On 15/04/2019 16.51, Robie Basak wrote:
> I'm afraid that this is going to be too time consuming for me to
> review - there seem to be additional complications the more I look
> into it (eg. Cosmic and the new soname as you mention above). Based
> on previous experience I think that the technical difficulties in
> landing this safely to existing 18.04 users are going to overwhelm
> the available volunteer time available from developers who are able
> to review it.

You are right that Cosmic must also be taken into account. However, the
situation on Cosmic is much simpler: it already has the SPv3 stack so
the upgrade would boil down to 3.0.2 -> 3.0.4. The only small issue it
that Cosmic is still using the old package names with "2" in them (i.e.
"shibboleth-sp2"), but that can be dealt with Breaks/Replaces to ensure
a smooth upgrade (as I've already done for Debian backports). Is there
something else complicating the SRU for Cosmic you were thinking of?

Can you explain how the new soname is a problem? I think it clearly
separates the new and old libraries.

> You might be better off maintaining a PPA for users on 18.04, or
> just recommending the use of Disco once it's released, combined with
> suitable automation, tests and CI to ensure that you can roll forward
> on a six monthly basis until the next LTS is released. If that seems
> hard to you, updating 18.04 seems harder to me.

Users of the Shibboleth SP software are typically web server operators,
as it is installed alongside Apache httpd. These people completely
ignore non-LTS releases and it is already hard enough to get them to
upgrade from one LTS to the next before its support expires. I've had
way more requests to backport the SPv3 stack to Xenial than I've got for
Bionic (for our PPA at http://pkg.switch.ch/switchaai/). Therefore, I
think it is unrealistic to ask server operators to upgrade their whole
OS every six months just to get a new SP version. I think it is worse to
leave Bionic with a broken Shibboleth SP for four more years than
upgrading it and risk breaking Moonshot (which can be fixed with a
no-change rebuild).

Those who have the "suitable automation, tests and CI" have already
moved past Bionic, I suppose. I want to do something for the rest out there.

> However I welcome other Ubuntu developers to take a look if they want
> to help you getting this landed.

Could you please circulate this internally so someone else may see and
tackle it?

> I've added bug tasks for Bionic and Cosmic - getting the statuses
> all correct would be helpful if you want to proceed.

What would be the correct status then?

> I'm sorry I can't help you further. I hope this doesn't discourage
> you from continuing to help with Shibboleth packaging in Ubuntu.
> Appearing as a newcomer wanting to do major surgery is your challenge
> here. I hope that you'll find that maintaining packaging in the
> development release, and landing routine bugfixes in stable releases
> are much easier.

It is indeed a daunting task for a newcomer. I submitted one security
patch for Shibboleth just before and it went well so I figured I'd
embark on a larger endeavour. :) For me, how packages are maintained in
Ubuntu is still fairly unclear (where is the VCS?)...

  Etienne