Re: backport of couchdb
Hi Jan, On Tue, 2012-01-31 at 21:41 +0100, Jan Lehnardt wrote: > On Jan 31, 2012, at 21:24 , Laszlo Boszormenyi wrote: > > What about helping downstream with security fixes? > We could start a new mailing list package-maintain...@couchdb.apache.org > where downstream folks can subscribe and get notified about impeding > releases as well as security notices. Would that be a good first step? Usually couchdb-announce mailinglist is enough. On the other hand if you mean package-maintainers would be a more general list, discussing packaging problems then it may help. If you have a general development mailing list, that's enough as well. > What else could we do to help you downstream? If we can discuss any possible problems with regarding packaging that would be good. > > When CouchDB 1.2.0 is expected to be released? > We are expecting to call a vote in the next few days (pending release > manager time). [...] How it goes? Can I expect a release in the next days? Regards, Laszlo/GCS
Re: backport of couchdb
I haven't tried to build the debian .deb yet, but it should build from my branch at github[1]. I used git-dpm for the packaging. It should be enough to check out that branch and pbuild it or whatever preferred tools you use. The Ubuntu version is uploaded to a PPA [2]. If there's interest I'll roll a binary or source .deb on a debian chroot. Someone got to tell me which debian release I should use though (or several?). I'll also try to pull together a 1.2 package for the latest Ubuntu LTS release. I guess I should probably do debian stable and testing (but not unstable?) [1] http://github.com/tilgovi/couchdb/tree/debian [2] https://launchpad.net/~randall-leeds/+archive/couchdb/ On Sat, Feb 4, 2012 at 10:24, till wrote: > I remember Randall had a launchpad repo to build CouchDB. (CC'd him, maybe > he can weigh in how far he got) > > Launchpad is probably not a 100% compatible with Debian (since it targets > Ubuntu distributions) but the 'basic formula' could be contributed to > something like dotdeb? > > Anyone have thoughts? > > Till > > On Fri, Feb 3, 2012 at 11:42 AM, Jens Rantil wrote: >> >> Hi again everyone, >> >> I am happy to get a discussion going about this. I'd say Debian is a major >> platform for servers. Therefor, I believe CouchDB should exist there - with >> a reasonable modern version. Sure, you can install from source. However, >> with CouchDB and it's replication features it should be easy to roll it out >> to a multitude of Debian servers and kick off replication. >> >> Also, previously Couchbase was hosting a (sadly, buggy) Debian package. >> After the death of the Couchbase package[1] there is no modern Debian >> package alternative anymore. >> >> To keep this discussion going - what did you think of Jan's proposal to >> set up a Debian maintainer mailing list? As of the initial question, shall >> Debian stable installations be living with 0.11 for another ~6 months? I >> guess so. >> >> /J >> >> -Ursprungligt meddelande- >> Från: Jan Lehnardt [mailto:j...@apache.org] >> Skickat: den 31 januari 2012 21:42 >> Till: dev@couchdb.apache.org >> Kopia: Laszlo Boszormenyi >> Ämne: Re: backport of couchdb >> >> Hi Laszlo, >> >> On Jan 31, 2012, at 21:24 , Laszlo Boszormenyi wrote: >> >> > Hi, >> > >> > First, I'm an official DD and the maintainer of CouchDB. >> >> Pleased to meet you and thanks for weighing in on this discussion :) >> >> >> >> As for the back porting, Debian doesn't directly manage any packages. >> >> Everything has a package maintainer who may or may not be part of the >> >> Debian staff, so it really does land on the maintainer. And I don't >> >> see how you could back port fixes from, say, 1.x.x to 0.x.x. >> > Let me ask an other way. Is CouchDB expected to change a lot >> > internally? >> >> I think it is. The question, I think, is how much end-users will be >> affected by these changes (upgrade trouble, incompatibilities etc.) We are >> doing our best to not break BC (according to semver.org) and make upgrades >> seamless and well documented. >> >> > What about helping downstream with security fixes? >> >> We could start a new mailing list package-maintain...@couchdb.apache.org >> where downstream folks can subscribe and get notified about impeding >> releases as well as security notices. Would that be a good first step? >> What else could we do to help you downstream? >> >> > When CouchDB 1.2.0 is expected to be released? >> >> We are expecting to call a vote in the next few days (pending release >> manager time). As per our process, it'll take 4-5 days after the initial >> call for voting to get the release out (if the votes don't go through and if >> issues are found, this process is reset). >> >> Let us know if you have any other questions and thanks again for helping >> out! >> >> Cheers >> Jan >> -- >> >
Re: backport of couchdb
I remember Randall had a launchpad repo to build CouchDB. (CC'd him, maybe he can weigh in how far he got) Launchpad is probably not a 100% compatible with Debian (since it targets Ubuntu distributions) but the 'basic formula' could be contributed to something like dotdeb? Anyone have thoughts? Till On Fri, Feb 3, 2012 at 11:42 AM, Jens Rantil wrote: > Hi again everyone, > > I am happy to get a discussion going about this. I'd say Debian is a major > platform for servers. Therefor, I believe CouchDB should exist there - with > a reasonable modern version. Sure, you can install from source. However, > with CouchDB and it's replication features it should be easy to roll it out > to a multitude of Debian servers and kick off replication. > > Also, previously Couchbase was hosting a (sadly, buggy) Debian package. > After the death of the Couchbase package[1] there is no modern Debian > package alternative anymore. > > To keep this discussion going - what did you think of Jan's proposal to > set up a Debian maintainer mailing list? As of the initial question, shall > Debian stable installations be living with 0.11 for another ~6 months? I > guess so. > > /J > > -Ursprungligt meddelande- > Från: Jan Lehnardt [mailto:j...@apache.org] > Skickat: den 31 januari 2012 21:42 > Till: dev@couchdb.apache.org > Kopia: Laszlo Boszormenyi > Ämne: Re: backport of couchdb > > Hi Laszlo, > > On Jan 31, 2012, at 21:24 , Laszlo Boszormenyi wrote: > > > Hi, > > > > First, I'm an official DD and the maintainer of CouchDB. > > Pleased to meet you and thanks for weighing in on this discussion :) > > > >> As for the back porting, Debian doesn't directly manage any packages. > >> Everything has a package maintainer who may or may not be part of the > >> Debian staff, so it really does land on the maintainer. And I don't > >> see how you could back port fixes from, say, 1.x.x to 0.x.x. > > Let me ask an other way. Is CouchDB expected to change a lot > > internally? > > I think it is. The question, I think, is how much end-users will be > affected by these changes (upgrade trouble, incompatibilities etc.) We are > doing our best to not break BC (according to semver.org) and make > upgrades seamless and well documented. > > > What about helping downstream with security fixes? > > We could start a new mailing list package-maintain...@couchdb.apache.org > where downstream folks can subscribe and get notified about impeding > releases as well as security notices. Would that be a good first step? > What else could we do to help you downstream? > > > When CouchDB 1.2.0 is expected to be released? > > We are expecting to call a vote in the next few days (pending release > manager time). As per our process, it'll take 4-5 days after the initial > call for voting to get the release out (if the votes don't go through and > if issues are found, this process is reset). > > Let us know if you have any other questions and thanks again for helping > out! > > Cheers > Jan > -- > >
Re: backport of couchdb
Hi Laszlo, On Jan 31, 2012, at 21:24 , Laszlo Boszormenyi wrote: > Hi, > > First, I'm an official DD and the maintainer of CouchDB. Pleased to meet you and thanks for weighing in on this discussion :) >> As for the back porting, Debian doesn't directly manage any packages. >> Everything has a package maintainer who may or may not be part of the >> Debian staff, so it really does land on the maintainer. And I don't >> see how you could back port fixes from, say, 1.x.x to 0.x.x. > Let me ask an other way. Is CouchDB expected to change a lot > internally? I think it is. The question, I think, is how much end-users will be affected by these changes (upgrade trouble, incompatibilities etc.) We are doing our best to not break BC (according to semver.org) and make upgrades seamless and well documented. > What about helping downstream with security fixes? We could start a new mailing list package-maintain...@couchdb.apache.org where downstream folks can subscribe and get notified about impeding releases as well as security notices. Would that be a good first step? What else could we do to help you downstream? > When CouchDB 1.2.0 is expected to be released? We are expecting to call a vote in the next few days (pending release manager time). As per our process, it'll take 4-5 days after the initial call for voting to get the release out (if the votes don't go through and if issues are found, this process is reset). Let us know if you have any other questions and thanks again for helping out! Cheers Jan --
Re: backport of couchdb
On Tue, Jan 31, 2012 at 6:36 PM, Sam Bisbee wrote: > "CouchDB releases more often than Debian". > *Everybody* releases more often than Debian. ;)
Re: backport of couchdb
Hi, First, I'm an official DD and the maintainer of CouchDB. On Tue, 2012-01-31 at 13:36 -0500, Sam Bisbee wrote: > Sorry, I wasn't clear enough with the productivity stuff. I was trying > to drive more at the LTS issues. Debian essentially believes that > everything introduced into their repos is LTS [...] Actually no. We hope that upstream teams do support security vise their previous releases. On the other hand, we have backports which contains packages considered stable enough compiled for a stable release. Also, we have volatile which is for fast moving targets like virus scanners, see amavis for example. > Or maybe CouchDB does consider their versions to be supported for 1yr > +? I vaguely recall support time lines being discussed years ago. Well, there's a recent example when a package will be updated to a more recent version in stable due to security concerns[1]. > As for the back porting, Debian doesn't directly manage any packages. > Everything has a package maintainer who may or may not be part of the > Debian staff, so it really does land on the maintainer. And I don't > see how you could back port fixes from, say, 1.x.x to 0.x.x. Let me ask an other way. Is CouchDB expected to change a lot internally? What about helping downstream with security fixes? When CouchDB 1.2.0 is expected to be released? Regards, Laszlo/GCS [1] http://lists.debian.org/debian-security/2012/01/msg00041.html signature.asc Description: This is a digitally signed message part
