Wireshark-dev: [Wireshark-dev] Wireshark LTS branches

From: Bálint Réczey <balint@xxxxxxxxxxxxxxx>
Date: Wed, 16 Apr 2014 12:42:55 +0200
Hi,

Many of you probably know about the Wireshark package [1] in Debian
which I started maintaining a few years ago. Like every other package
in Debian, the version of Wireshark included in the major distribution
release is getting security and stability updates through the lifetime
[2] of the major distribution release which is typically 3 years, but
it is still shorter than the lifetime of an Ubuntu LTS (5 years) or
Red Hat [3] (10 years).

Wireshark, the Project, makes a major release every year and according
our current policy we support [4] the current and previous release
which makes Wireshark releases lifetime 2 years.

Wireshark makes point releases after each major release fixing bugs
adding minor features and improvements, but only the security and some
stability related fixes get included in updates to the Debian package.
Since the Debian packages have longer lifetime than Wireshark release
I back-port security related fixes to older releases than the project
which means that I already maintain two Wireshark branches with
security fixes only in the form of patch sets [5]. Other distribution
maintainers do the same.

Since we moved to Git maintaining the branches became easier and I
would like to as the project to allow me to maintain the two existing
branches in the projects repository. Going forward I would like to
open one similar branch for at least every Debian major release and
maintain at least through the major release's lifetime.

I think it would not create any significant additional work for the
community but it would provide many advantages.

1. We could provide an upgrade path for people focused only on
security but not on other improvements keeping the existing release
plan.
2. Distribution maintainers could eliminate the duplicate work by
collaborating in the LTS branches.
3. Back-ported fixes could get better testing using the existing
buildbot infrastructure.
4. Back-ported fixes could be reviewed by more people.

One additional note regarding Debian, we (at Debian) are thinking
about extending the lifespan of each release to 5 years [7] and this
would extend my commitment to maintaining the Wireshark LTS branches
naturally.

Would the Project be open for the proposed branches?

Cheers,
Balint

PS: The Debian-specific parts would not be be included in the
Wireshark LTS branches.

[1] http://packages.qa.debian.org/w/wireshark.html
[2] https://wiki.debian.org/DebianReleases
[3] https://access.redhat.com/site/support/policy/updates/errata/
[4] http://wiki.wireshark.org/Development/Roadmap
[5] http://patch-tracker.debian.org/package/wireshark/1.2.11-6+squeeze13
[6] http://patch-tracker.debian.org/package/wireshark/1.8.2-5wheezy9
[7] http://bits.debian.org/2014/03/working-on-squeeze-lts.html