[ovs-dev] OVS needs to release new stable versions.
i.maximets at ovn.org
Mon Jun 29 22:43:48 UTC 2020
On 6/29/20 10:47 PM, Ben Pfaff wrote:
> On Fri, Jun 26, 2020 at 12:18:37PM +0200, Ilya Maximets wrote:
>> So, what is the proposed plan:
>> 1. We should add missed git tags to 2.11.3 and 2.11.4 releases.
>> Ben could you, please, take care of this? (Alternatively, I could do that,
>> but I'm not sure what with the keys to sign tags and how this key
>> management handled these days since the collapse of web of trust.)
> I think that it's probably best to take myself out off the critical path
> here. I started out using signed tags because they were easy for me,
> since I already had a key in Debian's web of trust. But I don't know of
> a reason why they need to be signed, or signed by a particular key. I
> think it is perfectly reasonable if you push the tags, signed or
OK. I'll do that.
> I don't know what you mean by "the collapse of the web of trust". Did I
> miss a memo?
It was a reference to Certificate Spamming Attacks happened last year ,
and some consequences like creating new implementations of key servers
(keys.openpgp.org) with some design changes in compare with SKS.
>> 3. Prepare patches for OVS stable releases for all branches starting from
>> branch-2.5 and apply them. Create, sign and push tags.
>> Ben, I know you handled this part last time. What is the preferred way?
>> Someone else could prepare patches and send for review, I guess.
> I think we should designate a newer "long term stable" release now that
> OVN has released separately.
Yeah. That's a good point. Maybe 2.13 is a good candidate for a new LTS?
> That aside, I have never prepared separate patches for OVS stable
> releases. When I apply bug fixes, I backport them as far as necessary.
> It would be a burden to figure this out retrospectively, but it's
> usually easy at the time of bug fix.
By "Prepare patches for OVS stable releases" I meant patches like this:
* 2ff0b7715 2019-09-06 | Prepare for 2.10.5.
* 5f19eaaf2 2019-09-06 | Set release date for 2.10.4. (tag: v2.10.4)
But yes, I agree that looking through patches and backport them selectively
is too much work and will likely require even more people. Backporting
patches as far as necessary is a good practice. I do that too.
We could do selective backports by request in case something missed, but
we should not revisit all the patches while preparing stable releases on
>> 4. Update relevant docs outside of openvswitch main repository (web-site,
>> wiki, etc.)
>> P.S.: We should, probably, do some periodic checks on released
>> branches and make stable releases a bit more frequently. For example,
>> we could make regular stable release every few months in case we have
>> fixes on top of the previous release. I could keep monitoring things
>> and ping people, but this might be better to have some plan, I think.
> Yes, probably. At one point Justin and I were definitely the people who
> coordinated this, but now if it is left to us then it probably won't get
> done, or not done often enough.
> I really need some new people to take the leadership role here.
I could take care of this. I mean, I could periodically look at numbers
of patches on stable branches and prepare minor releases if needed.
Best regards, Ilya Maximets.
More information about the dev