The first two messages in this thread were dropped by the vger mailing
list for some unknown reason.
In an attempt to make the mailing list archives of this thread
complete, the original two messages in this thread are included below.
-Kyle
---- BEGIN FIRST MESSAGE ----
From: Kyle J. McKay <mackyle@xxxxxxxxx>
Date: February 24, 2015 09:16:05 PST
To: Junio C Hamano <gitster@xxxxxxxxx>
Cc: Git Mailing List <git@xxxxxxxxxxxxxxx>
Subject: Any chance for a Git v2.1.5 release?
Message-Id: <C5211E53-8905-41C9-9D28-26D7BB51E76A@xxxxxxxxx>
Content-Type: text/plain; charset=US-ASCII; format=flowed; delsp=yes
As you know, I help out with repo.or.cz. Recently the admins have
been discussing upgrading the version of Git we use in order to
support newer features such as pack bitmaps. While we do use a
slightly customized gitweb, we have always stuck to an official Git
release for everything else.
Repo.or.cz provides fetch (git, http, https, ssh), browsing (gitweb)
and push (ssh, https). Additionally, created repositories can be
mirrors (no push allowed) of other repositories (including svn via git-
svn). Email notification of ref changes (along with diffs) can also
be requested.
We are finding that in order to upgrade Git at this point we would
need to build a custom Git with cherry picked fixes for various issues
that have come up or they would likely be triggered by one of the
services repo.or.cz provides. In addition, as there are numerous
reports of an unresolved issue with git-svn starting with v2.2.0
upgrading to v2.2.0 or later presents a problem since we have several
mirrors that rely on git-svn.
Which brings us back to the subject of this email, is there any chance
for a v2.1.5 release?
After reviewing a few release dates:
2011-06-26T12:41:26-07:00 v1.7.6
2012-02-05T23:51:07-08:00 v1.7.6.6
2013-11-27T12:14:52-08:00 v1.8.5
2014-02-13T13:42:01-08:00 v1.8.5.5
2014-02-14T11:36:11-08:00 v1.9.0
2014-05-30T10:15:10-07:00 v1.9.4
2014-05-28T11:04:29-07:00 v2.0.0
2014-07-30T14:20:01-07:00 v2.0.4
2014-08-15T15:09:28-07:00 v2.1.0
2014-10-29T10:48:57-07:00 v2.1.3
2014-11-26T13:18:43-08:00 v2.2.0
2015-01-12T14:06:20-08:00 v2.2.2
2015-02-05T13:24:05-08:00 v2.3.0
(I have omitted the dates of the 5 security releases on 2014-12-17 as
that seems like an extraordinary event unlikely to be repeated.)
It appears that the average support lifespan of a Git release from
initial release date through last released maintenance update is
approximately 2-3 months with the 1.7.6 release being an exception at
a little over 7 months.
If a v2.1.5 release is out of the question, would it be possible to
periodically designate certain Git releases as "long term support"
releases? Meaning that they would receive maintenance updates (e.g.
fixes for invalid memory accesses/crashes, regressions or security
issues) for an extended period of time, say at least 6 months?
Here's the analysis that led to this request:
Goal 1: add support for symref=HEAD:refs/... capability
Goal 2: add support for pack bitmaps
Nice to have: The CVE-2014-9390 fix, but repo.or.cz does not create
any working trees so it's not mandatory.
Goal 1:
symref=HEAD:refs/... requires at least Git 1.8.4.3. However,
repo.or.cz runs git-daemon with read-only access to the repositories
and since Git 1.8.4.2 shallow clones require write access.
This was corrected in v2.0.0. So at least v2.0.0 would be needed for
symref=HEAD:refs/....
Goal 2:
Pack bitmap support was added in v2.0.0, but it's probably not a good
idea to run without 21134714 (pack-objects: turn off bitmaps when we
split packs) just in case which requires at least v2.1.3.
Nice to have:
If at least v2.1.3 is required, then we might as well use v2.1.4 since
the primary change from v2.1.3 to v2.1.4 is the addition of the
CVE-2014-9390 fix.
What about a later release, v2.2.0 or later?
git-svn is reported to suffer from occasional ".git/
Git_svn_hash_XXXXXX: Bad file descriptor" errors since v2.2.0 making
that a non-starter. No fix is currently available in the Git
repository.
Since 660c889e (sha1_file: add for_each iterators for loose and packed
objects) loose objects in alternates directories may not be found when
pruning. This affects v2.2.0 and later. A fix is currently in
master. This is an absolute must have for repo.or.cz as alternates
are used to implement repository forks.
Since d38379e (make update-server-info more robust), affecting v2.2.x,
the files used by non-smart HTTP clients could have the wrong
permissions. This might preclude them from being updated correctly on
repo.or.cz. It would require research to see if repo.or.cz is
affected. The fix for this d91175b2 (update-server-info: create info/
* with mode 0666) was released in v2.3.0.
So why not v2.1.4 then?
There's an XDL_FAST_HASH performance regression that affects v1.7.11
and later [1]. But that can be turned off in config.mak.
New repositories have an extra +x on the config file since v2.1.0
(fixed in v2.2.2), but we can compensate with a chmod after creating a
new repository.
Git blame has a crashing regression since ea02ffa3 (mailmap: simplify
map_user() interface) that affects v1.8.2 and later. The fix is
currently in master. repo.or.cz enables blame in the gitweb interface
so that would be a serious regression.
