Code review comment for ~adrien/ubuntu-archive-tools:phasing-openssl

Thanks for the reviews.

The fact that it uses source package names makes sense. I was unsettled by the grub examples which I had assumed were binary packages: I didn't expect so many different source packages! I should have checked nonetheless. :)

About the phasing speed: it seemed to me that grub and shim are very high risk packages while openssl is lesser risk but still more than most packages. The goal was to find a balance: if there's 50% chance that the openssl phasing never goes above 60% before being fast-forwarded, then we're probably missing on some inputs we get from the phasing.

A 1% phasing takes almost a month to complete. On average with the values you've given, there has been an openssl update very 2.75 months or so (and I think it makes sense to be pessimistic here). With the last openssl security update, I had to respin my changes, test them again, get the approved and uploaded again, wait for tests to succeed, and then wait for a review. When you sum all of these, they start taking a serious chunk of these 2.75 months. The motivation for this MR is that there are plenty of constraints and they should be balanced in order to maximize their usefulness. Another constraint is that the security team would like that we refrain from uploading a couple weeks before the release of the security update to avoid conflicts.

Briand agreed on the idea of having intermediate phasing speed when we discussed that in Riga but clearly I'm fine with speed that is deemed appropriate by the people who have more experience with SRUs than I do.

PS: I was also intending to push other openssl SRUs in the future, not just the current one, but I'm more and more thinking that there might not be others considering this one is not moving forward (this isn't a criticism of anyone; instead it's an interesting data point on the topic of openssl SRUs)