On 6/28/20 7:59 PM, Sandro Tosi wrote:
>> Is anyone from the team opposing to this?
> Yes, i'm against your proposal.
>> If so, please explain the
>> drawbacks if the OpenStack team takes over.
> 1. you're personally attacking Ondrej, who is one of the very few
> members of this team doing team-wide work, and that should be enough
> to reject it
> 2. this is clearly an hostile take-over (even if you frame it as a
> proposal), and that should be enough to reject it
> 3. you propose to only update those packages every 6 months, i dont
> find it appropriate: OS is *just* another software we package for
> Debian; is it complex? sure, but it's not special, and it doesnt
> warrant any special treatment.
> 4. you clearly want to have sole and absolute control of the packages
> in the openstack-team, because what would happen if a os-team member
> will upgrade one of those packages (in good faith) and things will
> break? will they get another "well done! :( " email from you?
> 4.1. You wonder why Ondrey "stopped caring" about OS, if that's the
> case, i could see why
> 5. consolidating packages *into* the DPMT/PAPT gives a lot of
> benefits, f.e. people basically got "free" handling of the py2removal
> process; moving packages out is actually detrimental for the python
> ecosystem (at least that's my opinion).
> Thomas, this is not the first time your temperament and aggressive
> behavior is causing some troubles, please reassess how you interact
> and work with other fellow contributors.


I'm sorry if the tone was inappropriate. It probably was. Though it's
not *that* harsh toward Ondrej. At least, it's really FAR from the
hostile behavior he had toward me last summer during debconf, after I
fixed 40 Django RC bugs (due to Django python2 removal), for which I was
thank with threatens.

What I'm painting of what happened is the reality. Let me explain. In
OpenStack, we have this repository:


in this, you'll see the upper-constraints.txt file. This sets pinning
for the current release of OpenStack, which evolves at the same time as
the project. It's updated often during a cycle of 6 months before a
release, then it is frozen for the release. Right now, the stable/ussuri
branch matches what we have in Sid (so one should be looking at that).
Ondrej used to carefully check for this before doing any upload, as I
mentored him to do so. Now he apparently does not care anymore. Call it
personal attacks if you wish, I still don't think this is right.

When you write that:
> "OS is *just* another software we package for Debian; is it complex?
> sure, but it's not special, and it doesnt warrant any special
> treatment."

I don't agree with you here. Absolutely all of the other distributions
that include OpenStack are making sure that nothing breaks it by
careless uploads of not compatible releases of Python modules. Ubuntu
does it, Red Hat as well. Just in Debian, nobody cares but the
maintainers of OpenStack itself.

In fact, let me expand this further, because that's not the first time
I'm raising this issue: we do not threat Python libraries as candidate
for transitions enough, are countless uploads breaks the world of many.
One very good example would be Django, and in the past we had also
SQLAlchemy (though upstream got better for SQLA, so there's less
problems with that one). So yeah, OpenStack shouldn't have any special
treatment *IF* we care enough not breaking things when we update packages.

It'd be nice if we had a framework to be able to rebuild all reverse
build-dependency when we update a package. But currently, we don't have
such CI. If one volunteers to write it, probably we can find some
compute resources to make it happen. That's probably the way out, and
IMO we should really all think about it.

Now, please read what Jeremy wrote, and understand that these package
are really related to OpenStack. Given the fact that these packages are
tightly coupled with OpenStack, it does make sense.

Also, given how often Debian is released (every 2 years, these days?),
updating packages every 6 months doesn't seem that bad, especially if
you consider the set of packages that I'm talking about. They aren't
updated that often upstream.

Please take a step back and understand what's going on. What I would
like to happen, is making sure that things don't break, and currently,
this isn't the case with this set of packages. And this isn't the first
time. So I'm proposing to take measures to make this stop. If you feel
it's a hostile take over, then ok we shall find another way. But then
What is your proposal so that it doesn't happen anymore then?


Thomas Goirand (zigo)

Reply via email to