Re: Wireshark LTS branches

[Evan Huus <eapache () gmail com>]

On Thu, Apr 17, 2014 at 4:23 AM, Anders Broman
<anders.broman () ericsson com> wrote:
> -----Original Message-----
> From: wireshark-dev-bounces () wireshark org [mailto:wireshark-dev-bounces () wireshark org] On Behalf Of Bálint 
> Réczey
> Sent: den 17 april 2014 09:59
> To: Gerald Combs
> Cc: Developer support list for Wireshark
> Subject: Re: [Wireshark-dev] Wireshark LTS branches
>
> Hi Gerald,
>
> 2014-04-17 1:59 GMT+02:00 Gerald Combs <gerald () wireshark org>:
> > On 4/16/14 3:42 AM, Bálint Réczey wrote:
> > > Hi,
> > >
> > > Many of you probably know about the Wireshark package [1] in Debian
> > > which I started maintaining a few years ago. Like every other package
> > > in Debian, the version of Wireshark included in the major
> > > distribution release is getting security and stability updates
> > > through the lifetime [2] of the major distribution release which is
> > > typically 3 years, but it is still shorter than the lifetime of an
> > > Ubuntu LTS (5 years) or Red Hat [3] (10 years).
> > >
> > > Wireshark, the Project, makes a major release every year and
> > > according our current policy we support [4] the current and previous
> > > release which makes Wireshark releases lifetime 2 years.
> > >
> > > Wireshark makes point releases after each major release fixing bugs
> > > adding minor features and improvements, but only the security and
> > > some stability related fixes get included in updates to the Debian package.
> > > Since the Debian packages have longer lifetime than Wireshark release
> > > I back-port security related fixes to older releases than the project
> > > which means that I already maintain two Wireshark branches with
> > > security fixes only in the form of patch sets [5]. Other distribution
> > > maintainers do the same.
> > >
> > > Since we moved to Git maintaining the branches became easier and I
> > > would like to as the project to allow me to maintain the two existing
> > > branches in the projects repository. Going forward I would like to
> > > open one similar branch for at least every Debian major release and
> > > maintain at least through the major release's lifetime.
> > >
> > > I think it would not create any significant additional work for the
> > > community but it would provide many advantages.
> > >
> > > 1. We could provide an upgrade path for people focused only on
> > > security but not on other improvements keeping the existing release
> > > plan.
> > > 2. Distribution maintainers could eliminate the duplicate work by
> > > collaborating in the LTS branches.
> > > 3. Back-ported fixes could get better testing using the existing
> > > buildbot infrastructure.
> > > 4. Back-ported fixes could be reviewed by more people.
> > >
> > > One additional note regarding Debian, we (at Debian) are thinking
> > > about extending the lifespan of each release to 5 years [7] and this
> > > would extend my commitment to maintaining the Wireshark LTS branches
> > > naturally.
> > >
> > > Would the Project be open for the proposed branches?
> >
> > Overall it sounds fine to me. How many branches would be created and
> > how would they be named?
> I would like to create two branches forking off from 1.2.11 1.8.2 because those are the base versions for Debian 
> oldstable and stable.
> If others are interested, we could find an LTS forking point for every major branch, but those are which I maintain 
> already.
>
> The next could fork off from 1.12.x based on the freeze date for next stable, which is November 5th. If other 
> distributions are interested we could find a forking point which would fit their release schedule as well.
>
> Cheers,
> Balint
>
> Hmm this seems backwards to me, if the distributions don't take the point releases we make, there is something wrong 
> with our point releases or we shouldn't be making them in
> The first place if no one is using them. Seems like a lot of work for nothing to me.

This was also my original reaction. We do a fair amount of work (or at
least Gerald does quite a lot of work), maintaining stable and
old-stable Wireshark branches already. It seems like it would be
easier for everybody if we tweaked our stable-backport policy so that
Debian and whoever else could just grab new stable versions from us
directly.

I can't speak for Debian, but Ubuntu has a specific policy for this
sort of thing:
https://wiki.ubuntu.com/StableReleaseUpdates/MicroReleaseExceptions

> Should we change our backport policy to fit the distributions need or are they to different to have a fits all 
> procedure. Perhaps the distribution should point out which backports to do?
>
> Best regards
> Anders
> ___________________________________________________________________________
> Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
> Archives:    http://www.wireshark.org/lists/wireshark-dev
> Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
>              mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
> ___________________________________________________________________________
> Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
> Archives:    http://www.wireshark.org/lists/wireshark-dev
> Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
>              mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe