StableReleaseUpdates

Differences between revisions 80 and 81
Revision 80 as of 2008-01-21 11:12:17
Size: 11555
Editor: yttrium
Comment: LTS?
Revision 81 as of 2008-01-28 16:31:50
Size: 11745
Editor: p57AA81AE
Comment: trivial noncritical patches are ok, too
Deletions are marked like this. Additions are marked like this.
Line 22: Line 22:
 * Bugs which do not fit under above categories, but (1) have an obviously safe patch and (2) affect an application rather than critical infrastructure packages (like X.org or the kernel).

Once an Ubuntu release has been completed and published, updates for it are only released under certain circumstances, and must follow a special procedure.

There is an automatically generated list of [http://people.ubuntu.com/~ubuntu-archive/pending-sru.html packages which currently undergo this process].

Why

In contrast to pre-release versions, official releases of Ubuntu are subject to much wider use, and by a different demographic of user. During development, changes to the distribution primarily affect developers, early adopters and other advanced users, all of whom have elected to use pre-release software at their own risk.

Users of the official release, in contrast, expect a high degree of stability. They use their Ubuntu system for their day-to-day work, and problems they experience with it can be extremely disruptive. Many of them are less experienced with Ubuntu and with Linux, and expect a reliable system which does not require their intervention.

Stable release updates are automatically recommended to a very large number of users, and so it is critically important to treat them with great caution. Therefore, when updates are proposed, they must be accompanied by a strong rationale and present a low risk of regressions.

When

Stable release updates will, in general, only be issued in order to fix high-impact bugs. Examples of such bugs include:

  • Bugs which may, under realistic circumstances, directly cause a security vulnerability

  • Bugs which represent severe regressions from the previous release of Ubuntu

  • Bugs which may, under realistic circumstances, directly cause a loss of user data

  • Bugs which do not fit under above categories, but (1) have an obviously safe patch and (2) affect an application rather than critical infrastructure packages (like X.org or the kernel).

  • NOTE: With Universe and Multiverse SRU's FTBFS, not installable, and segfault on startup ( e.g. completely un-usable ) can also be considered SRU Candidates

How

This process is to be followed for all updates except those to fix security updates, which are only released by the Ubuntu security team. Security procedures are documented at SecurityUpdateProcedures.

  1. Propose

    • All proposals for stable release updates must be approved by a member of the [https://launchpad.net/~ubuntu-sru Stable Release Updates team] ( or the [https://launchpad.net/~motu-sru MOTU SRU Team] for Universe and Multiverse updates ). Attach all of the information to the existing bug report, use Nominate for release to mark the bug for backporting, then subscribe the ubuntu-sru team or motu-sru team depending on the component. If more than one bug is being addressed, each bug must be handled, justified, approved separately, and uploads will only be approved if all involved bugs are. SRU proposals must be accompanied by the following information for each bug to be addressed:

      1. A statement explaining the impact of the bug on users and justification for backporting the fix to the stable release

      2. An explanation of how the bug has been addressed in the development branch, including the relevant version numbers of packages modified in order to implement the fix; generally, SRUs will not be accepted if the bug has not been fixed in the development branch.

      3. A patch applicable to the stable version of the package. If preparing a patch is likely to be time-consuming, it may be preferable to discuss the first three items before preparing a patch. The patch must be as small and unintrusive as possible.

      4. Detailed instructions how to reproduce the bug. These should allow someone who is not familiar with the affected package to reproduce the bug and verify that the updated package fixes the problem. These need to be put into the description of the bug (not just another comment), after a line which contains "TEST CASE:".

      5. A discussion of the regression potential of the patch and how users could get inadvertedly effected.

      The bug tasks need to accurately reflect the state in all releases and the proposed SRU targets. This makes it much easier for the SRU team to assess the state of the bug without having to wade through a long discussion in the bug's history. If applicable, consider whether the update should also be applied to any active LTS releases.
  2. Prepare
    • Once an update has been discussed and approved in principle, an upload can be prepared. The following criteria apply to any packages modified as part of the update:

      1. The changelog entry and resulting .changes file must include a reference to the corresponding bug report(s)

      2. The bug report must include an approved SRU proposal

      3. The version number(s) must be carefully checked in order to avoid clashing with any other version of the package, past, present or future

      4. The upload target must be release-proposed

      5. The package difference must be a minimal change to fix the bug. For exceptions to this, see /MicroReleaseExceptions. Spurious changes to build systems, documentation, functionality will be rejected.

