All: So, we're in the Wily development schedule. Now would be a perfect time to be merging in NGINX from Debian since they released an update. However, due to what they've actually uploaded, I want additional opinions.
As most are aware, NGINX in Ubuntu has a binary package now included in main, nginx-core, which has been in Main since 14.04. As such, it gets security updates, and could be included in the images if we so chose. We also have me providing bugfixes as I can, with my having upload privileges to upload direct and then loop in the SRU/Release team. The version of NGINX in Vivid (and Wily) is the NGINX stable 1.6.x branch of releases. What many may not be aware of, however, is that on April 21, 2015, the 1.6.x branch was deprecated, and is no longer supported by upstream. It was replaced by the NGINX 1.8.x stable branch, which is based off of the previous 1.7.x mainline branch, but is now stable. The mainline version was replaced with 1.9.x (currently 1.9.1). As Debian does, sometimes to my chagrin, they have 'switched' briefly to the Mainline branch and packaged 1.9.1 for Debian Unstable, which I'm told is something they do between releases of Debian. Unfortunately, that puts me in a very difficult position of having to decide the course of action for the future of the NGINX package in Ubuntu, specifically whether we continue to use Debian's packaging or use a separate Stable packaging from me, and I don't feel immediately qualified to make that decision on my own. From understanding of how Ubuntu handles releases, it's preferred to stay on 'stable' branches of software rather than rely on an in-development, new-features-available-each-update like branch for the software. Debian packages NGINX 1.9.x, which adds some complexity to my decision. While NGINX 1.8.x has all the features from NGINX 1.7.x (which has many new features not present in the 1.6.x branch), 1.9.x has many more features but is more 'actively developed', which leads to additional bugs. The following is the response I was able to get from the NGINX Product Manager on this, where I asked specifically about the release handling process of nginx, as well as a general description of projected next-major-version releases, as well as current development plans for 1.9.x and such: --- "The mainline release is our new-feature development stream, carrying an odd-numbered minor version. In parallel, we maintain a ’stable’ release with a lower even-numbered minor version. For example, the current mainline release is 1.9.x, and the stable release (1.8.x) was forked from this in April (http://nginx.com/blog/nginx-1-8-and-1-9-released/). Stable will be supported for one year, and will receive critical bug and security updates only. Every year, typically in April, we do the following: * End support for the current stable release * Branch the current mainline release to create the next annual stable release * Update the version number in the current mainline release to create the next annual mainline release There’s a description of the process here: http://nginx.com/blog/nginx-1-6-1-7-released/ In April 2016, we are likely then to release 1.10.x (stable) and 1.11.x (mainline) (or possibly 2.0.x and 2.1.x - we have not decided) New features planned for the mainline release in 2015/16 include support for HTTP/2 and a new dynamic modules architecture." --- Currently, I maintain the NGINX PPAs (see https://launchpad.net/~nginx), with both 1.8.x and 1.9.x branches in separate PPAs (1.9.x is pending a third party module actually providing an update to the module as a point release so we don't pull git head from them), and am comfortable enough with the system there to provide support for either and to package them, even if we package 1.8.x by hand and directly upload to the repositories and ignore merges in the interim, and just import changes from Debian case by case until they go back to the Stable branch of NGINX. However, as I said above, I need more discussion points on this, and more advice and input. The consideration point for this is a huge one, as it likely impacts both Wily now, and likely the next LTS (16.04). If we go NGINX Mainline, we must support 1.9.x and many new additionally developed features for both Wily, and likely the next LTS (16.04). We must also handle bugs that come from those additional features, some of which we won't easily be able to resolve. And as we know, an actively-developed branch is not necessarily the most stable. If we go NGINX Stable, we must manually build the package of 1.8.x, and nitpick Debian's changes on a case by case basis, and upstream fixes for security bugs and such. (I am comfortable enough building the package and updating the third party modules in the Universe-pocket binaries for code differences to build packages and manually upload them, as I have a 1.8.x code base in the PPA already that mirrors Debian's packaging, with some minor changes, and introducing the Ubuntu delta back in will not be exceedingly difficult.) So, that's the issue at hand. Note that I have put this item onto the Server Team's agenda, as I would like the server team's input on this with regards to making the long term decision, and I will not be choosing any hard option until the Ubuntu Server Team meeting on Tuesday. Please discuss, and let's see if we can come up with a decision that we can all live with. Thomas -- ubuntu-server mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-server More info: https://wiki.ubuntu.com/ServerTeam
