Maybe push them to both, if they've never been to testing? In other words, never skip testing. Sure, there will be some duplication of packages for a cycle or two, but eventually, they anything that's already in stable will be kicked out of testing, right? -- Bojan

The problem is with the current workflow, Bodhi doesn't know when a release is freezed. There is support for a "Freeze" state, but it was never used. Mattia

Kevin Kofler via devel wrote: PS: The "worst mistake" that can happen then is that if we push only testing to a non-frozen release for whatever reason, the update will be included in that testing push, and then move forward to stable in the next stable push. I do not see this as a real issue. Kevin Kofler

On Thu, Nov 10, 2022 at 05:16:44PM +0000, Mattia Verga via devel wrote: Thanks! To explain a bit to everyone the current workflow: * In non freeze times, we have a cron job that pushes "all pending updates" at 00:14 UTC every day. This is stable and testing for anything thats pending moving to a new state. * In freezes however, we have to disable the cron job and manually: - First push branched version updates-testing by itself. - Then push everything else (minus the branched version). This sucks, because it's manual, there's a hour or so wait for updates-testing to finish before we can do the rest, and you have to remember to list: --releases EPEL-9N,EPEL-7,EPEL-8,F36,F36C,EPEL-8M,EPEL-9,EPEL-8N,F35,F35M,F35C,F36M,F35F,F36F If we could just mark branched frozen and have it not push stable there (without specific builds, because we do still need to push stable requests through the freeze) that would be great. We could also actually note this in updates so people don't get confused why their update didn't get pushed stable. Yeah. ;( Thanks again for working on it! kevin

On Thu, Nov 10, 2022 at 18:55 Neal Gompa <ngompa13(a)gmail.com&gt; wrote: From what I can tell is that every time someone says that and then tries to fix it they find about 20 reasons why the code is not complex enough for all the corner cases and “obvious” requirements that people expect of it -- Stephen Smoogen, Red Hat Automotive Let us be kind to one another, for most of us are fighting a hard battle. -- Ian MacClaren

On 11/10/22 21:02, Gary Buhrmaster wrote: Time for some serious refactoring? -- Sincerely, Demi Marie Obenour (she/her/hers)

Stephen Smoogen wrote: Sounds like pretty much what I had guessed. ;-) So I think it would really help if Bodhi were to become more of an enabling tool and less of an enforcing tool again. Package maintainers have this wonderful organ between their ears that allows them to know better what is best for their packages than some piece of software, no matter how much complexity we force that software's maintainers to add to the latter. :-) Kevin Kofler

Stephen Smoogen wrote: Whenever something "bad" happens, people are always quick to jump to the conclusion that we need a law or rule banning the "bad" thing, no matter whether a rule is actually a workable way to prevent it. So we end up with overreaching laws banning even common activities, or with law texts so complex that everyone agrees they need to be simplified. In Fedora, we have had a handful bad updates making it to stable due to questionable decisions by some maintainers, and instead of simply telling those people to be more careful, we instead turned pushing Fedora updates into a bureaucracy that just keeps getting worse and worse when invariably bad updates keep slipping through because the complexity actually discourages good practice instead of encouraging it. (E.g., many maintainers enable automatic pushes because they need to wait so long to be allowed to push an update to stable that they would forget to push it manually. But automatic pushes are the most common source of bad updates making it through, and also for issues such as broken upgrade paths between releases (because one release happened to get karma sooner than the other).) So of course the answer is that we need even stricter rules, because the alternative would mean to admit a mistake and step back, which nobody seems to be willing to do. The original trigger for the update policy enforcement was actually an update that broke the bind DNS server, a package that ~99% of Fedora users do not even have installed. The response has always been a complete overreaction. Kevin Kofler

Gary Buhrmaster wrote: It is empirical evidence only. (When something bad was pushed to stable, I looked at how it happened, and more often than not, it was autokarma.) There is not much of an analysis that can be done because Bodhi does not retain historical data. Kevin Kofler

