[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [Notes for xen summit 2018 design session] Process changes: is the 6 monthly release Cadence too short, Security Process, ...

Combined reply to Jan and Roger
Lars

On 03/07/2018, 11:07, "Roger Pau Monne" <roger.pau@xxxxxxxxxx> wrote:

    On Mon, Jul 02, 2018 at 06:03:39PM +0000, Lars Kurth wrote:
    > We then had a discussion around why the positive benefits didn't 
materialize:
    > * Andrew and a few other believe that the model isn't broken, but that 
the issue is with how we 
    >   develop. In other words, moving to a 9 months model will *not* fix the 
underlying issues, but 
    >   merely provide an incentive not to fix them.
    > * Issues highlighted were:
    >   * 2-3 months stabilizing period is too long
    
    I think one of the goals with the 6 month release cycle was to shrink
    the stabilizing period, but it didn't turn that way, and the
    stabilizing period is quite similar with a 6 or a 9 month release
    cycle.

Right: we need to establish what the reasons are:
* One has to do with a race condition between security issues and the desire to 
cut a release which has issues fixed in it. If I remember correctly, that has 
in effect almost added a month to the last few releases (more to this one). 
* One seems to have to do with issues with OSSTEST
* <Please add other reasons>

On 03/07/2018, 08:00, "Jan Beulich" <JBeulich@xxxxxxxx> wrote:
     Fundamentally the problem can as well be seen when looking at any
     of the stable branches: The variety of authors there is significantly
     more narrow than for what goes into master. I understand people
     mostly care about their features, but there ought to be a certain
     level of responsibility beyond that by everyone. For example, I'd
     sort of expect it to be the rule rather than the exception that
     people look at nearby code or code they clone, and address issues
     they see. At the risk of repeating myself, a large number of the
     security issues found results from paying attention to nearby code
     (also during code review). Looking over the list of reporters there
     very well supports my statement above regarding feature
     submission authors vs bug fix ones.

  That is understood: if the project leadership agrees, then this is no issue,
  as committers essentially are the gate keepers for what goes in. So in other
  words, if committers are mainly focussing on getting a release out,
  necessarily even if master is open during hardening, development would still 
  be slower than before. I don't think any contributors would have an issue
  with this.

  You didn't get one of my main points then: It is _contributors_ whom
  I'd expect to focus more on stabilization (in general, not just during
  freezes).

You are right: I misunderstood. You talked about people, which is ambiguous.
I am wondering how we can encourage different behaviour. Have to think about 
this. 

Lars

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxxx
https://lists.xenproject.org/mailman/listinfo/xen-devel

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.