[pkg-boost-devel] Upload of Boost 1.38

Steve M. Robbins steve at sumost.ca
Wed Mar 11 05:29:51 UTC 2009 

Hello Adeodato et al.,

On Tue, Mar 10, 2009 at 09:31:39PM +0100, Adeodato Sim?? wrote:

> I have a couple concerns with your proposal, though. Let me start the
> first of these with a question: given a new version of boost, eg. 1.38,
> how likely is it that a package will rebuild just fine against this new
> version? In other words, what percentage of packages are expected to
> rebuild without changes?

That's a great question.  The answer is "it depends".  Boost contains
a large number of libraries, some of which (e.g. smart_ptr) are
basically stable and haven't changed in years, while others are more
of a work-in-progress and undergo API changes.  So it depends on what
part of boost a given package is using.

As another data point: before we (the Debian Boost packaging team)
adopted the strategy of multiple versions, I asked this question to
the Boost list:

	In practice is there a large amount of work adapting existing
	client code to a new release? I'm asking in order to gauge
	whether it is useful for a linux distribution (Debian) to keep
	multiple versions of Boost available simultaneously;
	e.g. 1.34.1 and 1.35. Currently Debian provides only the
	latest version of Boost.

  c.f. http://lists.boost.org/Archives/boost/2008/03/135212.php

That elicited 3 responses from library users:

  1. Not if you can recompile the client code.  Usually.
  2. I have found that modifications, most minors, in user code are
     very common when switching boost version.
  3. I think Debian (and other distributions) must keep multiple
     versions available.

I'll count that as 2.5/3 responders suggesting that some level of
source code modification is common when switching to a new Boost
release.


> If [no source changes are necessary for most boost-using packages], 
> the need for sourceful uploads should
> be minimized. For that, I???m going to recommend that you adopt for boost
> the common idiom in Debian for these situations, a "boost-defaults"
> source package.

  [...]

> So, say we???d have all of the archive build-depending on the unversioned
> names and built against boost 1.38, and then boost 1.39 comes along and
> gets uploaded as boost1.39. After which, boost-defaults gets uploaded??
> to point the unversioned names to the 1.39 versions, and then,a Bin-NMU
> campaign can begin.
> 
> In the best scenario, no package fails to build against boost 1.39, and
> boost 1.38 can be removed right away. Of course, we all know that???s not
> going to happen: there are failures, for which bugs at RC severity will
> be filed. Now, each of these bugs is very easily fixable by just going
> back and build-depending on libboost-date-time1.38-dev, etc., instead of
> the unversioned names. Or, with a bit of poking, maybe porting is
> trivial, or a new upstream version exists, etc.
> 
> Note that, of course, we???re trading severity:important bugs (???Please
> update your package to boost1.39???) for severity:serious ones (???Your
> package FTBFSes with the boost in unstable???), which is a trade-off to
> consider very carefully. I think it???s worth it if the number of RC bugs
> is going to be small. But let me tell you, if we go with the
> severity:important bugs, I???m pretty sure you (the boost maintainers)
> will have to do a lot of NMUing to meet your ???only 2 boost versions in
> the archive??? objective.
> 
> Additionally, we can just be smart and not bump boost-defaults to point
> at the new version immediately after it???s uploaded to unstable. You
> could (or ask Lucas to) rebuild all reverse-dependencies with a local
> version of the new boost-defaults, and see how many fail, and agree with
> us (the Release Team) what to do next. (I say agree with us, because
> depending on the stage of the development cycle, and/or the state of
> unstable, it may be wiser to do one thing or the other.)
> 
> So, please let me know what you think of this recommendation, particularly
> if you can think of any reasons it would be less appropriate than your
> initial proposal.

I think it is a great adjunct to our initial proposal.  I have had a
couple of Debian package maintainers ask to keep the unversioned -devs
precisely because they know that their package uses only the stable
core of Boost (e.g. smart_ptr).

Let me now ask you how transitions from sid to testing will work in
this scenario.  

