[Oneiric-Topic] SRU Process
Chuck Short
chuck.short at canonical.com
Wed Mar 30 15:55:39 UTC 2011
On Wed, 30 Mar 2011 11:38:14 -0400
Marc Deslauriers <marc.deslauriers at canonical.com> wrote:
> On Wed, 2011-03-30 at 11:00 -0400, Etienne Goyer wrote:
> > On 11-03-30 10:40 AM, Chuck Short wrote:
> > > I do not have the statistics in front of me, but I believe most of
> > > users are using LTS releases of Ubuntu. The policy of
> > > cherrypicking fixes from the development releases does not scale
> > > in my opinon. We should offer PPAs for users who want to use a
> > > new version of for example Apache. Or go through the list of
> > > packages we support and see if we can get it to qualify as a
> > > micro release update.
> >
> > Agreed. Some mechanism to "modularize" the distribution is in
> > order. From an end-user perspective, it does no make any sense that
> > you need to upgrade the OS to run a new version of Apache. I
> > understand why we are doing this from the distribution perspective,
> > and I know a lot of people are very attached to the way things are
> > being done now, but it really baffles people coming to Ubuntu from
> > other platforms at time.
>
> On the other hand, it doesn't make sense to break everyone's servers
> every month when we update the apache or php version and the config
> files/features/ABI change and their applications stop working. This is
> the type of thing that enterprises dread...and is why IE6 took so long
> to die...
>
> Most people in enterprise scenarios that I've seen who use stuff like
> Apache on other platforms tend to install the latest version once, and
> stick with that version for the life of the server once it goes into
> production...foregoing any security updates. In fact, the constant
> update of Apache to remain secure on Windows is one of the reasons
> I've seen listed in security audits that recommend either migrating
> to IIS, which remains at the same version throughout the life of the
> OS, but gets constant security updates, or switching to Linux to
> benefit from stable release security updates.
>
> Apache may be a bad example here for the type of application that
> should get updated instead of fixed, as it is not something that is
> stand-alone enough and updating it would have a great impact on
> Ubuntu use in enterprise environments.
>
> Besides backports, there is also a process to obtain micro-release
> exceptions. Unfortunately, upstream projects who don't change
> ABI/config files/features with new versions are the exception and the
> massive QA effort to test upgrading them in stable releases would be
> orders of magnitude bigger than backporting a patch to fix a specific
> issue with a specific test case.
>
> Marc.
>
>
>
Hi Marc,
I agree with the points that you brought up and software such as Mysql
and Apache are probably not a good idea for such a process because of
their history. However I just wanted to put into people's minds that
users do want to this.
Like your experience in the past I would just install a server and
leave it alone. But there is times where I wish the distro developers
would have version X rather than version Y.
As developers we have to make sure that we are making the best choice
of backporting the packages that users want.
chuck
More information about the ubuntu-server
mailing list