Ubuntu
gitlab package

Please consider adding gitlab to sync blacklist

Bug #1758702 reported by Jeremy Bícha
14
This bug affects 2 people
Affects Status Importance Assigned to Milestone
gitaly (Ubuntu)
Fix Released
Undecided
Unassigned
gitlab (Ubuntu)
Fix Released
Undecided
Unassigned
gitlab-shell (Ubuntu)
Fix Released
Undecided
Unassigned
golang-gitaly-proto (Ubuntu)
Invalid
Undecided
Unassigned

Bug Description

I spent some time looking over gitlab's website and I couldn't find a clear mention of how long releases are supported for or there are any LTS series. gitlab makes new releases every month.

Unless someone commits to supporting gitlab in Ubuntu stable releases, it feels like it's a disservice to users to have a package like this in our stable releases.

It might be ok to have it in -proposed only (or otherwise removed from Ubuntu before stable releases are made), but at that point, it feels like it might be better to just not have it in Ubuntu at all since we don't want to encourage people to run -proposed during the development cycle.

Revision history for this message
Simon Quigley (tsimonq2) wrote :

I agree with this.

From a security standpoint, it's a bit of a nightmare. Nobody who cares about their security would actually use the package in production...

Revision history for this message
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in gitlab (Ubuntu):
status: New → Confirmed
Revision history for this message
Jeremy Bícha (jbicha) wrote :

Ok, I found a policy [1]. My understanding is that there is no LTS branch. You need to update monthly to be under support. This is similar to how web browsers and webkitgtk are managed except that no one has stepped up to handle these releases for Ubuntu and get the Release Exception.

Unlike something like WordPress, I expect that at least the new major releases (not done as often as monthly releases) to require updated dependencies. But I haven't investigated whether that's true.

(Although WordPress doesn't advertise it, they do provide security releases for old versions so WordPress is supportable if someone just does the work to prepare and verify the updates.)

[1] https://docs.gitlab.com/ee/policy/maintenance.html

Revision history for this message
Steve Langasek (vorlon) wrote :

Agreed, added to blacklist.

Changed in gitlab (Ubuntu):
status: Confirmed → Fix Released
Revision history for this message
Shengjing Zhu (zhsj) wrote (last edit ):

I find several gitlab components are still in archive, shouldn't they be blocked together? (not useful without gitlab package)

Revision history for this message
Jeremy Bícha (jbicha) wrote :

gitlab-shell can be used to access remote Gitlab servers. It is not required to have Gitlab installed on the same machine as gitlab-shell.

Changed in gitlab-shell (Ubuntu):
status: New → Invalid
Revision history for this message
Shengjing Zhu (zhsj) wrote (last edit ):

@jbicha, hmm how can gitlab-shell be used to access remote Gitlab servers? AFAIK, gitlab-shell is used as a login shell on gitlab server when doing git operation through ssh protocol.

https://docs.gitlab.com/ee/development/gitlab_shell/

Revision history for this message
Jeremy Bícha (jbicha) wrote :

Ok, sorry I misunderstood what gitlab-shell was.

Changed in gitlab-shell (Ubuntu):
status: Invalid → Confirmed
Revision history for this message
Chris Halse Rogers (raof) wrote :

Someone seems to have cared enough about gitlab-shell recently to request a sync from Debian: https://bugs.launchpad.net/ubuntu/+source/gitlab-shell/+bug/2024202. I'm not sure if that indicates that there are sensible uses for it, though. I've requested further information.

Revision history for this message
Steve Langasek (vorlon) wrote :

y'all can make a recommendation as to whether gitlab-shell or shouldn't be removed, but this bug should NOT be tagged block-proposed, as this prevents the new version of gitlab-shell from being released from mantic-proposed and the old version build-depends on golang-gitaly-proto-dev which has been removed in Debian.

tags: removed: block-proposed
Changed in golang-gitaly-proto (Ubuntu):
status: New → Invalid
Revision history for this message
Jeremy Bícha (jbicha) wrote :

gitaly is currently in noble and noble-proposed so a removal would need to remove it from both places

tags: added: noble update-excuse
Revision history for this message
Sebastien Bacher (seb128) wrote :

