Hello everyone, *TL;DR;* Following our OS upgrade policy [1] - I ask for a lazy consensus to switch our Docker images from Bullseye to Bookworm.
The 2.8 version will be based on Bookworm, and we keep an option to build a custom Bullseye image for users who need it). In 2.9 we will drop Bullseye support from our Dockerfiles. Airflow 2.7 images (if we release 2.7.4+) will continue using Bullseye). Unless someone objects, the lazy consensus will be reached on *Monday 6th of November 2023, at midnight CET.* *More info on the status of PR with change:* Raphael proposed a PR some time ago and he made our image works for Bookworm, and I added a bit of code in Breeze to make it possible to be able to select whether Bookworm or Bullseye should be built and the resulting joint PR https://github.com/apache/airflow/pull/35376 goes through last checks and tests. Thanks to Raphael for opening the PR and persistently reminding me about it and making the Bookworm variant works !!! . It allowed me to implement the `--debian-version` switch in almost no time afterwards. *Explanation about our policies:* Since the time of buster -> bullseye switch [2] we have had a policy for it, so I do not expect much of a discussion here. This PR just implements the policy we agreed to - back then. It's a bit earlier than "approximately 6 months" as originally described in the policy. It's about 8 months for Bullseye to switch to LTS status, but it will likely be ~7 months when we release it in 2.8, so I consider it "approximately 6 months". The bullseye -> bookworm switch should be rather painless for most of our users as changes there are minimal and "expected". Also users will still be able to take old Dockerfiles and build bullseye images and install even newer Airflow versions - even a long time after we stop verifying it in our CI (which will happen in 2.9). The buster -> bullseye switch was relatively painless, there were a few issues reported for users who used some specific versions of some custom software, but the issues were short-lived and went away after 1 or 2 months as far as I remember. I expect a very similar outcome this time. *Security implications* It also turned out, we have another reason to make the migration now. This upgrade is very important for security reasons. Bookworm uses libssl3 instead of libssl1.1 by default and libsssl1.1 end of life WAS September 2023 and switching to it will help to keep Airflow users secure. More information here https://www.openssl.org/blog/blog/2023/09/11/eol-111/ . Libssl 3 is LTS and will be supported until 7th of September 2026. *References*: [1] Current policy we have for OS support in images: https://github.com/apache/airflow#base-os-support-for-reference-airflow-images [2] Previous thread for Buster-> Bullseye switch https://lists.apache.org/thread/fo20nqb8gs449os1vogjqdd1rv0pxx79 *More context and consequences of the switching (from PR)*. --------------------- Debian bookworm (12) is the current stable version of Debian and it is on the market for more than a year so all the other dependencies should have enough time to catch up. While Debian bullseye is still supported (oldstable) it will be switching to LTS support mode (managed by volunteers) roughly in July 2024 - but we want to switch our reference images to bookworm long before that date. This PR switches our reference images to Debian Bookworm for Dockerfiles and images that will be released to Airflow 2.8.0. Similarly as with the "Debian buster -> Debian bullseye" switch we will switch our reference images to bookworm and we will not be publishing images based on bullseye. However our users will still be able to build custom images using our Dockerfiles with bullseye base image until we release Airflow 2.9.0 where the bullseye support will be dropped entirely. We provide release notes and instructions on how users can build the bullseye images if they still want to do it - for example because their system level dependencies will require them to do so, but the users are advised to switch to bookworm-based images as soon as possible. The users will likely still be able to build custom Airflow images for future airflow releases (using Dockerfiles released with Airflow 2.8), however as of Airflow 2.9, we will not release Dockerfiles with support for that and we will not verify if Airflow with default dependencies can be installed on bullseye Debian. J.
