backport of couchdb
Hi, I saw that you are the maintainer of the Debian CouchDB package. Currently, the CouchDB package is lagging behind quite a lot (there is a major leap in version number between stable (0.11) and testing (1.1.1)). Is there any way/possibility to create a backport package of CouchDB to make a modern version of the package available to unstable? Regards, Jens
Re: backport of couchdb
Copying in the CouchDB developer list. I have not done any work for Debian for a number of years now. People have, on occasion, said that they were interested in taking up the CouchDB packaging work. I guess that never happened. Is anyone else prepared to step up here? We'll be releasing CouchDB 1.2.0 soon, and it would be super awesome if that ended up in Debian shortly after. On Tue, Jan 31, 2012 at 9:07 AM, Jens Rantil jens.ran...@telavox.se wrote: Hi, I saw that you are the maintainer of the Debian CouchDB package. Currently, the CouchDB package is lagging behind quite a lot (there is a major leap in version number between stable (0.11) and testing (1.1.1)). Is there any way/possibility to create a backport package of CouchDB to make a modern version of the package available to unstable? Regards, Jens
Re: backport of couchdb
Oh, you already addressed the developer list. Heh. On Tue, Jan 31, 2012 at 9:07 AM, Jens Rantil jens.ran...@telavox.se wrote: Hi, I saw that you are the maintainer of the Debian CouchDB package. Currently, the CouchDB package is lagging behind quite a lot (there is a major leap in version number between stable (0.11) and testing (1.1.1)). Is there any way/possibility to create a backport package of CouchDB to make a modern version of the package available to unstable? Regards, Jens
Re: backport of couchdb
On Tue, Jan 31, 2012 at 10:27 AM, Noah Slater nsla...@tumbolia.org wrote: Copying in the CouchDB developer list. I have not done any work for Debian for a number of years now. People have, on occasion, said that they were interested in taking up the CouchDB packaging work. I guess that never happened. Is anyone else prepared to step up here? I was for a long time. Many reasons for why I left, including... We'll be releasing CouchDB 1.2.0 soon, and it would be super awesome if that ended up in Debian shortly after. The long and short of it is that Debian does not want versions of packages to be added to its repository that will not be supported over the long term. This is their policy and should be respected, regardless of your feelings about it (political patches welcome?). The problem is that CouchDB is a productive project. Releases come out at regular intervals and very old versions are usually not supported. For example, I doubt anyone thought 0.11.0 would be a LTS version, but it made it into Debian stable. Now Debian's expectation is that critical and security patches would be back ported to it from new versions instead of pushing new versions of CouchDB into stable until a new Debian release, at which point a new package version would be considered for stable. The two project's models simply do not match up. Once I saw this, and a few other things happened, I decided to pull out and am now of the opinion that it is up to Apache CouchDB, Cloudant, and/or individual community members to provide these packages. Luckily source installs are very simple on Debian and Ubuntu, especially when compared to CentOS/RHEL. Cheers, -- Sam Bisbee On Tue, Jan 31, 2012 at 9:07 AM, Jens Rantil jens.ran...@telavox.se wrote: Hi, I saw that you are the maintainer of the Debian CouchDB package. Currently, the CouchDB package is lagging behind quite a lot (there is a major leap in version number between stable (0.11) and testing (1.1.1)). Is there any way/possibility to create a backport package of CouchDB to make a modern version of the package available to unstable? Regards, Jens
Re: backport of couchdb
I don't think there's as much of a conflict as you are making out. CouchDB is actually a fairly slow moving project. One the things regularly levelled against us is that we don't release more often. So I am not prepared to accept that CouchDB is some how unusually active in comparison to other Debian projects. As for back porting security fixes, if the project itself is not prepared to do that, then it becomes the package maintainers responsibility. So that would require some knowledge of Erlang, I guess. On Tue, Jan 31, 2012 at 4:14 PM, Sam Bisbee s...@sbisbee.com wrote: On Tue, Jan 31, 2012 at 10:27 AM, Noah Slater nsla...@tumbolia.org wrote: Copying in the CouchDB developer list. I have not done any work for Debian for a number of years now. People have, on occasion, said that they were interested in taking up the CouchDB packaging work. I guess that never happened. Is anyone else prepared to step up here? I was for a long time. Many reasons for why I left, including... We'll be releasing CouchDB 1.2.0 soon, and it would be super awesome if that ended up in Debian shortly after. The long and short of it is that Debian does not want versions of packages to be added to its repository that will not be supported over the long term. This is their policy and should be respected, regardless of your feelings about it (political patches welcome?). The problem is that CouchDB is a productive project. Releases come out at regular intervals and very old versions are usually not supported. For example, I doubt anyone thought 0.11.0 would be a LTS version, but it made it into Debian stable. Now Debian's expectation is that critical and security patches would be back ported to it from new versions instead of pushing new versions of CouchDB into stable until a new Debian release, at which point a new package version would be considered for stable. The two project's models simply do not match up. Once I saw this, and a few other things happened, I decided to pull out and am now of the opinion that it is up to Apache CouchDB, Cloudant, and/or individual community members to provide these packages. Luckily source installs are very simple on Debian and Ubuntu, especially when compared to CentOS/RHEL. Cheers, -- Sam Bisbee On Tue, Jan 31, 2012 at 9:07 AM, Jens Rantil jens.ran...@telavox.se wrote: Hi, I saw that you are the maintainer of the Debian CouchDB package. Currently, the CouchDB package is lagging behind quite a lot (there is a major leap in version number between stable (0.11) and testing (1.1.1)). Is there any way/possibility to create a backport package of CouchDB to make a modern version of the package available to unstable? Regards, Jens
Re: backport of couchdb