Removing packages from noble:
 gitaly 16.0.8+ds1-1 in noble
  gitaly 16.0.8+ds1-1 in noble amd64
  gitaly 16.0.8+ds1-1 in noble arm64
  gitaly 16.0.8+ds1-1 in noble armhf
  gitaly 16.0.8+ds1-1 in noble ppc64el
  gitaly 16.0.8+ds1-1 in noble riscv64
  gitaly 16.0.8+ds1-1 in noble s390x
  gitlab-common 16.0.8+ds1-1 in noble amd64
  gitlab-common 16.0.8+ds1-1 in noble arm64
  gitlab-common 16.0.8+ds1-1 in noble armhf
  gitlab-common 16.0.8+ds1-1 in noble i386
  gitlab-common 16.0.8+ds1-1 in noble ppc64el
  gitlab-common 16.0.8+ds1-1 in noble riscv64
  gitlab-common 16.0.8+ds1-1 in noble s390x
  golang-gitlab-gitlab-org-gitaly-dev 16.0.8+ds1-1 in noble amd64
  golang-gitlab-gitlab-org-gitaly-dev 16.0.8+ds1-1 in noble arm64
  golang-gitlab-gitlab-org-gitaly-dev 16.0.8+ds1-1 in noble armhf
  golang-gitlab-gitlab-org-gitaly-dev 16.0.8+ds1-1 in noble i386
  golang-gitlab-gitlab-org-gitaly-dev 16.0.8+ds1-1 in noble ppc64el
  golang-gitlab-gitlab-org-gitaly-dev 16.0.8+ds1-1 in noble riscv64
  golang-gitlab-gitlab-org-gitaly-dev 16.0.8+ds1-1 in noble s390x
  ruby-gitaly 16.0.8+ds1-1 in noble amd64
  ruby-gitaly 16.0.8+ds1-1 in noble arm64
  ruby-gitaly 16.0.8+ds1-1 in noble armhf
  ruby-gitaly 16.0.8+ds1-1 in noble i386
  ruby-gitaly 16.0.8+ds1-1 in noble ppc64el
  ruby-gitaly 16.0.8+ds1-1 in noble riscv64
  ruby-gitaly 16.0.8+ds1-1 in noble s390x
Comment: not compatible with the new libgit2, remove from debian testing, lp #2046034
Remove [y|N]? y
1 package successfully removed.

Changed in gitaly (Ubuntu):
status: New → Fix Released
Revision history for this message
Sebastien Bacher (seb128) wrote :

Removing packages from noble:
 gitlab-shell 14.20.0+ds1-2build1 in noble
  gitlab-shell 14.20.0+ds1-2build1 in noble amd64
  gitlab-shell 14.20.0+ds1-2build1 in noble arm64
  gitlab-shell 14.20.0+ds1-2build1 in noble armhf
  gitlab-shell 14.20.0+ds1-2build1 in noble ppc64el
  gitlab-shell 14.20.0+ds1-2build1 in noble riscv64
  gitlab-shell 14.20.0+ds1-2build1 in noble s390x
  golang-gitlab-gitlab-org-gitlab-shell-v14-dev 14.20.0+ds1-2build1 in noble amd64
  golang-gitlab-gitlab-org-gitlab-shell-v14-dev 14.20.0+ds1-2build1 in noble arm64
  golang-gitlab-gitlab-org-gitlab-shell-v14-dev 14.20.0+ds1-2build1 in noble armhf
  golang-gitlab-gitlab-org-gitlab-shell-v14-dev 14.20.0+ds1-2build1 in noble i386
  golang-gitlab-gitlab-org-gitlab-shell-v14-dev 14.20.0+ds1-2build1 in noble ppc64el
  golang-gitlab-gitlab-org-gitlab-shell-v14-dev 14.20.0+ds1-2build1 in noble riscv64
  golang-gitlab-gitlab-org-gitlab-shell-v14-dev 14.20.0+ds1-2build1 in noble s390x
Comment: gitlab is not supported in Ubuntu, lp #1758702
Remove [y|N]? y
1 package successfully removed.

Changed in gitlab-shell (Ubuntu):
status: Confirmed → Fix Released
Revision history for this message
Paul Mars (upils) wrote (last edit ):

It looks like a new version of gitaly was re-uploaded in December. seb128 can you remove it?

Is there a way to automatically prevent future uploads on packages we do not want in the archive anymore?

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.