Kevin Fenzi wrote: That is also very anecdotal evidence though. And with only one exception (the broken dependency in celt), the updates in the above list above are all: * either updates that have made it through to stable despite being broken, in all cases since March 2010 (i.e., after the dnssec-conf one that was the trigger for the main Bodhi crackdown) despite (or even because of) the new update policies, (In other words, the strict rules have NOT prevented the breakage in stable. At least in one case (the 2014-03 one), you have explicitly documented autokarma as the cause for the breakage: "User:Adamwill noticed several cases where updates had been submitted to stable despite a valid AutoQA test failure, usually not via a manual push but via karma automatism.") * or critical updates that have not made it through to stable in a timely manner, usually because of the karma requirements. (In other words, those issues were directly CAUSED by the strict policies!) And this list is by no means complete. I remember way more bad updates and delayed updates (sometimes even together: bad update gets through instantly through autokarma, the regression fix is stuck in testing for days, because the testers just did not care about and/or were unable to test the regressed use case), too many to write down a list like this (and indeed, I have no such list). Your list has only the worst failures of the bureaucratic update policy. That was one of the issues that had triggered a perceived demand for stricter rules, but the Bodhi crackdown was actually implemented only starting from March 2010, after the dnssec-conf update (which was pushed directly to stable, as was still allowed in February 2010). The D-Bus one actually affected a large range of users, but it had a trivial workaround (update from the CLI, i.e.: su -c "yum update" – yum because DNF was not a thing at the time). The dnssec-conf one affected only a very small percentage of Fedora users, because most users do not run their own DNS server software. (Not even most domain owners, because name servers are typically provided by the registrar.) None was as catastrophic a failure as the mob for stricter rules had painted them. But you do not have a list proving that. (The list you linked to is not it, because I see only exactly one entry in it where a bad update did not make it beyond testing, the 2010-07-02 celt one.) And even if you had one, it would not prove that the maintainers would not have used updates-testing the intended way without being forced to by software. What I have seen (and no, I do not have a list either) is updates making it through (due to karma or because the 7 or 14 days just ran out without anybody bothering to test them) to stable causing a bad regression, and then the regression fix needlessly sitting in testing for up to two weeks, instead of being pushed directly to stable to undo the breakage. Not only does that delay the fix for those users unlucky enough to get the bad update, but it also largely increases the number of affected users, because many users do not update daily and might not have noticed the regression if the fix had been pushed the next day rather than 1-2 weeks later (window of exposure). In some cases, I was the maintainer that was unable to push the regression fix out any sooner due to the rules, so I definitely know that the rules are to blame. (And before the rules were enforced, I had always used direct stable pushes to fix regressions, leading to happy users.) Due to the window of exposure effect, 7 regressions slipping through, each fixed the next day with a direct stable push, are not necessarily worse than 1 regression slipping through (the other 6 having been prevented by the rules), fixed only 7 days later due to the update rules. And in practice, the testing is far from catching 6 bad updates out of 7. A lot slips through, because testers are unable to test, e.g., library packages exhaustively. I think it is a good idea, under some conditions (critical regression or security fix, entirely new package, or package that was previously uninstallable or unusable). When stable is actually open for pushes. Of course it does not work during a freeze, which (together with the fact that karma thresholds can be reached even before the updates reach testing, leading to a special case in which direct stable pushes are actually still possible after all) is the issue that started this thread. But that should be solved the way I already mentioned (automatically divert the push to testing instead, but keep the update queued for stable so it goes out as a 0-day update as soon as the freeze lifts). Kevin Kofler

Kevin Fenzi wrote: So Bodhi will continue to become more and more unmaintainable due to piling up more and more complicated rules that it needs to enforce, and obvious defects such as the one that started this thread will never get addressed. It is really sad that you are not willing to open your eyes and see the amount of damage that this dead-end policy has caused and is still causing. Kevin Kofler

