Blockers in Bugfix-Releases (Re: [Release Planning 3.6] Samba 3.6.6 on May 31 (was May 24)?)

Fri Jun 15 13:03:21 MDT 2012

On Thu, Jun 14, 2012 at 10:06:50AM +1000, Andrew Bartlett wrote:
> The problem is, for each of us our pet feature is that certain key
> feature :-).  I still hold that 'regression' is the only standard we can
> all agree on. 

I don't agree. I agree that your statement is valid in most cases, but
there are some key features that must work IMHO. Maybe we need to write down
these functionalities. Btw, when XP clients cannot be joined, it's a
regression. 

I would really like to hear Volker's and Jeremy's point of view regarding
the regressions. In the past, I had several times the impression that we
do need blocker bugs (and that the use of them was not abused).
Maybe you guys would like to comment.

> As the release was almost ready, how much extra work would it have been
> to spin the security release the next week, compared with waiting,
> spinning the security release, and then spinning a real release?

Shipping a release with a known security issue is not possible from my
point of view (and I think I was told not to do so). Shipping the bugfix
release a few days after the security release would have been possible
usually, but we planned a 2 weeks vacation in that time. I am sorry for
that. I thought this might be a valid requirement once a year. So again,
very disastrous circumstances this time.

> As this turned out to be nothing more than a DoS, could it not have
> waited for the next release, or (because it isn't much more work) have
> just been a release on it's own?

That's what happened.

> I asked before, but focusing on normal releases this time, what is so
> costly about making releases, and how can we help reduce that cost?  

My personal time is limited as I am not working in front of my child.
I am in parental leave, so that should be possible. If that's not
compatible, please let me know.
So I am working in the evening. As I have already said, I don't see much
space for more automation. It takes time to write the release notes and to
announce the releases on a lot of sites. And I did not say that the
releases take too much time. I just said that security releases are pretty
hard, because usually that means 3 releases at one day (and I am also the
one building and uploading the SerNet Samba packages). And it's always a
bit more concentration needed to keep things hidden as long as needed.
But I do not complain, I am trying to answer your questions. 

Please note that I would prefer to discuss private things on a private
list, not on a public one. 

> Why does a security release have to impact on the timeframe so much?  I
> know they are a lot of work, but could we work out a way to get the cost
> of the normal releases down so they are easier to fit in between them?

Please see above. Usually they do not impact on the timeframe so much. It
was a bad combination together with my holiday plans (which did not came
true, but that's another story).

Karolin

-- 
Samba			http://www.samba.org
SerNet			http://www.sernet.de
sambaXP			http://www.sambaxp.org