Hello devs, As you must know we had two hard months, several very bad bugs hit us.
The release team had to coordinate and it was not an easy task. We noticed some flaws in the workflow and I would like to suggest some improvements to discuss. The main problematic issue is to backport patch series to different stable branches. 1. LTS I think it's time to have a Long Term Support release. We noticed that some people are still using very old versions, having a version that is maintained several years could help them. We could backport critical security bugs only. 4 (5?) years would be great. 2. Communication Once the issues have been reported and fixed, I've alerted the first cycle of people around me. Their job was to alert a second cycle. Should we have a list of people we trust? Ask the (general) mailing list who wants to be in the loop? That means adding them to the security group on bugzilla (or at least adding them when the bug has a fix) and CC them when private discussions take place. 3. Synchronisation Release maintainers are spread around the world (and timezones suck). Getting feedback can take time, several days (like: "try", "don't work", "try again", it's 3 days!). Then when you plan to release on Wednesday, and things are only ready on Thursday you need to wait until Monday as part of the world is still enjoying the weekend! I don't have a solution for that, apart from the Monday postpone or... more anticipation. Same problem for the time of the release, I've picked 12 UTC as the "most convenient" slot for a release, but it won't (ofc) fit everybody's needs. My point was that if we communicated enough beforehand (but not publicly) it should not be a problem. Let me know if you have ideas to improve that! 4. Infrastructure improvement We don't have CI/Jenkins for the security repository. We need one! That must be a top priority of the next cycle. We need to help RMaints and make the security release process easier and less stressful. 5. Apply patches We need a script to apply the patches on the different branches, automatically. That's an easy bit to develop and it will help us a lot. 6. More visibility on the status of the patches RM and RMaints must put their progress on the bug report itself. A comment "Will be pushed, RM had a look at this" or "Backported for..." should be added. That must be added to the "Release process" wiki page. Let us know if you have any questions or remarks. Cheers, Jonathan _______________________________________________ Koha-devel mailing list [email protected] https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-devel website : https://www.koha-community.org/ git : https://git.koha-community.org/ bugs : https://bugs.koha-community.org/