There's an issue with ungetting EOF. That would seem unlikely to
affect repo.or.cz, but, I wonder if any of the displays used by gitweb
could trigger attempts to read a .mailmap or .gitattributes blob? I
don't know. Would require research to be certain or just picking up
the fix which is currently in master.
There's a decimal_width overflow regression since dc801e7 (diff --
stat: use less columns for change counts) affecting v1.7.11 and later
that can lead to an infinite loop in some cases. Presumably either
gitweb or the diffs sent out by the ref update email notification
mechanism could trigger this. A fix is currently in master.
There is a regression since v1.7.1.1 where a fetch from a non-smart
HTTP source could potentially fail to retrieve the correct objects.
As repo.or.cz has several mirrors set up from non-smart HTTP sources a
fix for this (currently in master) would be nice but is probably not
mandatory since repo.or.cz is currently running a version of Git with
this regression and has not received any reports of failures that
could be related to this.
Since fbd4a703 (list-objects: mark more commits as edges in
mark_edges_uninteresting) affecting v1.8.4.2 and later combined with
200abe74 (list-objects: only look at cmdline trees with edge_hint)
affecting v1.9.0 and later there is a performance regression when
pushing with lots of refs to non-shallow repos. The fix 2dacf26d
(pack-objects: use --objects-edge-aggressive for shallow repos) was
released in v2.3.0.
-Kyle
[1] http://thread.gmane.org/gmane.comp.version-control.git/261638
---- END FIRST MESSAGE ----
---- BEGIN SECOND MESSAGE ----
From: Junio C Hamano <gitster@xxxxxxxxx>
Date: February 24, 2015 11:52:03 PST
To: Kyle J. McKay <mackyle@xxxxxxxxx>
Cc: Git Mailing List <git@xxxxxxxxxxxxxxx>
Subject: Re: Any chance for a Git v2.1.5 release?
Message-Id: <xmqqk2z7qe8s.fsf@xxxxxxxxxxxxxxxxxxxxxxxxxxx>
Content-Type: text/plain
Kyle J. McKay <mackyle@xxxxxxxxx> writes:
Which brings us back to the subject of this email, is there any chance
for a v2.1.5 release?
...
It appears that the average support lifespan of a Git release from
initial release date through last released maintenance update is
approximately 2-3 months with the 1.7.6 release being an exception at
a little over 7 months.
That matches my expectation.
A typical cycle lasts for 8-12 weeks, and during that time, topics
that are bugfixes that have graduated to the 'master' branch are
merged to the 'maint' branch with some lag and then the tip of
'maint' gets tagged as a maintenance release from time to time.
Some important but trivial fixes are further merged to older
maitenance tracks like 'maint-2.2', 'maint-2.1', etc.
But these topics downmerged to older maint-* branches have to be
very trivial for an obvious reason: there are only 24 hours a day
and 7 days in a week, and bugs that affect real world use cases are
found by using the software in real world use cases. Usually I use
something a bit ahead of 'next' exactly for this reason---we would
want to catch bugs before topics are merged to 'master'. Although I
sometimes have "let's use 'maint' for my work" day once or twice
every month, I cannot afford to do that for anything older than the
tip of 'maint' myself.
The consequence of the above is this. v2.1.1 may be more stable
than v2.1.0 and v2.1.2 may be more stable than v2.1.1, but later
tagged versions on older maintenance tracks are made by merging
topics only after "ah, these are obvious enough" eyeballing without
real use (at least by me), once newer feature release is made and
there is a newer maintenance track. I would not be surprised if
v2.1.5, if it is made, has hidden interactions between the changes
since v2.1.4 and the older codebase to cause unforeseen bugs.
When I say "the tip of 'master' is meant to be more stable than any
tagged versions", I do mean it.
Having said all that, if I were to tag maint-2.1 branch as 2.1.5
today, we would have
6aaf956 is_hfs_dotgit: loosen over-eager match of \u{..47}
that does not exist in 2.1.4. Is that what you want?
If a v2.1.5 release is out of the question, would it be possible to
periodically designate certain Git releases as "long term support"
releases?
I can designate ;-), but I do not think I'd be the right person to
maintain or long-term-support it. Are you volunteering to oversee
the "LTS team"? It would involve:
- Monitor "git log --first-parent maint-lts..master" and find
the tip of topic branches that need to be down-merged;
- Down-merge such topics to maint-lts; this might involve
cherry-picking instead of merge, as the bugfix topics may
originally be done on the codebase newer than maint-lts;
- Use the tip of the maint-lts branch in everyday work.
The last item is the most important of the above, because I do not
have time for that. I can help with the first two to some degree,
though.
If the lts releases need to be tagged and published by me, then lts
team can have me pull from the tip of maint-lts they are confident
with and have me sign it and push it out.
If the primary concern you have with the currently maintained
releases is git-svn, perhaps a better way forward for you,
especially if you are willing to maintain your own "release plus
patches", might be to keep a patch that reverts recent git-svn
changes back to v2.1.whatever and deploy the up-to-date release
and that patch on top?
Nice to have: The CVE-2014-9390 fix, but repo.or.cz does not create
any working trees so it's not mandatory.
Even if you do not have a working tree, people who use you as the
meeting place and push into you and fetch from you do, so I do not
necessarily agree with your assessment.
---- END SECOND MESSAGE ----
--
To unsubscribe from this list: send the line "unsubscribe git" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html