Stable Release Updates for OpenStack and the Ubuntu Cloud Archive
The SRU process for OpenStack and the Ubuntu Cloud Archive follows the same process as Ubuntu Stable Release Updates. Most of the points that are highlighted here are covered in further detail in the previous link, and are condensed and reiterated here with some additions that are specific to the Ubuntu Cloud Archive.
NOTE: This process is followed for OpenStack packages, and supporting dependencies including Open vSwitch and Ceph.
- Users of official releases expect a high degree of stability.
- It is critically important to treat SRUs with great caution.
- SRUs must be accompanied by a strong rationale and must present a low risk of regression.
- Minimizing risk tends to be well-correlated with minimizing the size of the change. As such, the same bug may need to be fixed in different ways in stable and development releases.
- Stable release updates will, in general, only be issued in order to fix:
New upstream stable point releases for OpenStack core packages which group several bug fixes together.
- High-impact bugs (e.g. security vulnerabilities, severe regressions, loss of user data).
- Bugs that are not high-impact, but have an obviously safe patch.
SRUs must have an accompanying bug with well-documented sections for [Impact], [Test Case], and [Regression Potential]. These sections must contain details as described in the Ubuntu Stable Release Updates procedure.
- Bugs must be fixed in the following order, when possible:
Upstream in the latest OpenStack release 
- Then in the corresponding Ubuntu release 
- Then in the corresponding UCA release
Then the bug can be fixed in the same order for the prior OpenStack release (upstream stable first, corresponding Ubuntu release second, and corresponding UCA release third).
 Landing a fix upstream may not always be possible, for example once the upstream branch is in critical-fix or security-fix only mode, or once it has reached EOL. See the OpenStack upstream stable branch policy, which specifies the various phases of support for stable branches, which are typically supported for 12 to 18 months. The case where a bug can't be fixed upstream first must be handled with extreme caution, since fixes would be released directly to the corresponding Ubuntu release without having landed upstream first.
 Landing a fix in a corresponding Ubuntu release may not always be possible, for example once the Ubuntu release has reached EOL and the UCA is still supported. This case must be handled with extreme caution, since fixes would be released directly to the corresponding UCA without having first landed in the corresponding Ubuntu release, and possibly also without having first landed in the upstream OpenStack release.
Once stable package updates have been accepted by the ubuntu-sru (or Cloud Archive) team into -proposed pockets, the following SRU verification process is followed:
Deployment and base configuration using OpenStack Charm Testing bundles and charms, using the current set of stable charms configured to consume packages from the proposed pocket of the archive.
Testing of the deployed Cloud using the Tempest (the OpenStack functional test project) smoke test target; this is approximately 100 tests from the full Tempest upstream function test suite that cover all core functions of the cloud. The deployed cloud is expected to pass all smoke tests.
For updates where there is risk of regression as a result of the package upgrade process, the same testing process is followed as above, deploying from archive excluding proposed, testing using Tempest, upgrading the deployed cloud to proposed and then re-verifying the cloud using Tempest.
This testing process is automated by the Ubuntu OpenStack CI system.
Additionally, any specific test cases covered in SRU bug reports should be explicitly tested as well.