Hi, On Mon, Dec 11, 2023, Robie Basak wrote: > On Mon, Dec 04, 2023 at 10:28:02AM +0100, Adrien Nader wrote: > > We talked about creating a new "openssl" package that is whatever the > > most recent version is (in universe, and probably with no ESM-guarantee > > attached somehow). This might need a bit of fiddling with packaging > > though and in any case, I've had absolutely no time to do that so far. > > Please note that this would be problematic for a number of reasons. > > If there's something more recent, then users start using it because it's > more recent. Then they are surprised when they find that it has security > caveats. This just leads to disappointment and frustration all round. > > We had this situation with MySQL in an LTS release many years ago, and > my conclusion following that was that we should never do it again. > > For this reason, I think it's unacceptable to concurrently ship > something newer in a given Ubuntu release unless it comes with all the > same quality commitments we make for the older version. > > > no ESM-guarantee attached somehow > > I don't speak for Canonical here, but also seems unworkable because how > would we describe ESM then? > > ESM* > > * except for packages X, Y and Z > > If you want to "ship" something like this, best be honest about it and > put it in a PPA IMHO. Then it'd be clear to users that it comes with > no/reduced quality commitments.
I've been holding off this for months now. I can't find a good way to make it because no matter what I can think of, I know some people will run with it long-term. Well, one way I had in mind was to introduce a time-bomb but I'm not happy with that either. It's an annoying situation because it also prevents people from actually testing new versions, APIs, and so on. But at the same time I really don't want people to believe this would somewhat be "official" and it seems some people would use it almost as such. We all know how things go in practice. So, lot of talks but not a single line of code nor a single command so far. Well, I'll try to get that discussion on release schedule going upstream. I had no time for that until now but it's sorely needed. -- Adrien -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
