StableReleaseUpdates

Revision 62 as of 2007-08-31 12:53:34

Clear message

Once an Ubuntu release has been completed and published, updates for it are only released under certain circumstances, and must follow a special procedure.

This Policy applies for packages shipped in Main. For packages in universe read: ["MOTU/SRU"].

Why

In contrast to pre-release versions, official releases of Ubuntu are subject to much wider use, and by a different demographic of user. During development, changes to the distribution primarily affect developers, early adopters and other advanced users, all of whom have elected to use pre-release software at their own risk.

Users of the official release, in contrast, expect a high degree of stability. They use their Ubuntu system for their day-to-day work, and problems they experience with it can be extremely disruptive. Many of them are less experienced with Ubuntu and with Linux, and expect a reliable system which does not require their intervention.

Stable release updates are automatically recommended to a very large number of users, and so it is critically important to treat them with great caution. Therefore, when updates are proposed, they must be accompanied by a strong rationale and present a low risk of regressions.

When

Stable release updates will, in general, only be issued in order to fix high-impact bugs. Examples of such bugs include:

  • Bugs which may, under realistic circumstances, directly cause a security vulnerability

  • Bugs which represent severe regressions from the previous release of Ubuntu

  • Bugs which may, under realistic circumstances, directly cause a loss of user data

How

This process is to be followed for all updates except those to fix security updates, which are only released by the Ubuntu security team. Security procedures are documented at SecurityUpdateProcedures.

For updates to source packages in the universe or multiverse components, see ["MOTU/SRU"]. Any main source packages with binary packages that cross components will have all of their packages examined under this policy.

  1. Propose

    • All proposals for stable release updates must be approved by a member of the [https://launchpad.net/~ubuntu-sru Stable Release Updates team]. Attach all of the information to the existing bug report, use Nominate for release to mark the bug for backporting, then subscribe the ubuntu-sru team. If more than one bug is being addressed, each bug must be handled, justified, approved separately, and uploads will only be approved if all involved bugs are. SRU proposals must be accompanied by the following information for each bug to be addressed:

      1. A statement explaining the impact of the bug on users and justification for backporting the fix to the stable release

      2. An explanation of how the bug has been addressed in the development branch, including the relevant version numbers of packages modified in order to implement the fix; generally, SRUs will not be accepted if the bug has not been fixed in the development branch.

      3. A patch applicable to the stable version of the package. If preparing a patch is likely to be time-consuming, it may be preferable to discuss the first three items before preparing a patch. The patch must be as small and unintrusive as possible.

      4. Detailled instructions how to reproduce the bug. These should allow someone who is not familiar with the affected package to reproduce the bug and verify that the updated package fixes the problem.

      5. A discussion of the regression potential of the patch and how users could get inadvertedly effected.

      The bug tasks need to accurately reflect the state in all releases and the proposed SRU targets. This makes it much easier for the SRU team to assess the state of the bug without having to wade through a long discussion in the bug's history.
  2. Prepare
    • Once an update has been discussed and approved in principle, an upload can be prepared. The following criteria apply to any packages modified as part of the update:

      1. The changelog entry and resulting .changes file must include a reference to the corresponding bug report(s)

      2. The bug report must include an approved SRU proposal

      3. The version number(s) must be carefully checked in order to avoid clashing with any other version of the package, past, present or future

      4. The upload target must be release-proposed

      5. The package difference must be a minimal change to fix the bug. For exceptions to this, see /MicroReleaseExceptions. Spurious changes to build systems, documentation, functionality will be rejected.

      6. Make sure to generate the .changes file against the current version in -proposed or in -updates, using the -v option to dpkg-buildpackage or debuild.

      Uploads which do not meet these criteria will be rejected by an archive administrator and not published. Once the upload is ready, attach a complete source package diff (debdiff) to the bug report for review.

