@@ -367,10 +367,76 @@ Some specific suggestions are:
367367 test discovery.
368368
369369
370+ .. _aim-for-stable-releases :
371+
372+ Aim for stable releases
373+ -----------------------
374+
375+ Why?
376+ ~~~~
377+
378+ Many downstreams provide stable release channels in addition to the main
379+ package streams. The goal of these channels is to provide more conservative
380+ upgrades to users with higher stability needs. These users often prefer
381+ to trade having the newest features available for lower risk of issues.
382+
383+ While the exact policies differ, an important criterion for including a new
384+ package version in a stable release channel is for it to be available in testing
385+ for some time already, and have no known major regressions. For example,
386+ in Gentoo Linux a package is usually marked stable after being available
387+ in testing for a month, and being tested against the versions of its
388+ dependencies that are marked stable at the time.
389+
390+ However, there are circumstances which demand more prompt action. For example,
391+ if a security vulnerability or a major bug is found in the version that is
392+ currently available in the stable channel, the downstream is facing a need
393+ to resolve it. In this case, they need to consider various options, such as:
394+
395+ - putting a new version in the stable channel early,
396+
397+ - adding patches to the version currently published,
398+
399+ - or even downgrading the stable channel to an earlier release.
400+
401+ Each of these options involves certain risks and a certain amount of work,
402+ and packagers needs to weigh them to determine the course of action.
403+
404+ How?
405+ ~~~~
406+
407+ There are some things that upstreams can do to tailor their workflow to stable
408+ release channels. These actions often are beneficial to the package's users
409+ as well. Some specific suggestions are:
410+
411+ - Adjust the release frequency to the rate of code changes. Packages that
412+ are released rarely often bring significant changes with every release,
413+ and a higher risk of accidental regressions.
414+
415+ - Avoid mixing bug fixes and new features, if possible. In particular, if there
416+ are known bug fixes merged already, consider making a new release before
417+ merging feature branches.
418+
419+ - Consider making prereleases after major changes, to provide more testing
420+ opportunities for users and downstreams willing to opt-in.
421+
422+ - If your project is subject to very intense development, consider splitting
423+ one or more branches that include a more conservative subset of commits,
424+ and are released separately. For example, Django _ currently maintains three
425+ release branches in addition to main.
426+
427+ - Even if you don't wish to maintain additional branches permanently, consider
428+ making additional patch releases with minimal changes to the previous
429+ version, especially when a security vulnerability is discovered.
430+
431+ - Split your changes into focused commits that address one problem at a time,
432+ to make it easier to cherry-pick changes to earlier releases when necessary.
433+
434+
370435.. _responses : https://pypi.org/project/responses/
371436.. _vcrpy : https://pypi.org/project/vcrpy/
372437.. _pytest-socket : https://pypi.org/project/pytest-socket/
373438.. _pytest-xdist : https://pypi.org/project/pytest-xdist/
374439.. _pytest : https://pytest.org/
375440.. _pytest-rerunfailures : https://pypi.org/project/pytest-rerunfailures/
376441.. _pytest-timeout : https://pypi.org/project/pytest-timeout/
442+ .. _Django : https://www.djangoproject.com/
0 commit comments