Many of you already know we hit a bug when CentOS 7.4 was released, few days a ago ([SOLVED] CentOS 7.4 (1708) - Shared folder access).
Usually, upstream updates are really well tested and can be considered trusted, but 2 times in 6 NethServer releases, an upstream update broke a NethServer functionality.
During the NethServer Conference, we discussed about this issue during an awesome round table: many ideas came up and I would like to share with anyone and gather more feedback.
The goal is to have clearer (maybe newer) update policy for NethServer 7.4.
We identified some main goals.
- Even if upstream updates can be trusted, It’s better to test packages twice if they can impact end users: two test phases are better than one
- The responsibility of updates release should be shared among the community
- We need to identify a list of well known hot points to check on every minor release (example: shared folder authentication, web proxy, etc)
We also proposed a couple of solutions.
- (Short term) The administrator should be able to choose the upgrade policy of its own server:
fast: receive all updates as soon as possible; useful for environment where security is most important like firewalls - This should be the default configuration
slow: receive updates after a grace time period (maybe a couple of weeks); during this time the QA team will do more tests and can block update release if an issue has been found
- (Long term) Create automated tests for a selected set of hot points
- (Short term, an idea that came out this morning by Davide) Include @stephdl yum-cron module inside the core and add there the option to enable the fast or slow updates
Related past discussions: