After deploying a new conftool release for the first time in T365123, there are a couple of improvements that I think we might want to consider for the build / release procedure.

The most valuable one would be to document or (ideally) script the multi-distribution debian package build procedure for conftool. If you're used to building packages for another piece of software (e.g., with a different gbp configuration), there can be surprises that take a little while to figure out.

Two other possible improvements to consider:

• Although there will always be exceptional cases that require careful coordination (e.g., JSON schema changes), having a recommended deployment sequence for "generic" (low-ish risk) releases would avoid folks having to put something together ad-hoc.
• @MoritzMuehlenhoff had the neat idea to introduce a conftool-next component, used by a limited number of canary hosts that cover the range of conftool packages. That could be used to reduce the blast radius of either (a) a bad release or (b) (as in T365123) repo changes that require involved / potentially risky resolution.

In any case, I'll give these some thought while this experience if fresh in my mind :)

See T365123#9904990 for a description of how things specifically got complicated when releasing conftool 3.0.0.