[FreeBSD-Announce] Changes to the FreeBSD Support Model
Matthew Seaman
core-secretary at freebsd.org
Tue Feb 3 18:00:25 UTC 2015
Changes to the FreeBSD Support Model
-----------------------------------------------------------------------
Over the past several months, the teams responsible for supporting the
FreeBSD operating system discussed the current support model, and how
that model can be improved to provide better support for FreeBSD users
and consumers.
The changes below greatly improve FreeBSD support, reduce turnaround time
for Errata Notices and Security Advisories, provide consistency between
binary package sets and the underlying FreeBSD base system version, and
reduce the amount of time before new features are included in the official
FreeBSD binary package sets.
Changes Proposed in a New FreeBSD Support Model
-----------------------------------------------------------------------
The proposed changes include:
- Moving from a point release-based support model to a set of releases
from a branch with a guaranteed support lifetime.
- Resolving our arbitrary (and unofficial) 5-year branch lifetime
guarantee. The support policy is that the stable/X branch will be
supported for 5 years (minimum) from the point X.0-RELEASE is released.
We now guarantee a 5-year lifetime on the branch, regardless of how many
releases are built from the branch. Additionally, a "last minute"
release from the stable/X branch does not constitute expanding the support
lifetime for the branch as a whole for an additional two years.
- The Security Officer or Ports Management Team may extend support for any
individual numbered release or branch at their discretion, in
exceptional cases.
- A new stable/ branch release will not occur before two years after the
X.0-RELEASE from the prior branch. This limits the number of
simultaneous supported branches, which will greatly reduce the overall
number of branches that must be maintained and build-tested for
Security Advisories and Errata Notices, reducing turnaround time.
- Each new release from the stable/X branch deprecates the previous
release on the branch, providing a three-month window within which
consumers are urged to upgrade to the latest release. During this
three-month window, Security Advisories and Errata Notices will still
be issued for the previous release, as necessary.
How These Changes Benefit FreeBSD Consumers
-----------------------------------------------------------------------
These changes to the FreeBSD support policy will reduce turnaround time
for security advisories and errata notices, provide binary package sets
that are more closely aligned with the latest FreeBSD release from a given
branch, and clearly define the minimum length of time that a branch will
receive support.
When The New FreeBSD Support Policy Will Become Effective
-----------------------------------------------------------------------
These changes are planned to become effective with FreeBSD 11.0-RELEASE,
which is still a number of months away.
FreeBSD releases from earlier branches will continue to be supported in
accordance with the policy that was in effect at the time they were
released.
Deficiencies in the Current FreeBSD Support Model
-----------------------------------------------------------------------
- The FreeBSD support model is release-based, versus branch-based.
Specifically, we determine if a FreeBSD release will be a normal- or an
extended-support release in the final phases of the release cycle, while
in reality we have no way to determine how successful the release is
until weeks or months later.
- We do not clearly define how long the stable/X branch will be supported
after its creation. Since FreeBSD 5.x, we have historically supported a
stable/X branch for a minimum of five years after the X.0-RELEASE is
available. The length of time is not a defined policy, which can make
it difficult to decide which branch to track.
- The current support model prevents building third-party binary packages
for the most recent release from a stable/ branch because we must
provide packages that can be run on the oldest supported release from
the branch.
- Ports maintainers must support the oldest supported release on the
branch within the Ports Collection. This adds significant complexity to
the tree in general, but also prevents enabling new features by default.
An example is the upgrade to WITH_NEW_XORG where these features depend
on changes to the base system that are only available in X.Z-RELEASE.
- The support model can overlap in non-intuitive ways, making it difficult
to decide when evaluating FreeBSD features versus support timeframe from
any given branch. When changes to the support model were initially
being discussed, the FreeBSD supported releases were:
- 8.4-RELEASE: June 30, 2015
- 9.1-RELEASE: December 31, 2014
- 9.2-RELEASE: September 30, 2014
(Note that in this case support for the newer 9.2 release ends before
support for FreeBSD 9.1.)
- A new release from a branch automatically extends the support lifetime
by two years, minimum. If X.Y-RELEASE was initially planned to be the
final release from the stable/X branch, it is an extended-support
release by definition. If it is necessary to follow X.Y-RELEASE with
X.Z-RELEASE for any reason, we would have two concurrent
extended-support releases from the same branch in sequence. This has a
serious impact on the quality of an update when there are multiple
supported releases on a branch. The problem becomes worse when the
oldest supported release on the branch has a longer support lifetime
than the newest release on the branch.
Key Items Considered in Changes to the FreeBSD Support Model
-----------------------------------------------------------------------
Some of the things that should be included in a new FreeBSD support
model include:
- Guaranteeing, and explicitly stating, the support lifetime of the
stable/X branch as a whole, versus independently determining the
support lifetime of the individual releases from the stable/X branch.
- Providing package sets that are compatible with the latest release from
the branch, ensuring that new features introduced into the FreeBSD base
system can be enabled by default in binary package builds.
- Security Advisories and Errata Notices should be more aligned between
src/ and ports/. There is an endless list of edge cases with this
particular point, but consider a situation where a critical security
vulnerability is discovered, and the underlying code has changed between
X.Y-RELEASE and X.Z-RELEASE. In addition to the possibility of
regression in one (or both) of the supported releases due to subtle
changes in the security fix, it introduces potential delay in providing
the security fix as the number of supported releases increases. Each
supported release adds to the amount of time it takes for:
- 1) patching the vulnerability,
- 2) testing the patch,
- 3) verifying the patch is correct, and
- 4) building the freebsd-update(8) binary update bits.
If a problem is discovered at any time during step (4), procedure resets
to step (1). (It should be stressed that this is not due to lack of
hardware, but the order in which the various steps of issuing Security
Advisories and Errata Notices must occur.)
- Providing a support model that is easier more predictable and easier to
follow.
--
Matthew Seaman Core Team Secretary
matthew at FreeBSD.org core-secretary at FreeBSD.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 949 bytes
Desc: not available
URL: <http://lists.freebsd.org/pipermail/freebsd-announce/attachments/20150203/fced0795/attachment.sig>
More information about the freebsd-announce
mailing list