Re: Proposal to do regular jenkins updates via jessie-updates (Was: Re: Removing Jenkins from Jessie)
Hi, On Mittwoch, 8. April 2015, Niels Thykier wrote: * There are several jenkins-* packages that will (presumably) need to be updated as often as Jenkins itself. I wondered which packages were jenkins* and figured it out with the help from Adam: holger@coccia:~$ dak rm -Rn jenkins Will remove the following packages from unstabl jenkins | 1.565.3-3 | source, all jenkins-cli | 1.565.3-3 | all jenkins-common | 1.565.3-3 | all jenkins-external-job-monitor | 1.565.3-3 | all jenkins-slave | 1.565.3-3 | all jenkins-tomcat | 1.565.3-3 | all libjenkins-java | 1.565.3-3 | all libjenkins-plugin-parent-java | 1.565.3-3 | al Maintainer: Debian Java Maintainers pkg-java-m --- Reason --- -- Checking reverse dependencies... # Broken Build-Depends: jenkins-ant-plugin: libjenkins-plugin-parent-java jenkins-antisamy-markup-formatter-plugin: libjenkins-plugin-parent-java jenkins-instance-identity: libjenkins-plugin-parent-java jenkins-mailer-plugin: libjenkins-plugin-parent-java jenkins-matrix-auth-plugin: libjenkins-plugin-parent-java jenkins-matrix-project-plugin: libjenkins-plugin-parent-java jenkins-ssh-cli-auth: libjenkins-plugin-parent-java Dependency problem found. cheers, Holger, wo is used to install jenkins from upstream but likes installing jenkins-job-builder from main and hopefully soon jenkins-debian-glue packages too... signature.asc Description: This is a digitally signed message part.
Re: Proposal to do regular jenkins updates via jessie-updates (Was: Re: Removing Jenkins from Jessie)
On Wed, 2015-04-08 at 23:33 +0200, Niels Thykier wrote: On 2015-04-08 22:45, Miguel Landaeta wrote: On Wed, 08 Apr 2015 18:17:59 +0200, Niels Thykier escribió: [...] I had a chat with James Page and Emmanuel Bourg about Jenkins over IRC. We concluded that it was infeasible for Debian to maintain Jenkins due to the lack of upstream commitment to a LTS release-cycle of sufficient length to match the length of Jessie[1]. Do you think is feasible or acceptable to maintain Jenkins in jessie-updates suite instead? I am not entirely convinced that Jenkins applies to stable-updates criteria[1]. However, I am leaving the final call on that to the SRMs. As someone who was involved in the initial setup of stable-updates, I'm afraid that I'm not convinced either. Packages such as clamav get updated to new upstream versions via stable-updates, but that's mostly because the (anti-)malware landscape changes sufficiently quickly that it's often not feasible to make small updates to the existing version in order to remain viable and we serve our users better by making newer engines available to them. Apologies if I'm missing something, but that really doesn't seem to be the case for Jenkins. https://wiki.jenkins-ci.org/display/JENKINS/LTS+Release+Line suggests that long-term means supported for three months. I'm struggling to combine those two ideas, particularly in the context of a Debian stable release. (Similarly battle-tested — meaning those commits that have already been a part of a main line release for more than a week.) I do wonder whether backports might be suitable, but I can't and won't speak on behalf of the backports team. Regards, Adam -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/1428531981.7798.30.ca...@adam-barratt.org.uk
Proposal to do regular jenkins updates via jessie-updates (Was: Re: Removing Jenkins from Jessie)
On 2015-04-08 22:45, Miguel Landaeta wrote: On Wed, 08 Apr 2015 18:17:59 +0200, Niels Thykier escribió: [...] I had a chat with James Page and Emmanuel Bourg about Jenkins over IRC. We concluded that it was infeasible for Debian to maintain Jenkins due to the lack of upstream commitment to a LTS release-cycle of sufficient length to match the length of Jessie[1]. Do you think is feasible or acceptable to maintain Jenkins in jessie-updates suite instead? I am not entirely convinced that Jenkins applies to stable-updates criteria[1]. However, I am leaving the final call on that to the SRMs. My view on this: * There are several jenkins-* packages that will (presumably) need to be updated as often as Jenkins itself. * Doing this will imply pulling a new Jenkins LTS release almost immediately (the current one have several critical security flaws and is probably EOL). - NB: Jenkins LTS is supported for 3 or 6 as far as I recall - but [citation missing]. * I would do with an assessment of how like you think it is that the Jenkins packages (jenkins + jenkins-*) will remain buildable, supportable, and installable in Jessie (at least 3 years) without needing to do updates to other packages (or introduce new packages). - 5 if you want to support it for a possible jessie-lts (ignoring for a moment that jessie-lts is technically handled by a separate team). * We would probably want to add a disclaimer in the release-notes if we were to do this. If only to say that security updates are bundled with new upstream releases as we cannot reliably backport minimal fixes. I have put my removal on hold for now until the SRMs have had a chance to look at this. Thanks, ~Niels [1] https://lists.debian.org/debian-devel-announce/2011/03/msg00010.html I suspect it would have to fall under the Packages that need to be current to be useful (e.g. clamav).-clause if Jenkins was applicable. -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/55259eb7.5040...@thykier.net
Removing Jenkins from Jessie
Hi, I had a chat with James Page and Emmanuel Bourg about Jenkins over IRC. We concluded that it was infeasible for Debian to maintain Jenkins due to the lack of upstream commitment to a LTS release-cycle of sufficient length to match the length of Jessie[1]. Accordingly, we agreed to remove the package from Jessie. ~Niels [1] From memory, the Jenkins LTS is at most 6 months. -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/552554b7.7070...@thykier.net
Re: Removing Jenkins from Jessie
On Wed, 08 Apr 2015 18:17:59 +0200, Niels Thykier escribió: [...] I had a chat with James Page and Emmanuel Bourg about Jenkins over IRC. We concluded that it was infeasible for Debian to maintain Jenkins due to the lack of upstream commitment to a LTS release-cycle of sufficient length to match the length of Jessie[1]. Do you think is feasible or acceptable to maintain Jenkins in jessie-updates suite instead? -- Miguel Landaeta, nomadium at debian.org secure email with PGP 0x6E608B637D8967E9 available at http://miguel.cc/key. Faith means not wanting to know what is true. -- Nietzsche signature.asc Description: Digital signature