Sorry, I wasn't clear enough with the productivity stuff. I was trying to drive more at the LTS issues. Debian essentially believes that everything introduced into their repos is LTS whereas CouchDB doesn't consider every version to be supported for 1yr +. The productivity bit was more CouchDB releases more often than Debian. Or maybe CouchDB does consider their versions to be supported for 1yr +? I vaguely recall support time lines being discussed years ago. As for the back porting, Debian doesn't directly manage any packages. Everything has a package maintainer who may or may not be part of the Debian staff, so it really does land on the maintainer. And I don't see how you could back port fixes from, say, 1.x.x to 0.x.x. Cheers, -- Sam Bisbee On Tue, Jan 31, 2012 at 11:40 AM, Noah Slater nsla...@tumbolia.org wrote: I don't think there's as much of a conflict as you are making out. CouchDB is actually a fairly slow moving project. One the things regularly levelled against us is that we don't release more often. So I am not prepared to accept that CouchDB is some how unusually active in comparison to other Debian projects. As for back porting security fixes, if the project itself is not prepared to do that, then it becomes the package maintainers responsibility. So that would require some knowledge of Erlang, I guess. On Tue, Jan 31, 2012 at 4:14 PM, Sam Bisbee s...@sbisbee.com wrote: On Tue, Jan 31, 2012 at 10:27 AM, Noah Slater nsla...@tumbolia.org wrote: Copying in the CouchDB developer list. I have not done any work for Debian for a number of years now. People have, on occasion, said that they were interested in taking up the CouchDB packaging work. I guess that never happened. Is anyone else prepared to step up here? I was for a long time. Many reasons for why I left, including... We'll be releasing CouchDB 1.2.0 soon, and it would be super awesome if that ended up in Debian shortly after. The long and short of it is that Debian does not want versions of packages to be added to its repository that will not be supported over the long term. This is their policy and should be respected, regardless of your feelings about it (political patches welcome?). The problem is that CouchDB is a productive project. Releases come out at regular intervals and very old versions are usually not supported. For example, I doubt anyone thought 0.11.0 would be a LTS version, but it made it into Debian stable. Now Debian's expectation is that critical and security patches would be back ported to it from new versions instead of pushing new versions of CouchDB into stable until a new Debian release, at which point a new package version would be considered for stable. The two project's models simply do not match up. Once I saw this, and a few other things happened, I decided to pull out and am now of the opinion that it is up to Apache CouchDB, Cloudant, and/or individual community members to provide these packages. Luckily source installs are very simple on Debian and Ubuntu, especially when compared to CentOS/RHEL. Cheers, -- Sam Bisbee On Tue, Jan 31, 2012 at 9:07 AM, Jens Rantil jens.ran...@telavox.se wrote: Hi, I saw that you are the maintainer of the Debian CouchDB package. Currently, the CouchDB package is lagging behind quite a lot (there is a major leap in version number between stable (0.11) and testing (1.1.1)). Is there any way/possibility to create a backport package of CouchDB to make a modern version of the package available to unstable? Regards, Jens
Re: backport of couchdb
Hi, First, I'm an official DD and the maintainer of CouchDB. On Tue, 2012-01-31 at 13:36 -0500, Sam Bisbee wrote: Sorry, I wasn't clear enough with the productivity stuff. I was trying to drive more at the LTS issues. Debian essentially believes that everything introduced into their repos is LTS [...] Actually no. We hope that upstream teams do support security vise their previous releases. On the other hand, we have backports which contains packages considered stable enough compiled for a stable release. Also, we have volatile which is for fast moving targets like virus scanners, see amavis for example. Or maybe CouchDB does consider their versions to be supported for 1yr +? I vaguely recall support time lines being discussed years ago. Well, there's a recent example when a package will be updated to a more recent version in stable due to security concerns[1]. As for the back porting, Debian doesn't directly manage any packages. Everything has a package maintainer who may or may not be part of the Debian staff, so it really does land on the maintainer. And I don't see how you could back port fixes from, say, 1.x.x to 0.x.x. Let me ask an other way. Is CouchDB expected to change a lot internally? What about helping downstream with security fixes? When CouchDB 1.2.0 is expected to be released? Regards, Laszlo/GCS [1] http://lists.debian.org/debian-security/2012/01/msg00041.html signature.asc Description: This is a digitally signed message part
Re: backport of couchdb
On Tue, Jan 31, 2012 at 6:36 PM, Sam Bisbee s...@sbisbee.com wrote: CouchDB releases more often than Debian. *Everybody* releases more often than Debian. ;)
Re: backport of couchdb
Hi Laszlo, On Jan 31, 2012, at 21:24 , Laszlo Boszormenyi wrote: Hi, First, I'm an official DD and the maintainer of CouchDB. Pleased to meet you and thanks for weighing in on this discussion :) As for the back porting, Debian doesn't directly manage any packages. Everything has a package maintainer who may or may not be part of the Debian staff, so it really does land on the maintainer. And I don't see how you could back port fixes from, say, 1.x.x to 0.x.x. Let me ask an other way. Is CouchDB expected to change a lot internally? I think it is. The question, I think, is how much end-users will be affected by these changes (upgrade trouble, incompatibilities etc.) We are doing our best to not break BC (according to semver.org) and make upgrades seamless and well documented. What about helping downstream with security fixes? We could start a new mailing list package-maintain...@couchdb.apache.org where downstream folks can subscribe and get notified about impeding releases as well as security notices. Would that be a good first step? What else could we do to help you downstream? When CouchDB 1.2.0 is expected to be released? We are expecting to call a vote in the next few days (pending release manager time). As per our process, it'll take 4-5 days after the initial call for voting to get the release out (if the votes don't go through and if issues are found, this process is reset). Let us know if you have any other questions and thanks again for helping out! Cheers Jan --
