eschutho commented on issue #12566: URL: https://github.com/apache/superset/issues/12566#issuecomment-763266043
> Thanks for getting this doc out, I think it aligns with many of my hopes and dreams for a stable Superset and predictable version bumps. A few notes: Great, thanks for the feedback @etr2460! I'm going to respond a bit out of order just for simplicity while I think about some of the other points.. > > The note about putting breaking security changes into a minor release makes sense, but I'm a bit concerned that if someone is pinning their Superset release to the most recent minor release and automatically upgrading, then they won't notice the change. I might propose instead patching the current minor release with the breaking security fix and releasing it with a new major version number, then following up again with another major version. That way we maintain the meaning of semantic versions, even when security issues show up. Yeah, I agree on this possibility. One concern that I'm hearing is that pushing out a major version will take time, and that releasing a security patch should be addressed immediately. What I hear you suggesting is an alternative which would be for example if you're on 1.4.3, to push out 2.0.0 with just the security fix on top of 1.4.3, and then follow immediately with 3.0.0 with the latest master including updated breaking changes/removed deprecations, etc? I think that could be a safer solution, if anyone else has opinions on that. I think in this example a 2.0.0 would take less time than the 3.0, but would it be more time than a 1.4.4? Maybe not. It would mean two quick major versions back to back, but I don't think it should happen often either. ---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