Stephen Smoogen wrote: Kevin Fenzi is currently a member of FESCo (see https://docs.fedoraproject.org/en-US/fesco/) and has been in that role for years. So pushing the blame off to "someone else" is not going to work. And I have brought this issue to FESCo (which is where most of the update policies came from, not FPC or the Council) more than once. Usually, it was not even brought to a vote. And whenever there was a vote about the issue, it was always in favor of either the status quo or even stricter rules. And that is exactly what I am disputing, that they are listening to what packagers expect. Because it can surely not be the packagers' wish to have some piece of software stubbornly dictate that no, that package can not be pushed to stable now because it reached testing only 6 days, 23 hours, 59 minutes and 59.999999 seconds ago. (I believe the timestamps in Bodhi have microsecond resolution internally. They used to be displayed that way, at least.) Nor can it be in the interest of the Bodhi developers to have to maintain all that complex logic: you pointed out yourself that "what happens is that you will get into about 1/3rd of the way into it and find you have now to add a bunch of new requirements" – surely that is not what the developers expect. If by "general guidance" you mean skyrocketing requirements, then I agree. Otherwise, I don't, sorry. See above, you admitted yourself that the requirements keep increasing all the time, forcing a major refactoring. These days, even Rawhide (!) gets forced through Bodhi, though with an entirely different workflow (but in turn, that means the Bodhi developers get to maintain 2 completely different workflows with completely different rules). That is something Bodhi was never designed for. And the policy changes that have been made for Rawhide over the years have also changed things for the worse: It used to be that you were able to just do development in Rawhide, without having to bother about broken dependencies (which would just show up in the daily dependency report and get fixed there: I remember provenpackagers, mainly Alex Lancaster and me, mass- rebuilding packages to fix broken dependencies; Rawhide composes did NOT fail due to broken dependencies at the time, the deliverables that failed to compose would just be missing that day), upgrade paths (from Rawhide to Rawhide, really no reason to not just let the users use distro-sync there and allow the version to go backwards; upgrade paths make sense only for releases), test failures (Rawhide was expected to be broken, as is normal), etc. Now we just make life harder for everyone, both package maintainers and Bodhi developers, for no reason. Kevin Kofler

Neal Gompa wrote: IMHO, the main reason the Bodhi code is so complex is because of all the policy that it enforces: karma (counting), update policies (minimum karma/time), critical path, autopushes, gating (automatic QA), … If we would just let Bodhi do what the maintainer asks in the common case (i.e., no karma, no autopushes, no gating, just two buttons "push to testing" and "push to stable" that the maintainer can click at any time, as Bodhi was initially designed), it would be a lot easier to implement those few special cases that are actually needed, such as freezes. Kevin Kofler

On Wed, Nov 16, 2022 at 05:37:07PM +0000, Mattia Verga via devel wrote: Awesome. No, I think it's a implementation detail that makes things better for releng, but has no end visible changes, so no need to run it by FESCo. kevin

Il 17/11/22 18:10, Adam Williamson ha scritto: Hello Adam, as soon as the last batch of PRs I submitted are merged, I plan to ask @abompard (or whoever is taking care of Bodhi now) to draft and deploy the new version. I can take care of drafting the new version, if they agree, but then someone has to deploy it to stg/prod, as I'm not part of infra-sig and I don't know ansible/OC. My wishes are to have the new version with the new features land in prod early now, so that if a bugfix release is needed it can be deployed before the next freeze and that releng can adjust their SOP to start using the 'frozen' release state in the next release cycle. I'll keep you posted. Do you need any other change about gating pushed before the next release is drafted? Mattia

@kevin I've announced on Bodhi matrix channel that I was planning to draft the new release, but since I received no response I've pushed out Bodhi 7.0.0. I have followed the SOP at [1] and bodhi-* RPMs are now available in both f37-infra-stg and f36-infra-stg. Tests run smoothly in F37, so I think it's ok to move bodhi-backend on it. Can you take care of running the playbooks on staging so that we can start testing the new version? Mattia [1] https://fedora-infra.github.io/bodhi/develop/developer/releases.html#depl...

On Fri, 2022-11-18 at 08:10 +0000, Mattia Verga via devel wrote: Thanks! I'll work with nirik on the deployment part. I don't need any more changes merged (at least, I hope I didn't forget anything), everything I had planned for Bodhi side has been merged; further changes will be to our ansible configs and then the openQA scheduler. -- Adam Williamson Fedora QA IRC: adamw | Twitter: adamw_ha https://www.happyassassin.net