Supported versions?

[Nils Breunese <N....@vpro.nl>]

Hey guys,

I saw CouchDB 1.0.2 fixes a security issue. Am I right that 0.11.x won't get this fix? Is there an official statement somewhere on what 'series' of releases are currently supported?

Nils (not a dev@ member, please CC: me).
------------------------------------------------------------------------
 VPRO   www.vpro.nl
------------------------------------------------------------------------

Re: Supported versions?

[Paul Davis <pa...@gmail.com>]

On Mon, Jan 31, 2011 at 3:09 PM, Noah Slater <ns...@apache.org> wrote:
>
> On 31 Jan 2011, at 15:05, Nils Breunese wrote:
>
>> I saw CouchDB 1.0.2 fixes a security issue. Am I right that 0.11.x won't get this fix? Is there an official statement somewhere on what 'series' of releases are currently supported?
>
> I would have said that anything we list on the downloads.html page is a support version. That means that those versions should receive back-ports for bugs and security issues. I notice that this has not happened for the 1.0.2 release and the subsequent security announcement. I can only infer that the pre-1.0 line is no longer supported and should be removed from this page.
>
> Thoughts, anyone?
>
>

Oh, right, I'm supposed to call a vote or discussion on archiving old releases.

I'm +1 on ending support for pre-1.0 branches. But as Nils points out,
we should probably figure out some sort of policy for when we drop
support.

RE: Supported versions?

[Nils Breunese <N....@vpro.nl>]

Hello all,

I think the most important thing is to have a policy and make clear to end users what it is. I don't care about 0.11.x personally since we're still on 0.10.1 in production (which has been rock solid for us I might add) and are probably upgrading to 1.0.2 soon (or 1.1.0 if that's released before we start our upgrade project), I was just wondering what the support policy was. This seems like a good time to agree on *something* and communicate this plan, but I'll leave that to you dev@ people.

Thanks, Nils.
________________________________________
Van: Jan Lehnardt [jan@apache.org]
Verzonden: maandag 31 januari 2011 21:50
Aan: dev@couchdb.apache.org
CC: Nils Breunese
Onderwerp: Re: Supported versions?

On 31 Jan 2011, at 21:09, Noah Slater wrote:

>
> On 31 Jan 2011, at 15:05, Nils Breunese wrote:
>
>> I saw CouchDB 1.0.2 fixes a security issue. Am I right that 0.11.x won't get this fix? Is there an official statement somewhere on what 'series' of releases are currently supported?
>
> I would have said that anything we list on the downloads.html page is a support version. That means that those versions should receive back-ports for bugs and security issues. I notice that this has not happened for the 1.0.2 release and the subsequent security announcement. I can only infer that the pre-1.0 line is no longer supported and should be removed from this page.
>
> Thoughts, anyone?

It looks we dropped the ball here. Here's how I think it went:

IMHO, the general rule is supporting the current and previous release. We have referred to that rule in the past. I'm not sure that is written down anywhere though. I think this is a good policy either way.

We planned to have 1.0.2 and 1.1.0 come out at roughly the same time. As a result, I didn't bother backporting the required patches to the 0.11.x line, effectively ending support. Now 1.0.2 is out and 1.1.0 isn't just yet (I hope soon though) so we effectively broke the rule. I'll look into backporting the required patches to 0.11.x so people can at least do manual fixes.

Does that sound like a sensible scenario?

Cheers
Jan
--


------------------------------------------------------------------------
 VPRO   www.vpro.nl
------------------------------------------------------------------------

Re: Supported versions?

[Dave Cottlehuber <da...@muse.net.nz>]

>> On Mon, Jan 31, 2011 at 21:50, Jan Lehnardt <ja...@apache.org> wrote:
>>> IMHO, the general rule is supporting the current and previous release. We have referred to that rule in the past. I'm not sure that is written down anywhere though. I think this is a good policy either way.

Overall I agree (is this a+0.7 ?) but people need to be given time to
upgrade between versions. Some projects and commercial vendors provide
support for a 6 month rolling window to enable this. From a sysadmin
point of view this would be preferable.

