Monday, 9 July 2018

Re: Inconsistencies in package versions for stable releases

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEXHq+og+GMEWcyMi14n8s+EWML6QFAltDvwoACgkQ4n8s+EWM
L6Rp8Q//c7pGjXX2eByQxOplTwhs5Mf+5n90QLKy+5zKhSihwx2Pj6bLfAJ9z54r
U/62gGKK3KMsqASltbIwVN8Y1t3LHmgzPiGOz3rRy4gk1WbzaoBdS74GHZR/B2wy
BUJmoOzyKsuHAv/kMO7p5N/xUB4VmZBg9J9QvWkGGJy9jhKO7ZH8MCHzY2eVe+y8
TvYahhiDqhXOVli75C2S6n414yTBf3/DBuEksF69IE9VFziynJxm1HmlzHYBx4h4
/XTw0X8KvIuKv16kORwjcDBrp73DsMYFWfHY4QSj1LRfddgrRG39MePASCmkoeoe
lV1t1eu99tkzDhAtbHfRe6w4JDp1SwL0u52n4EpoMtDPBth5Ca2X3z4j6zhxZEiy
pflsxY+3Rd3HBGTJmGmQgO4LTgM9q38kMBvAHgKqStX+uqlTaeM6GWATCuzsYW16
k6+2butJBeKPj9FcSxHHmljLKKp/mwV6Z9JT/dA1YJyZQfx5k5LqlR/nCSGews3h
N9IfLqFaiRnADLyr7GokqSiQz4CbKJIbie2qZGLSUpHSYmY22+0NNT/ZfLL8uGCJ
4hqsXVw098v+tnlhdpYSdOXD0P9eTZFX7Js2FxmPt9YqvRMTq1SzftcuE1bnDVXn
+EJCrfABWKt18ngld0JkKSi/ghv911r49SRYt60zNJ+9CQkijhM=
=+GB5
-----END PGP SIGNATURE-----
Hello Łukasz,

On 07/09/2018 02:32 AM, Lukasz Zemczak wrote:
> Just a few cents from me as an SRU member.

For the sake of clarity, are you representing yourself as an uploading
Ubuntu Developer, or the SRU team as a whole?

> There is no 'inconsistencies' among the SRU team regarding versioning
> as there is no 'standard' way of versioning packages.

Standards are not a prerequisite of inconsistency. If I complete a task
a different way than someone else does, and there's no written standard
way of completing this task, our actions are still not consistent.

> Rejection of a package because of the versioning scheme, to me, is
> only a case of preference and can vary between SRU members.

Right, this is the inconsistency I'm describing.

<snip />

> In my view the ubuntu-report scheme is the most invalid, but it has
> been accepted conditionally as the package was not targeted for
> backporting to anywhere else than bionic. I should have probably
> rejected it and re-uploaded with a more fitting versioning applied, as
> I did for a few others like this. But as I said, there generally is no
> standard we *need* to enforce, so as long as the version works -
> there's no requirement for rejection.

I think this is a slippery slope. There are a lot of versioning schemes
which *technically* work, but should we use them in practice?

For example, if I were to upload version
1.7.5-1bionicbeaveristhe1804ltsrelease.0.18.04.0.1 of a package which
has only been in Bionic and Cosmic, following this standard, as long as
it works, the SRU team would have to accept it.

> We should keep advertising the security team's versioning as the best
> way to go, but right now - for what I can tell - there are no rules
> for that.

My argument is that we *should* have rules here. If we say that the
security team versioning scheme should be followed, but if you don't
follow it and it still works anyway it'll still be accepted, then what's
the point of linking to the security team versioning scheme?

Thanks for your response.

--
Simon Quigley
tsimonq2@ubuntu.com
tsimonq2 on freenode and OFTC
5C7A BEA2 0F86 3045 9CC8
C8B5 E27F 2CF8 458C 2FA4