance, though.

So, in summary: I have two questions - does this exceed SRU authority, 
and need Tech Board approval, and what level of justification is there 
for wide ranging vendored code updates in the SRU?.


¹: https://bugs.launchpad.net/ubuntu/+source/adsys/+bug/2020682
²: https://wiki.ubuntu.com/StableReleaseUpdates#Other_safe_cases
³: 
https://bugs.launchpad.net/ubuntu/+source/adsys/+bug/1982351/comments/10

More information about the Ubuntu-release mailing list