Re: backport of couchdb
Sorry, I wasn't clear enough with the productivity stuff. I was trying to drive more at the LTS issues. Debian essentially believes that everything introduced into their repos is LTS whereas CouchDB doesn't consider every version to be supported for 1yr +. The productivity bit was more "CouchDB releases more often than Debian". Or maybe CouchDB does consider their versions to be supported for 1yr +? I vaguely recall support time lines being discussed years ago. As for the back porting, Debian doesn't directly manage any packages. Everything has a package maintainer who may or may not be part of the Debian staff, so it really does land on the maintainer. And I don't see how you could back port fixes from, say, 1.x.x to 0.x.x. Cheers, -- Sam Bisbee On Tue, Jan 31, 2012 at 11:40 AM, Noah Slater wrote: > I don't think there's as much of a conflict as you are making out. CouchDB > is actually a fairly slow moving project. One the things > regularly levelled against us is that we don't release more often. So I am > not prepared to accept that CouchDB is some how unusually active in > comparison to other Debian projects. As for back porting security fixes, if > the project itself is not prepared to do that, then it becomes the package > maintainers responsibility. So that would require some knowledge of Erlang, > I guess. > > On Tue, Jan 31, 2012 at 4:14 PM, Sam Bisbee wrote: > >> On Tue, Jan 31, 2012 at 10:27 AM, Noah Slater >> wrote: >> > Copying in the CouchDB developer list. >> > >> > I have not done any work for Debian for a number of years now. People >> have, >> > on occasion, said that they were interested in taking up the CouchDB >> > packaging work. I guess that never happened. Is anyone else prepared to >> > step up here? >> >> I was for a long time. Many reasons for why I left, including... >> >> > We'll be releasing CouchDB 1.2.0 soon, and it would be super awesome if >> > that ended up in Debian shortly after. >> >> The long and short of it is that Debian does not want versions of >> packages to be added to its repository that will not be supported over >> the long term. This is their policy and should be respected, >> regardless of your feelings about it (political patches welcome?). >> >> The problem is that CouchDB is a productive project. Releases come out >> at regular intervals and very old versions are usually not supported. >> For example, I doubt anyone thought 0.11.0 would be a LTS version, but >> it made it into Debian stable. Now Debian's expectation is that >> critical and security patches would be back ported to it from new >> versions instead of pushing new versions of CouchDB into stable until >> a new Debian release, at which point a new package version would be >> considered for stable. >> >> The two project's models simply do not match up. Once I saw this, and >> a few other things happened, I decided to pull out and am now of the >> opinion that it is up to Apache CouchDB, Cloudant, and/or individual >> community members to provide these packages. >> >> Luckily source installs are very simple on Debian and Ubuntu, >> especially when compared to CentOS/RHEL. >> >> Cheers, >> >> -- >> Sam Bisbee >> >> > On Tue, Jan 31, 2012 at 9:07 AM, Jens Rantil >> wrote: >> > >> >> Hi, >> >> >> >> I saw that you are the maintainer of the Debian CouchDB package. >> >> Currently, the CouchDB package is lagging behind quite a lot (there is a >> >> major leap in version number between stable (0.11) and testing >> (1.1.1)). Is >> >> there any way/possibility to create a backport package of CouchDB to >> make a >> >> modern version of the package available to unstable? >> >> >> >> Regards, >> >> Jens >> >> >>
Re: backport of couchdb
I don't think there's as much of a conflict as you are making out. CouchDB is actually a fairly slow moving project. One the things regularly levelled against us is that we don't release more often. So I am not prepared to accept that CouchDB is some how unusually active in comparison to other Debian projects. As for back porting security fixes, if the project itself is not prepared to do that, then it becomes the package maintainers responsibility. So that would require some knowledge of Erlang, I guess. On Tue, Jan 31, 2012 at 4:14 PM, Sam Bisbee wrote: > On Tue, Jan 31, 2012 at 10:27 AM, Noah Slater > wrote: > > Copying in the CouchDB developer list. > > > > I have not done any work for Debian for a number of years now. People > have, > > on occasion, said that they were interested in taking up the CouchDB > > packaging work. I guess that never happened. Is anyone else prepared to > > step up here? > > I was for a long time. Many reasons for why I left, including... > > > We'll be