  3. Upload
    • The upload will be reviewed by the SRU archive administrators during regularly scheduled processing, and approved if it meets the above criteria. Archive administrators should verify that the package delta matches the debdiff attached to the bug report.

      The ubuntu-archive team member who accepts the package into -proposed should:

      1. Add a verification-needed tag to the bug report.

      2. Set the bug report to Status: Fix Committed.

  4. Test

    • Once the update has been published in -proposed, it can be tested by a wider audience.

      1. Test the package yourself

      2. If the update has the potential for hardware-specific effects, request a hardware support regression test in the bug report (for example, kernel updates); in this case, at least two users with the affected hardware must give positive test results in the bug report. The [https://launchpad.net/~sru-verification SRU verification team] will test the updated package on different hardware to check for inadvertant side effects.

      The [https://launchpad.net/~sru-verification SRU verification team] will regularly check open bugs with the verification-needed tag. If they discover that your fix is insufficient, they will:

      1. Set the bug report Status: In Progress

      2. Describe why the fix was rejected in a comment to the bug report.

      3. Remove the verification-needed tag.

      The SRU verification team may also discover that your fix is good. They will:

      1. Modify the verification-needed tag to a verification-done tag on the bug report.

      2. Describe the general steps taken to verify the package, any special difficulties, and the recommended upload date.
  5. Release

    • After the package in -proposed has been successfully tested and passed a minimum aging period of 7 days, and is approved for upload to release-updates by the SRU verification team, the ubuntu-archive team member who accepts the package into -updates should:

      1. Copy the source and binary packages from -proposed to -updates.

      2. Set the bug report to Status: Fix Released.

      3. Remove the proposed package from -proposed (subject to [https://bugs.launchpad.net/soyuz/+bug/56037 bug 56037]).

  6. Follow up

    1. Add yourself as a bug contact for the package in Launchpad, if you are not one already

    2. For 7 days after the update is released, monitor Launchpad for bug reports relating to the update

    3. In the event of a regression, immediately notify the [mailto:technical-board@lists.ubuntu.com Ubuntu Technical Board] via email, and ask for help on #ubuntu-devel in making urgent contact with a member of the Board.

Special Cases

Kernel

Because of the way updates to the kernel work, it will follow a slightly different process. The following reasons call for this exception:

  • The kernel is uploaded frequently to -security, so uploading to -updates is not possible due to frequent version skew in the kernel and supporting packages (linux-restricted-modules, linux-meta, etc).

  • Kernel packages are not copied from -proposed to -updates or -security

  • A facility is needed for staging updates to the kernel in bulk, and -proposed is the closest fit

Therefore the following differences apply:

  • Updates for the kernel will be routinely uploaded to -proposed with a specially chosen ABI version (and therefore package name) to avoid clashing with any other kernel installed in the field. Users will not be automatically upgraded to this kernel.

  • No prior discussion and approval is needed for kernel updates to -proposed

  • Individual kernel patches, rather than complete packages, will go through the SRU process above, after having been staged in -proposed

(This section is based on discussions between AdamConrad, MattZimmerman and BenCollins)

app-install-data-commercial

The app-install-data-commercial source package may be uploaded to add .desktop files for new packages in the commercial repository on archive.canonical.com. This does not require prior approval, and the aging requirement is waived; but it must still go through -proposed, a bug report must still be filed with a debdiff and other relevant information as above, and testing must still be recorded in the bug report.

(This section is based on discussions between MichaelVogt and ColinWatson)

tzdata

The tzdata package is updated to reflect changes in timezones or daylight saving policies. The verification is done with the "zdump" utility. The first timezone that gets changed in the updated package is dumped with "zdump -v $region/$timezone_that_changed" (this needed to be greped for in /usr/share/zoneinfo/). This is compared to the same output after the updated package got installed. If those are different the verification is considered done.

Examples

As a reference, see [https://launchpad.net/ubuntu/+source/cpio/+bug/59228 bug #59228] for an idea of how the process works.

CategoryProcess