You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@subversion.apache.org by Ben Collins-Sussman <su...@red-bean.com> on 2005/11/23 20:01:25 UTC
freebsd subversion port
Dear Lev,
A few of us just learned that you published the subversion 1.3.0-rc2
tarball into the FreeBSD ports tree. I wanted to let you know that
this was a mistake, and to clarify why.
First, subversion 1.3 is not yet officially released. It has not been
fully tested and QA'd. The "rc" tarballs represent "release
candidates", which are betas released to the public purely for
testing. Because the quality of such tarballs is unknown, the release
candidates are not necessarily safe for public distribution or
deployment.
Second, you not only distributed a release-candidate tarball to
FreeBSD, but one which the developers *themselves* had not even tested
and voted on! This is doubly dangerous, since we hadn't even been
released the rc2 tarball to public testers yet.
My recommendation is that you change the port back to subversion
1.2.3, the latest stable release. In a few weeks -- after the public
testing period is complete -- it will be safe to distribute the final
1.3.0 release.
Thanks,
Ben Collins-Sussman, and some other svn developers.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Re: freebsd subversion port
Posted by Jim Blandy <ji...@red-bean.com>.
On 11/24/05, Peter N. Lundblad <pe...@famlundblad.se> wrote:
> Making the RC and the final tarballs not unique? And how do you handle
> this for the final release before it is signed?
I hadn't thought of that. You'd have to produce a distinct tarball
and have people re-sign it.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Re: freebsd subversion port
Posted by "Peter N. Lundblad" <pe...@famlundblad.se>.
On Thu, 24 Nov 2005, Jim Blandy wrote:
> One way to actually get people's attention would be to require people
> building the rc tarballs to pass an
> '--i-understand-this-has-not-completed-beta-testing' flag to the
> configure script. This wouldn't bother normal testers, since
> forgetting the flag would just produce a message telling you about the
> flag. But it would make confused people think. The help message
> could contain a URL of a release policy page explaining the issues.
>
Making the RC and the final tarballs not unique? And how do you handle
this for the final release before it is signed?
Thanks,
//Peter
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Re: freebsd subversion port
Posted by Jim Blandy <ji...@red-bean.com>.
One way to actually get people's attention would be to require people
building the rc tarballs to pass an
'--i-understand-this-has-not-completed-beta-testing' flag to the
configure script. This wouldn't bother normal testers, since
forgetting the flag would just produce a message telling you about the
flag. But it would make confused people think. The help message
could contain a URL of a release policy page explaining the issues.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Re: freebsd subversion port
Posted by kf...@collab.net.
Ben Collins-Sussman <su...@red-bean.com> writes:
> On 11/24/05, Malcolm Rowe <ma...@farside.org.uk> wrote:
> > > A few of us just learned that you published the subversion 1.3.0-rc2
> > > tarball into the FreeBSD ports tree. I wanted to let you know that
> > > this was a mistake, and to clarify why.
> >
> > Does this apply to Mandriva as well? ('cooker' has a 'Subversion 1.3.0'
> > package that's been through -rc2, -rc3, and -rc4, none of which have
> > actually been released).
>
> Yes, it applies to cooker as well. I'm not sure what cooker's policy
> is -- whether they consider it normal to distribute beta-test software
> or not. But even if they do, the fact still remains that the
> subversion project itself hasn't yet approved *any* 1.3 release
> candidates yet, even for testers!
It is almost *always* inappropriate for a third-party packager to
distribute Subversion release candidate tarballs to the public via the
packaging system, whether or not the RC has collected enough
signatures to be blessed as an official candidate.
The only exception I can think of would be if the entire distribution
is meant specifically for beta-testing upstream packages, and the
users of that distro are made aware of the dangers. And even in those
rare cases, a Subversion RC that hasn't collected enough signatures to
be an official RC is still off-limits; there are *no* exceptions to
that rule.
So packagers, please Don't Go There, okay? Can we be any more clear?
Subversion release candidates are for testing only. We might have to
withdraw one to fix bugs, and fixing those bugs might involve changing
APIs, or changing a soft-upgrade strategy in the repository or working
copy formats. If some of the distros users had begun depending on the
new API, or had unknowingly soft-upgraded their repository or working
copy, then they'd be in for a very unpleasant suprise when the real
release comes out and doesn't have the same API anymore, or doesn't
use the same formats. Not only would Subversion suddenly "stop
working" for them, but there wouldn't be any convenient path to get it
working again, since no blessed Subversion release would have the code
needed to interpret their legacy data.
We encourage RC testing by users who know how to install from a
tarball independently of their OS's packaging system. Those who stick
with a packaging system, however, should get only officially released
Subversions. Anything else is playing with fire. When the inevitable
blowup happens, both your reputation as a packager and Subversion's
reputation will suffer -- but only one will deserve it.
-Karl
--
www.collab.net <> CollabNet | Distributed Development On Demand
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Re: freebsd subversion port
Posted by Ben Collins-Sussman <su...@red-bean.com>.
On 11/24/05, Malcolm Rowe <ma...@farside.org.uk> wrote:
> On Wed, Nov 23, 2005 at 02:01:25PM -0600, Ben Collins-Sussman wrote:
> > Dear Lev,
> >
> > A few of us just learned that you published the subversion 1.3.0-rc2
> > tarball into the FreeBSD ports tree. I wanted to let you know that
> > this was a mistake, and to clarify why.
> >
> > [...]
> >
>
> Does this apply to Mandriva as well? ('cooker' has a 'Subversion 1.3.0'
> package that's been through -rc2, -rc3, and -rc4, none of which have
> actually been released).
>
Yes, it applies to cooker as well. I'm not sure what cooker's policy
is -- whether they consider it normal to distribute beta-test software
or not. But even if they do, the fact still remains that the
subversion project itself hasn't yet approved *any* 1.3 release
candidates yet, even for testers!
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Re: freebsd subversion port
Posted by Malcolm Rowe <ma...@farside.org.uk>.
On Wed, Nov 23, 2005 at 02:01:25PM -0600, Ben Collins-Sussman wrote:
> Dear Lev,
>
> A few of us just learned that you published the subversion 1.3.0-rc2
> tarball into the FreeBSD ports tree. I wanted to let you know that
> this was a mistake, and to clarify why.
>
> [...]
>
Does this apply to Mandriva as well? ('cooker' has a 'Subversion 1.3.0'
package that's been through -rc2, -rc3, and -rc4, none of which have
actually been released).
http://rpms.mandrivaclub.com/rpms/mandriva/devel//cooker/i586/media/contrib/subversion-1.3.0-2mdk.i586.html
I only ask because Helio did mention this on the dev@ list, and nobody
said anything. (http://svn.haxx.se/dev/archive-2005-11/1241.shtml).
Regards,
Malcolm
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org