[wp-hackers] Long term suckage

eric at eamann.com eric at eamann.com
Fri Jun 18 17:34:42 UTC 2010


+1 for the idea of keeping the current-1 release up to date with security.
 There are several other open source systems on the market that already do this
(the best example is YUI).  So long as we're making security/stability patches
to the 3.0 branch, we could still port them to the 2.9 branch.  Once 3.1 comes
out, we can "officially" deprecate the 2.9 branch and just maintain the 3.0
branch with security patches.
 
It seems straight-forward to me.  Am I missing anything here?

 

On June 18, 2010 at 5:20 PM Dougal Campbell <dougal at gunters.org> wrote:

> On Jun 18 2010 11:49 AM, Matt Mullenweg wrote:
> > While I like the theory of LTS, what happens in practice is it covers
> > up the incompetence of IT or developers because they put off small
> > slightly painful upgrades until they get so out of date of trunk (3
> > years? 5 years?) and you have to go through a giant, painful, screws
> > everybody over upgrade.
>
> Yeah, but I think what we're* talking about here is more realistic.
> Maybe we should call it "STS" (Short-Term Support) instead of "LTS"? I
> don't think we have to make any commitment (official or otherwise) to
> support any particular release for years. But if we could just support
> the "current-minus-one" release up until the time that the
> "current-plus-one" version came out, it would provide a
> not-too-unreasonable window for those who hesitate to upgrade to the
> shiniest new version, for whatever reason.
>
> For a pure feature release, like 3.0 (AFAIK there are still no known
> security holes in 2.9), it's not that big a deal. But if someone
> theoretically discovered a 3.0 security hole 3 months from now which
> also affected 2.9, I think it would behoove us to backport the patch
> into the 2.9 branch and do a point release, even if backporting the fix
> is a pain in the neck due to code refactoring.
>
> The main thing here is that it would be nice to have "official" support
> from the core team, even if it's community members at-large who do the
> actual bugfix backporting. Yes, I'm sure that if this had occurred in
> the past, such patches would have been welcomed, but there has been no
> stated process around it. It would be nice if someone would actually say
> that such patches would be reviewed, and that there would be a "real"
> -minus-one update release.
>
> Here's a possible pain-point:  if you are running 2.9.2, and there was a
> 2.9.3 release while 3.0 is current, I'm assuming that the updater will
> only show you 3.0 as an upgrade path. I'm guessing this could be
> addressed with a plugin, though.
>
>    * And when I say "we", I'm really only speaking for myself. :)
>
> --
> Dougal Campbell <dougal at gunters.org>
> http://dougal.gunters.org/
> http://twitter.com/dougal
> http://twitual.com/
> _______________________________________________
> wp-hackers mailing list
> wp-hackers at lists.automattic.com
> http://lists.automattic.com/mailman/listinfo/wp-hackers


More information about the wp-hackers mailing list