| 4 Jun 2021 |
 andi- | philipp: what makes you think that sticking to the Debian model is easier? Usually upstreams provide new versions (or patches for the latest versions). I think we need less actual work right now than we would need if we used older versions. Sure, we could pick patches from Debian but that would establish a dependency on them actually updating before us. | 15:46:19 |
 philipp | It's less about making it easier and more allowing for longer support intervals. | 17:40:38 |
 ris_ | quite a few security-related PRs needing review right now | 17:46:00 |
| ris_ | i think it's an interesting idea philipp i'd just wonder how much the result would end up disconnected from our non-LTS branches. andi- patches can certainly flow both ways between the two projects. i know some of my backport patches have made it back into debian | 17:49:44 |
| ris_ | i'd quite like to lure debian developers over to our side because i get the impression that debian's processes and infra for maintaining packages is a nightmare | 17:51:38 |
| ris_ | like, versions of things all over the place, separate source trees, the security team not pushing their patches to sources.debian.org or the package maintainer's source control 😰 | 17:53:25 |
| andi- | I still don't see our gain adding patches to old libraries instead of bumping them - as long as the dependencies don't break. We do not have to retain ABI stability as we are a) rebuilding all depenndencies b) have a proper build system that covers a) :) | 17:54:35 |
| ris_ | well... what is "our" in this case? are "we" just a bunch of people who have self-selected as people who don't care about supporting old software? | 17:56:13 |
| ris_ | there is certainly a need for LTS, otherwise it wouldn't exist | 17:56:30 |
 Sandro | In reply to @philipp:xndr.de
It's less about making it easier and more allowing for longer support intervals. If we find more people which have an high interest in doing that or commercial support we can do that.
Or when we are bored but in my opinion we are not at that level yet. We have enough things to do and supporting more versions is a lot more work. | 17:57:11 |
| ris_ | otherwise my organization wouldn't be paying $x,000 to canonical for continued support of 16.04 | 17:58:03 |
| ris_ | yes i still see it as a "one day" thing | 17:58:27 |
| Sandro | Also if I am rocking unstable or even master or Sid on the Debian side that won't work well together | 17:58:41 |
| ris_ | i'd quite like that "one day" to be relatively sooner personally but 🤷♂️ | 17:59:08 |
| Sandro | In reply to @r_i_s:matrix.org
well... what is "our" in this case? are "we" just a bunch of people who have self-selected as people who don't care about supporting old software? I personally don't care to much about old software | 17:59:37 |
 Alyssa Ross | perhaps people this is important to could start maintaining this outside of Nixpkgs, as an alternate Nixpkgs tree or an overlay. | 18:00:28 |
 ajs124 | isn't that what flying circus does? | 18:00:52 |
| Sandro | In reply to @r_i_s:matrix.org
otherwise my organization wouldn't be paying $x,000 to canonical for continued support of 16.04 If you have a lack of monitoring, backups and testing updating can be quiet scary | 18:01:11 |
| Alyssa Ross | this would be different enough to Nixpkgs in its current state that it might make sense for it to be "nixpkgs-lts" or something | 18:01:12 |
| ris_ |
If you have a lack of monitoring, backups and testing updating can be quiet scary
it's... much more complicated than that, but yes it's a bad place to be
| 18:02:40 |
| andi- | In reply to @andreas.schraegle:helsinki-systems.de
isn't that what flying circus does? Yes, they are doing something similiar. I am not sure what the scope of their "security" coverage is but perhaps most famous packages. | 18:04:30 |
| ris_ | i need to go shopping now... go, review some security PRs, people... | 18:05:53 |
 asymmetric | In reply to @andreas.schraegle:helsinki-systems.de
isn't that what flying circus does? do you have more info about this? my company might be interested | 18:06:33 |
 hexa | https://flyingcircus.io | 18:07:02 |
| asymmetric | In reply to @hexa:lossy.network
https://flyingcircus.io right, couldn't find any mention of "lts support for nixpkgs" or similar | 18:07:26 |
| hexa | let's not kid ourselves, I don't think our security state is bad or needs changing into debians direction | 18:07:26 |
| hexa | lts support means somepone has to pay for the shitty backports to happen | 18:07:55 |
| hexa | that can happen outside of nixpkgs, since the nixpkgs model is easy to fork, but alot of being "lts" is about having moldy versions of software, and nobody likes to work with that for free | 18:09:49 |
| hexa | in debian people are paid for maintaining things, this is especially true for the lts extensions of their releases | 18:10:28 |
| hexa | and following debian releases would mean a change to our release cadence, as else you'd need to support multiple stable releases in parallel - not feasible | 18:12:35 |
