[Oneiric-Topic] SRU Process

Chuck Short chuck.short at canonical.com
Wed Mar 30 15:55:39 UTC 2011

On Wed, 30 Mar 2011 11:38:14 -0400
Marc Deslauriers <marc.deslauriers at canonical.com> wrote:

> On Wed, 2011-03-30 at 11:00 -0400, Etienne Goyer wrote:
> > On 11-03-30 10:40 AM, Chuck Short wrote:
> > > I do not have the statistics in front of me, but I believe most of
> > > users are using LTS releases of Ubuntu. The policy of
> > > cherrypicking fixes from the development releases does not scale
> > > in my opinon. We should offer PPAs for users who want to use a
> > > new version of for example Apache. Or go through the list of
> > > packages we support and see if we can get it to qualify as a
> > > micro release update.
> > 
> > Agreed.  Some mechanism to "modularize" the distribution is in
> > order. From an end-user perspective, it does no make any sense that
> > you need to upgrade the OS to run a new version of Apache.  I
> > understand why we are doing this from the distribution perspective,
> > and I know a lot of people are very attached to the way things are
> > being done now, but it really baffles people coming to Ubuntu from
> > other platforms at time.
> On the other hand, it doesn't make sense to break everyone's servers
> every month when we update the apache or php version and the config
> files/features/ABI change and their applications stop working. This is
> the type of thing that enterprises dread...and is why IE6 took so long
> to die...
> Most people in enterprise scenarios that I've seen who use stuff like
> Apache on other platforms tend to install the latest version once, and
> stick with that version for the life of the server once it goes into
> production...foregoing any security updates. In fact, the constant
> update of Apache to remain secure on Windows is one of the reasons
> I've seen listed in security audits that recommend either migrating
> to IIS, which remains at the same version throughout the life of the
> OS, but gets constant security updates, or switching to Linux to
> benefit from stable release security updates.
> Apache may be a bad example here for the type of application that
> should get updated instead of fixed, as it is not something that is
> stand-alone enough and updating it would have a great impact on
> Ubuntu use in enterprise environments.
> Besides backports, there is also a process to obtain micro-release
> exceptions. Unfortunately, upstream projects who don't change
> ABI/config files/features with new versions are the exception and the
> massive QA effort to test upgrading them in stable releases would be
> orders of magnitude bigger than backporting a patch to fix a specific
> issue with a specific test case.
> Marc.

Hi Marc,

I agree with the points that you brought up and software such as Mysql
and Apache are probably not a good idea for such a process because of
their history. However I just wanted to put into people's minds that
users do want to this.

Like your experience in the past I would just install a server and
leave it alone. But there is times where I wish the distro developers
would have version X rather than version Y. 

As developers we have to make sure that we are making the best choice
of backporting the packages that users want.


More information about the ubuntu-server mailing list