One of the biggest issues with our previous strategy of having a
single boost source package is that boost (a) uses other complex
libraries like ICU and now MPI, and (b) complex libraries like KDE use
boost.  So a new version of boost in sid often got entangled in
transitions with other large packages like ICU, KDE, Qt, and the like,
leading to a long delay before reaching testing.

Naively, it seems like the same issue will reappear with the
boost-defaults package.  Let's say we upload boost-defaults with a
change from 1.38 to 1.39 and some packages fail to build against the
new version.  If I understand you right, the *build-deps* get a FTBFS
bug.  Wouldn't one such bug be enough to keep boost-defaults from
transitioning to testing?  If so, wouldn't that be enough to keep
boost1.39 from transitioning to testing?

You also propose a strategy of not updating boost-defaults
immediately, but investigate locally the reverse deps to see how many
fail to build.  That sounds like a mechanism where we could upload
boost1.39 and let it transition to testing while fixing all reverse
deps that fail to build.  Then update boost-defaults only after all
rdeps are fixed.  Is this a reasonable proposal, or would it be
frowned upon?  Note that one of our (unstated) goals is to get a new
boost into debian testing without undue delay; i.e. without getting
entagled in rdeps build problems.

What would the release team recommend doing in the general case?



> My second concern is related to the objective of keeping only two boost
> versions in the archive (well, in testing/unstable). As I said, this is
> a very desirable objective, and I???d really appreciate if we would not
> let it slip. When thinking about reasons why it could slip, it
> immediately comes to mind the situation where you have, say, boost 1.37
> and boost 1.38 in the archive, with most packages using 1.38 but a
> handful still at 1.37. Then boost 1.39 gets released and... what do you
> do? The interesting point is that those packages at 1.37 were not
> updated to 1.38 for a reason, most likely that they required porting and
> upstream was not ready. What if that???s still the case?

I agree that this is a concern.  To add to it, note that Boost
adopted, about a year ago, a policy of quarterly releases and they
have maintained that schedule in 2008.  Boost 1.39 is due out on May 1.
Keeping to just 2 Boost releases in Debian will be a challenge
indeed.  How do you feel about 3 or 4 releases (a year's worth)?


> Here, we mostly need your expertise in the area to determine how
> feasible it would be to just do the work of porting those apps to 1.38
> or even better 1.39, and if you think it is acceptable for you not
> uploading (to follow with our example) 1.39 to unstable until all 1.37
> applications have patches porting them to either 1.38 or (preferably)
> 1.39, and if you???re volunteering to do the porting job, or help the
> maintainers do it themselves with a bit of help.

I would suggest that the restriction to 2 versions of Boost would be a
goal for Debian/stable rather than for sid.  So in the scenario at
hand, I'd upload 1.39 to sid and encourage the packages using 1.37 to
port to 1.39 directly, skipping 1.38.  I don't know how to do that
without providing 1.39 in sid for them.  If you want to be strict
about 2 versions in sid, I guess you could remove 1.37 immediately
after the 1.39 upload and really cause them FTBFS.  I wouldn't choose
the strict policy myself.

As to the question of who will do the porting work, I'll be frank: it
won't be me.  I'll help out where I can, but I have a limited time for
Debian each week and am already overstretched.  I won't speak for the
rest of the Boost team, except to note that the Changelog will show
that for the past 7 years there has been only one active maintainer at
a time, alternating between Domenico Andreoli and myself.  There's
not a lot of spare cycles here; help is more than welcomed!  :-)

I'm open to release team suggestions on how to keep boost to a
reasonable number of versions, and what that reasonable number is.

Clearly, the strategies will depend on how much breakage is
encountered in a typical Boost relase.  As indicated, I don't have a
good handle on this.  I think that your proposal of boost-defaults --
especially the strategy of locally trying to build rdeps -- will help
to answer this question in the context of Debian packages.  So that
seems to me to be a good way forward.

Cheers, and thanks for engaging on this,
-Steve
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists.alioth.debian.org/pipermail/pkg-boost-devel/attachments/20090311/281d66c4/attachment.pgp

More information about the pkg-boost-devel mailing list