On Wed, Apr 1, 2020 at 2:05 PM Christian Ehrhardt < [email protected]> wrote: <snip>
> I agree that we should promote the package as well. > Excellent! <snip> > @David: > - the package appears to get regular updates/fixes by the foundations team > - upstream releases ~quarterly > - it might be too late for the brand new 2020.04~rc4, but what is the > reason to not update to 19.10 or 20.01? > - Debian has 20.01 in testing and 20.04 in testing, so their speed is fast > - Is there an active maintenance and update policy in place or is it > randomly updated as needed? > This also ties in to why we haven't (yet) updated to 19.10: at present, most of the effort in Eoan and Focal regarding the Pi platform has been around the boot sequence (and in particular, ensuring compatibility of the hardware with it). Testing is at least partially manual (as the Pi 4 has proved incompatible with the hardware used in the lab to provide SD images automatically, leading to a labor-intensive process of flashing and changing cards for testing). Until the testing process can be automated, we're extremely reticent to change major components (due to the effort involved in re-testing) unless there's some tangible benefit in the new version. I'm not aware of an official update policy for the package, but I do keep track of the upstream releases and check the changelog on (non-rc-) releases (though unfortunately upstream's attitude to changelogs is "our changelog can be generated from our git log" ... which largely explains why I don't bother with the rc- releases; it usually takes a full day to trawl through the generated thing!) > - sometimes packages tend to be outdated by accruing to much delta that is > hard to rebase&maintain; It seems the packaging was split mid last year on > 2019.04+dfsg-2ubuntu1 and not rebase d since then. Might I ask about how > well upstreaming to Debian works (links to some examples would be nice). > I'd wan't to avoid that this package seems to be "ok now" but we can expect > it to rot away for the reasons that inhibit regular maintenance mentioned > above. > The bulk of our (and indeed Debian's own) delta appears to be for specific hardware support (e.g. pi4 in our case), or for customizing the configuration of u-boot to a particular distro (our other pi patches, and the nitrogen6x patch). The latter style of patches (configuration customization) I wouldn't expect to migrate because they'll be specific to Ubuntu (or to Debian as the case may be). The Pi4 code patches we apply to 2019.07 (d/p/rpi4.patch) have already made it upstream to the u-boot project (in 2019.10) so those should disappear on the next rebase. The rest of the Pi patches (d/p/rpi-board-dt.patch and d/p/rpi2-rpi3-config-tweaks.patch) have to do with customizing the default configuration for Ubuntu (the second style of patches that I wouldn't expect to migrate), as are the nitrogen patches. In other words, I don't think there's any delta we currently carry that a) hasn't already made it upstream or b) wouldn't be relevant to upstream. > To be clear I don't request to do these updates for Focal (it is too > late), but I'd want to see some reassurance that this is under control > and e.g. will get a rebase soon once 20.10 opens. > We should do, if only to get the reduced delta from the merge of the pi4 patches upstream. > Marking incomplete until this is clarified. > > Note: > If the above is ok (I assume it will be) we can hand over to security > since the old bug had no explicit security check as far as I can see and as > you outlined other binary packages of the same source have known CVEs I'd > want security to: > a) review for u-boot-rpi > b) state that it is ok to add this to main with known CVEs in other > binaries of the package (not that this might e.g. break their CVE tracking) > Sounds good! -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1869792 Title: [MIR] u-boot-rpi To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/u-boot/+bug/1869792/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
