Skip to content

Commit df0c91a

Browse files
committed
Add a section on stable channels
1 parent b4c7485 commit df0c91a

1 file changed

Lines changed: 66 additions & 0 deletions

File tree

source/discussions/downstream-packaging.rst

Lines changed: 66 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -367,10 +367,76 @@ Some specific suggestions are:
367367
test discovery.
368368

369369

370+
.. _aim-for-stable-releases:
371+
372+
Aim for stable releases
373+
-----------------------
374+
375+
Why?
376+
~~~~
377+
378+
Many downstreams provide stable release channels in addition to the main
379+
package streams. The goal of these channels is to provide more conservative
380+
upgrades to users with higher stability needs. These users often prefer
381+
to trade having the newest features available for lower risk of issues.
382+
383+
While the exact policies differ, an important criterion for including a new
384+
package version in a stable release channel is for it to be available in testing
385+
for some time already, and have no known major regressions. For example,
386+
in Gentoo Linux a package is usually marked stable after being available
387+
in testing for a month, and being tested against the versions of its
388+
dependencies that are marked stable at the time.
389+
390+
However, there are circumstances which demand more prompt action. For example,
391+
if a security vulnerability or a major bug is found in the version that is
392+
currently available in the stable channel, the downstream is facing a need
393+
to resolve it. In this case, they need to consider various options, such as:
394+
395+
- putting a new version in the stable channel early,
396+
397+
- adding patches to the version currently published,
398+
399+
- or even downgrading the stable channel to an earlier release.
400+
401+
Each of these options involves certain risks and a certain amount of work,
402+
and packagers needs to weigh them to determine the course of action.
403+
404+
How?
405+
~~~~
406+
407+
There are some things that upstreams can do to tailor their workflow to stable
408+
release channels. These actions often are beneficial to the package's users
409+
as well. Some specific suggestions are:
410+
411+
- Adjust the release frequency to the rate of code changes. Packages that
412+
are released rarely often bring significant changes with every release,
413+
and a higher risk of accidental regressions.
414+
415+
- Avoid mixing bug fixes and new features, if possible. In particular, if there
416+
are known bug fixes merged already, consider making a new release before
417+
merging feature branches.
418+
419+
- Consider making prereleases after major changes, to provide more testing
420+
opportunities for users and downstreams willing to opt-in.
421+
422+
- If your project is subject to very intense development, consider splitting
423+
one or more branches that include a more conservative subset of commits,
424+
and are released separately. For example, Django_ currently maintains three
425+
release branches in addition to main.
426+
427+
- Even if you don't wish to maintain additional branches permanently, consider
428+
making additional patch releases with minimal changes to the previous
429+
version, especially when a security vulnerability is discovered.
430+
431+
- Split your changes into focused commits that address one problem at a time,
432+
to make it easier to cherry-pick changes to earlier releases when necessary.
433+
434+
370435
.. _responses: https://pypi.org/project/responses/
371436
.. _vcrpy: https://pypi.org/project/vcrpy/
372437
.. _pytest-socket: https://pypi.org/project/pytest-socket/
373438
.. _pytest-xdist: https://pypi.org/project/pytest-xdist/
374439
.. _pytest: https://pytest.org/
375440
.. _pytest-rerunfailures: https://pypi.org/project/pytest-rerunfailures/
376441
.. _pytest-timeout: https://pypi.org/project/pytest-timeout/
442+
.. _Django: https://www.djangoproject.com/

0 commit comments

Comments
 (0)