releasing CouchDB 1.2.0 soon, and it would be super awesome if > > that ended up in Debian shortly after. > > The long and short of it is that Debian does not want versions of > packages to be added to its repository that will not be supported over > the long term. This is their policy and should be respected, > regardless of your feelings about it (political patches welcome?). > > The problem is that CouchDB is a productive project. Releases come out > at regular intervals and very old versions are usually not supported. > For example, I doubt anyone thought 0.11.0 would be a LTS version, but > it made it into Debian stable. Now Debian's expectation is that > critical and security patches would be back ported to it from new > versions instead of pushing new versions of CouchDB into stable until > a new Debian release, at which point a new package version would be > considered for stable. > > The two project's models simply do not match up. Once I saw this, and > a few other things happened, I decided to pull out and am now of the > opinion that it is up to Apache CouchDB, Cloudant, and/or individual > community members to provide these packages. > > Luckily source installs are very simple on Debian and Ubuntu, > especially when compared to CentOS/RHEL. > > Cheers, > > -- > Sam Bisbee > > > On Tue, Jan 31, 2012 at 9:07 AM, Jens Rantil > wrote: > > > >> Hi, > >> > >> I saw that you are the maintainer of the Debian CouchDB package. > >> Currently, the CouchDB package is lagging behind quite a lot (there is a > >> major leap in version number between stable (0.11) and testing > (1.1.1)). Is > >> there any way/possibility to create a backport package of CouchDB to > make a > >> modern version of the package available to unstable? > >> > >> Regards, > >> Jens > >> >
Re: backport of couchdb
On Tue, Jan 31, 2012 at 10:27 AM, Noah Slater wrote: > Copying in the CouchDB developer list. > > I have not done any work for Debian for a number of years now. People have, > on occasion, said that they were interested in taking up the CouchDB > packaging work. I guess that never happened. Is anyone else prepared to > step up here? I was for a long time. Many reasons for why I left, including... > We'll be releasing CouchDB 1.2.0 soon, and it would be super awesome if > that ended up in Debian shortly after. The long and short of it is that Debian does not want versions of packages to be added to its repository that will not be supported over the long term. This is their policy and should be respected, regardless of your feelings about it (political patches welcome?). The problem is that CouchDB is a productive project. Releases come out at regular intervals and very old versions are usually not supported. For example, I doubt anyone thought 0.11.0 would be a LTS version, but it made it into Debian stable. Now Debian's expectation is that critical and security patches would be back ported to it from new versions instead of pushing new versions of CouchDB into stable until a new Debian release, at which point a new package version would be considered for stable. The two project's models simply do not match up. Once I saw this, and a few other things happened, I decided to pull out and am now of the opinion that it is up to Apache CouchDB, Cloudant, and/or individual community members to provide these packages. Luckily source installs are very simple on Debian and Ubuntu, especially when compared to CentOS/RHEL. Cheers, -- Sam Bisbee > On Tue, Jan 31, 2012 at 9:07 AM, Jens Rantil wrote: > >> Hi, >> >> I saw that you are the maintainer of the Debian CouchDB package. >> Currently, the CouchDB package is lagging behind quite a lot (there is a >> major leap in version number between stable (0.11) and testing (1.1.1)). Is >> there any way/possibility to create a backport package of CouchDB to make a >> modern version of the package available to unstable? >> >> Regards, >> Jens >>
Re: backport of couchdb
Oh, you already addressed the developer list. Heh. On Tue, Jan 31, 2012 at 9:07 AM, Jens Rantil wrote: > Hi, > > I saw that you are the maintainer of the Debian CouchDB package. > Currently, the CouchDB package is lagging behind quite a lot (there is a > major leap in version number between stable (0.11) and testing (1.1.1)). Is > there any way/possibility to create a backport package of CouchDB to make a > modern version of the package available to unstable? > > Regards, > Jens >
Re: backport of couchdb
Copying in the CouchDB developer list. I have not done any work for Debian for a number of years now. People have, on occasion, said that they were interested in taking up the CouchDB packaging work. I guess that never happened. Is anyone else prepared to step up here? We'll be releasing CouchDB 1.2.0 soon, and it would be super awesome if that ended up in Debian shortly after. On Tue, Jan 31, 2012 at 9:07 AM, Jens Rantil wrote: > Hi, > > I saw that you are the maintainer of the Debian CouchDB package. > Currently, the CouchDB package is lagging behind quite a lot (there is a > major leap in version number between stable (0.11) and testing (1.1.1)). Is > there any way/possibility to create a backport package of CouchDB to make a > modern version of the package available to unstable? > > Regards, > Jens >
