About the current LTS model

There are always reasons why you want a stable version for more than half a year, so LTS is the solution for this.

But if LTS is not maintained properly, maybe Tryton should go back to the old support model?

What exactly is not maintained well, which problems do you have?
I find 5.0 is maintained very well. But for a new project I would also recommend using
the latest release version and migrate until the next LTS.
Best Udo

1 Like

I agree here. We normally start projects with latest release because they have more changes to require new developments. Starting with newer versions makes it’s easier to contribute new features to upstream, which is an improvement for the project but also for the customer (as the quality of the development it’s better).

Once everything is running you are ready to stay on a LTS version.

If if this not just FUD please open a new thread explaining your concers and what we can do to improve the situation.

Well, I had enough discussions - with you as well - about the LTS model.
Answers like ‘…we do not really care to upgrade on past release.’ as from 127 security vulnerabilities installing tryton-sao 5.0.x (#9117) · Issues · Tryton / Tryton · GitLab is not what I expect from a well-maintained LTS model. This discussion around the Werkzeug ‘Patch’ was another bad example. Trytond 5.0 compatibility with werkzeug 0.16 (#9042) · Issues · Tryton / Tryton · GitLab

In my opinion, I dont see that 5.0 will run in 5 years time on a reasonably up-to-date system.

‘What we can do to improve’ was subject of a larger discussion in April in the foundation mailing list. You may want to review this

I think it was clear that we do not want to make adaptation for major release of dependencies on old series.

If you want to run a LTS series for 5 years you just need to use an OS that it also supported for 5 years. Correct me if I’m wrong but most of this OS make the same assumption as us: “Do not provide new versions for packages”, just the ones that where included on the version are supported by including minor versions and security patches of packages.

So you for Tryton (also for your OS) you have two options:

  • Use the LTS version and do not get new features (this is the price of stability).
  • Use the latest versions of packages to get newer versions.

We also provide a docker image, which is based on debian standard for lts packages. This image is updated with the debian fixes and the tryton fixes. The image has been working well for nearly two years (or at least we did not have any complain about it). For me this is a sign that LTS versions are working well.

So for me the problem is that you want to have a LTS version of tryton on a non LTS OS. And mix is not a good idea.

Regarding this issue, I think you didn’t understand why “we don’t care”. The answer is in the part of the quote of @ced you omited.

“Those are tools to build sao so we do not really care to upgrade on past release”

These vulnerabilities exists and are bad. But there are not present in the files generated for sao.

It is like a vulnerability in a compiler. A bad source file could expose it and compromise the host compiling them. But if the source file is sane, the generated executable is sane too.

Here, we are controlling the source file. The tools could be bad, they will generated sane output. And only this sane output is used in sao.

I agree with @pokoli. LTS version of Tryton need a LTS OS too.

2 Likes

Why 5 years ?
I thought 5.0 would be end of live in october 2023. Did it change ?
I associate this version with a LTS OS which should be supported until then.

Thank you for this precision.

Nothing changed.

Just to clarify:

  • LTS Versions are suported during 5 years
  • As 5.0 was released on Octuber 2018, it will be supported until October 2023

So both are correct :slight_smile:

Without intention to warm this thread up again…allow me one comment on lifecycle:

SLE, the commercial brother of openSUSE, offers 10 years support for the SLE 15 series (released July 2018, using the same sources as Leap 15.0), with the option to extend until July 2031.

Part of the maintenance are annual service packs, that carefully introduces e.g. new kernel versions (which need to be certified with hardware vendors upfront) but as well upgrades in application packages.

Current SLE 15 SP2 corresponds to Leap 15.2 - both have already evolved heavily from 15.0, including larger version bumps (just as I have it in front of me: hylafax+ from 5.6.1 to 7.0.3)

So, LTS is not static, it is a lot of maintenance to keep it running…

I may understand that the LTS support is different when some company offers commercial support for an LTS version (extending its life cycle).

But this is not the case of our LTS versions as they are maintained by the community.

Thanks for your comprehension.