Once an Ubuntu release has been completed and published, updates for it are only released under certain circumstances, and must follow a special procedure.
There is an automatically generated list of packages which currently undergo this process.
In contrast to pre-release versions, official releases of Ubuntu are subject to much wider use, and by a different demographic of user. During development, changes to the distribution primarily affect developers, early adopters and other advanced users, all of whom have elected to use pre-release software at their own risk.
Users of the official release, in contrast, expect a high degree of stability. They use their Ubuntu system for their day-to-day work, and problems they experience with it can be extremely disruptive. Many of them are less experienced with Ubuntu and with Linux, and expect a reliable system which does not require their intervention.
Stable release updates are automatically recommended to a very large number of users, and so it is critically important to treat them with great caution. Therefore, when updates are proposed, they must be accompanied by a strong rationale and present a low risk of regressions.
Stable release updates will, in general, only be issued in order to fix high-impact bugs. Examples of such bugs include:
Bugs which may, under realistic circumstances, directly cause a security vulnerability. These are done by the security team and are documented at SecurityUpdateProcedures.
Bugs which represent severe regressions from the previous release of Ubuntu. This includes packages which are totally unusuable, like being uninstallable or crashing on startup.
Bugs which may, under realistic circumstances, directly cause a loss of user data
- Bugs which do not fit under above categories, but (1) have an obviously safe patch and (2) affect an application rather than critical infrastructure packages (like X.org or the kernel).
- For Long Term Support releases we regularly want to enable new hardware. Such changes are appropriate provided that we can ensure to not affect upgrades on existing hardware. For example, modaliases of newly introduced drivers must not overlap with previously shipped drivers.
- New versions of commerical software in the Canonical partner archive.
FTBFS(Fails To Build From Source) can also be considered. Please note that in main the release process ensures that there are no binaries which are not built from a current source. Usually those bugs should only be SRUed in conjunction with another bug fix.
- Check that the bug is fixed in the current development release, and that its bug report task is "Fix released". It is, in general, not appropriate to release bug fixes for stable systems without first testing them in the current development branch.
Use Nominate for release to mark the bug as an SRU candidate for the appropriate Ubuntu releases (e. g. the current LTS and latest stable release), then subscribe ubuntu-sru for packages in main/restricted, or motu-sru for packages in universe/multiverse.
- Update the bug report description and make sure it contains the following information:
A statement explaining the impact of the bug on users and justification for backporting the fix to the stable release
An explanation of how the bug has been addressed in the development branch, including the relevant version numbers of packages modified in order to implement the fix.
A minimal patch applicable to the stable version of the package. If preparing a patch is likely to be time-consuming, it may be preferable to get a general approval from the SRU team first.
Detailed instructions how to reproduce the bug. These should allow someone who is not familiar with the affected package to reproduce the bug and verify that the updated package fixes the problem. Please mark this with a line "TEST CASE:".
A discussion of the regression potential of the patch and how users could get inadvertedly effected.
Upload the fixed package to release-proposed with the patch in the bug report, a detailled and user-readable changelog, and no other unrelated changes. Make sure that the version number does not conflict with any later and future version in other Ubuntu releases (The security policy document has a well-working scheme which can be used for SRUs.) Also be sure to reference the SRU bug number in the changelog using the 'LP: #NNNNNN' convention.
Once the archive admins approve and publish your upload, test the actual binaries in the Ubuntu archive yourself and follow up in the bug report.
Add yourself as a bug contact for the package in Launchpad, if you are not one already, and monitor Launchpad for bug reports relating to the update for at least one week.
In the event of a regression, immediately notify the Ubuntu Technical Board via email, and ask for help on #ubuntu-devel in making urgent contact with a member of the Board. For SRU in universe/multiverse, contact the Universe SRU Team team or ask for help on #ubuntu-motu instead.
The SRU verification team will regularly check open bugs with the verification-needed tag and test proposed updates on different hardware to check for inadvertant side effects.
If they discover that your fix is insufficient, or the test case is not sufficient to reproduce the bug, they will:
Set the bug report Status: In Progress
- Describe why the fix was rejected in a comment to the bug report.
Remove the verification-needed tag.
The SRU verification team may also discover that your fix is good. They will:
Modify the verification-needed tag to a verification-done tag on the bug report.
- Describe the general steps taken to verify the package, any special difficulties, and the recommended upload date.
Verification feedback from bug reporters and subscribers is greatly appreciated, too, especially if the update is hardware specific. In this case we consider an update as verified if it has at least two positive and no negative testimonials in the bug report, and the verification team just checks whether the new version still works for the main use cases (to check for major regressions).
New micro releases
For some packages it is acceptable to upload new upstream microreleases to stable Ubuntu releases. See /MicroReleaseExceptions for details.
Because of the way updates to the kernel work, it will follow a slightly different process which is described on KernelUpdates.
The app-install-data-commercial source package may be uploaded to add .desktop files for new packages in the commercial repository on archive.canonical.com. This does not require prior approval, and the aging requirement is waived; but it must still go through -proposed, a bug report must still be filed with a debdiff and other relevant information as above, and testing must still be recorded in the bug report.
Landscape should be made available to users of 6.06 LTS and other supported releases for their entire lifetime, which will necessitate new feature releases. Being a client/server application, Landscape needs to maintain some level of synchronization between the client and server code, to minimize the number of different version interactions.
The tzdata package is updated to reflect changes in timezones or daylight saving policies. The verification is done with the "zdump" utility. The first timezone that gets changed in the updated package is dumped with "zdump -v $region/$timezone_that_changed" (this needed to be greped for in /usr/share/zoneinfo/). This is compared to the same output after the updated package got installed. If those are different the verification is considered done.
Note that ubuntu-sru's subscribed bugs page may not be sufficient to catch bugs that (a) are Fix Released in the current development release and (b) have been nominated but not approved for stable releases. See the following links: