On 3/18/19 10:39 AM, Tom Rini wrote: > On Mon, Mar 18, 2019 at 03:32:17PM +0000, Richard Purdie wrote: >> On Mon, 2019-03-18 at 10:46 -0400, Tom Rini wrote: > Agreed on all parts. > > What I was hoping to ask / discuss is, should we go with "assume > upstream stable branch works for us unless proven otherwise" OR "assume > upstream stable branch DOES NOT work for us unless we research first". > I believe Ross is saying we should do the second thing, and I am saying > we should do the first thing.
I'd say there is a middle group. "Trust but verify." Trust means assume the former, "upstream stable means stable." The verify is the experience of our maintainers, as well as the changelog stable to stable versions, CVE information, what other distro maintainers [with similar guidelines] are doing, etc. I don't believe there is one rule either way, but I do believe that there is a general rule we can and should follow, with guidelines on verifying and monitoring that the rule is working in individual circumstances. And no matter what the project is, someone is going to 'break' a stable upgrade so the policy needs to accommodate that as well, how do we catch it -- how do we roll back or fix it? (Note these answers may not be thing the project does, but contributors of the project as they do their own private QA and monitoring activities.) --Mark
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Openembedded-architecture mailing list [email protected] http://lists.openembedded.org/mailman/listinfo/openembedded-architecture
