Kernel releases policy

jocado · May 13, 2021, 10:40am

Hi,

Wasn’t sure which section to ask this in, but I will start here.

For the standard kernel snaps, is there a policy that governs the move through the channels ? For example, does a 20/candidate revision have a minimum time there before it’s promoted to 20/stable ?

Does it vary depending on Security vs SRU updates ?

Is any of this stuff documented any where ?

Thanks !

Cheers,
Just

klebers · May 18, 2021, 8:31am

Hello jocado,

For the Ubuntu kernel snaps, the channels that they are published to depend on the status of their original packages in the archive (the one that gets installed by apt) and are defined by the following rules:

For kernel SRU releases:

Once a new kernel release is published to -proposed, we build the snaps out of it and publish to edge/beta.
After the kernel snaps are tested by our Certification Team on the supported platforms, they get published to candidate.
When the archive packages are ready to be promoted to -updates/-security at the end of the kernel SRU cycle, their snaps get published to the stable channel.

During this process, a kernel snap revision should stay in candidate for at least some days, up to a couple of weeks, before it is promoted to stable. Sometimes a kernel snap will be in candidate for a shorter period of time, this might be caused by some re-spin late in the SRU cycle. In such cases the changes are generally small and should not cause any regressions when compared to the previous revision.

If you are interested in the Kernel SRU cycle schedule and cadence, you can check https://kernel.ubuntu.com/.

For security releases:
For embargoed security releases unfortunately in most of the cases we need to update users as soon as possible after the security issue becomes public. In this case we can’t afford to hold the new revision in candidate for several days for general public tests as it’s done for the regular SRU release. They are also published to stable as soon as their archive packages are published to -security and the kernel snaps are built.

We don’t have any public documentation about this topic yet, but I’ll discuss it with the Kernel Team.

I hope this helps!

Regards,
Kleber

ogra · May 18, 2021, 8:39am

Well, now we do

jocado · May 18, 2021, 8:44am

It does help @klebers , thanks for taking the time to reply in some detail

Cheers, Just

jocado · June 1, 2021, 5:56pm

@klebers Can I ask how the process differs, if at all, for base snaps ?

Given that the bases are made up of many different deb packages, does that change anything about the update frequency ?

Cheers,
Just

ijohnson · June 1, 2021, 6:24pm

@jocado I would recommend starting a new topic for base snaps - they are maintained by a different team, the foundations team. You will want to ping @sil2100 and possibly @xnox as well when you do so

jocado · June 1, 2021, 6:42pm

Thanks

Asked: Base snap release policy

Cheers, Just