>>> We planned to have 1.0.2 and 1.1.0 come out at roughly the same time. As a result, I didn't bother backporting the required patches to the 0.11.x line, effectively ending support. Now 1.0.2 is out and 1.1.0 isn't just yet (I hope soon though) so we effectively broke the rule. I'll look into backporting the required patches to 0.11.x so people can at least do manual fixes.
>>>
>>> Does that sound like a sensible scenario?
>>
>> Sounds good to me (in particular the policy).
>
> Me too.

Yup - solves the issue above neatly.

A+
Dave

Re: Supported versions?

[Noah Slater <ns...@apache.org>]

On 1 Feb 2011, at 07:04, Dirkjan Ochtman wrote:

> On Mon, Jan 31, 2011 at 21:50, Jan Lehnardt <ja...@apache.org> wrote:
>> IMHO, the general rule is supporting the current and previous release. We have referred to that rule in the past. I'm not sure that is written down anywhere though. I think this is a good policy either way.
>> 
>> We planned to have 1.0.2 and 1.1.0 come out at roughly the same time. As a result, I didn't bother backporting the required patches to the 0.11.x line, effectively ending support. Now 1.0.2 is out and 1.1.0 isn't just yet (I hope soon though) so we effectively broke the rule. I'll look into backporting the required patches to 0.11.x so people can at least do manual fixes.
>> 
>> Does that sound like a sensible scenario?
> 
> Sounds good to me (in particular the policy).

Me too.

Re: Supported versions?

[Dirkjan Ochtman <di...@ochtman.nl>]

On Mon, Jan 31, 2011 at 21:50, Jan Lehnardt <ja...@apache.org> wrote:
> IMHO, the general rule is supporting the current and previous release. We have referred to that rule in the past. I'm not sure that is written down anywhere though. I think this is a good policy either way.
>
> We planned to have 1.0.2 and 1.1.0 come out at roughly the same time. As a result, I didn't bother backporting the required patches to the 0.11.x line, effectively ending support. Now 1.0.2 is out and 1.1.0 isn't just yet (I hope soon though) so we effectively broke the rule. I'll look into backporting the required patches to 0.11.x so people can at least do manual fixes.
>
> Does that sound like a sensible scenario?

Sounds good to me (in particular the policy).

Cheers,

Dirkjan

Re: Supported versions?

[Jan Lehnardt <ja...@apache.org>]

On 31 Jan 2011, at 21:09, Noah Slater wrote:

> 
> On 31 Jan 2011, at 15:05, Nils Breunese wrote:
> 
>> I saw CouchDB 1.0.2 fixes a security issue. Am I right that 0.11.x won't get this fix? Is there an official statement somewhere on what 'series' of releases are currently supported?
> 
> I would have said that anything we list on the downloads.html page is a support version. That means that those versions should receive back-ports for bugs and security issues. I notice that this has not happened for the 1.0.2 release and the subsequent security announcement. I can only infer that the pre-1.0 line is no longer supported and should be removed from this page.
> 
> Thoughts, anyone?

It looks we dropped the ball here. Here's how I think it went: 

IMHO, the general rule is supporting the current and previous release. We have referred to that rule in the past. I'm not sure that is written down anywhere though. I think this is a good policy either way.

We planned to have 1.0.2 and 1.1.0 come out at roughly the same time. As a result, I didn't bother backporting the required patches to the 0.11.x line, effectively ending support. Now 1.0.2 is out and 1.1.0 isn't just yet (I hope soon though) so we effectively broke the rule. I'll look into backporting the required patches to 0.11.x so people can at least do manual fixes.

Does that sound like a sensible scenario?

Cheers
Jan
-- 

Re: Supported versions?

[Noah Slater <ns...@apache.org>]

On 31 Jan 2011, at 15:05, Nils Breunese wrote:

> I saw CouchDB 1.0.2 fixes a security issue. Am I right that 0.11.x won't get this fix? Is there an official statement somewhere on what 'series' of releases are currently supported?

I would have said that anything we list on the downloads.html page is a support version. That means that those versions should receive back-ports for bugs and security issues. I notice that this has not happened for the 1.0.2 release and the subsequent security announcement. I can only infer that the pre-1.0 line is no longer supported and should be removed from this page.

Thoughts, anyone?