      6. Make sure to generate the .changes file against the current version in -proposed or in -updates, using the -v option to dpkg-buildpackage or debuild.

      7. As with any upload, the changelog entry must properly credit the author of the change, if it was not originally made by you.

      Uploads which do not meet these criteria will be rejected by an archive administrator and not published. Once the upload is ready, attach a complete source package diff (debdiff) to the bug report for review. Usually it is fine to upload the package, so that it is readily available for review for the SRU team. However, if you have doubts if your change is appropriate, please wait for the approval in the bug trail before upload. Inappropriate uploads will be rejected and commented on in the bug. Uploads with no or an invalid bug number in the changelog will be rejected.

  3. Upload
    • The upload will be reviewed by the SRU archive administrators during regularly scheduled processing, and approved if it meets the above criteria. Archive administrators should verify that the package delta matches the debdiff attached to the bug report.

      The ubuntu-archive team member who accepts the package into -proposed should:

      1. Add a verification-needed tag to the bug report.

      2. Set the bug report to Status: Fix Committed.

      3. Subscribe the sru-verification team.

  4. Test

    • Once the update has been published in -proposed, it can be tested by a wider audience.

      1. Test the package yourself

      2. If the update has the potential for hardware-specific effects, request a hardware support regression test in the bug report (for example, kernel updates); in this case, at least two users with the affected hardware must give positive test results in the bug report. The [https://launchpad.net/~sru-verification SRU verification team] will test the updated package on different hardware to check for inadvertant side effects.

      The [https://launchpad.net/~sru-verification SRU verification team] will regularly check open bugs with the verification-needed tag. If they discover that your fix is insufficient, they will:

      1. Set the bug report Status: In Progress

      2. Describe why the fix was rejected in a comment to the bug report.

      3. Remove the verification-needed tag.

      The SRU verification team may also discover that your fix is good. They will:

      1. Modify the verification-needed tag to a verification-done tag on the bug report.

      2. Describe the general steps taken to verify the package, any special difficulties, and the recommended upload date.
  5. Release

    • After the package in -proposed has been successfully tested and passed a minimum aging period of 7 days, and is approved for upload to release-updates by the SRU verification team, the ubuntu-archive team member who accepts the package into -updates should:

      1. Copy the source and binary packages from -proposed to -updates.

      2. Set the bug report to Status: Fix Released.

      3. Remove the proposed package from -proposed (subject to [https://bugs.launchpad.net/soyuz/+bug/56037 bug 56037]).

  6. Follow up

    1. Add yourself as a bug contact for the package in Launchpad, if you are not one already

    2. For 7 days after the update is released, monitor Launchpad for bug reports relating to the update

    3. In the event of a regression, immediately notify the [mailto:technical-board@lists.ubuntu.com Ubuntu Technical Board] via email, and ask for help on #ubuntu-devel in making urgent contact with a member of the Board. ( NOTE: for MOTU-SRU's contact the [mailto:ubuntu-motu@lists.ubuntu.com Universe SRU Team] team or ask for help on #ubuntu-motu )

Anchor(Special)

Special Cases

Kernel

Because of the way updates to the kernel work, it will follow a slightly different process which is described on KernelUpdates.

app-install-data-commercial

The app-install-data-commercial source package may be uploaded to add .desktop files for new packages in the commercial repository on archive.canonical.com. This does not require prior approval, and the aging requirement is waived; but it must still go through -proposed, a bug report must still be filed with a debdiff and other relevant information as above, and testing must still be recorded in the bug report.

(This section is based on discussions between MichaelVogt and ColinWatson)

tzdata

The tzdata package is updated to reflect changes in timezones or daylight saving policies. The verification is done with the "zdump" utility. The first timezone that gets changed in the updated package is dumped with "zdump -v $region/$timezone_that_changed" (this needed to be greped for in /usr/share/zoneinfo/). This is compared to the same output after the updated package got installed. If those are different the verification is considered done.

Examples

As a reference, see [https://launchpad.net/ubuntu/+source/cpio/+bug/59228 bug #59228] for an idea of how the SRU process works.

Note that ubuntu-sru's subscribed bugs page may not be sufficient to catch bugs that (a) are Fix Released in the current development release and (b) have been nominated but not approved for stable releases. See the following links:

CategoryProcess

StableReleaseUpdates (last edited 2024-02-15 13:33:43 by racb)