eschutho edited a comment on issue #12566:
URL: https://github.com/apache/superset/issues/12566#issuecomment-763266043
> Thanks for getting this doc out, I think it aligns with many of my hopes
and dreams for a stable Superset and predictable version bumps. A few notes:
Great, thanks for the feedback @etr2460! I'm going to respond a bit out of
order just for simplicity while I think about some of the other points..
>
> The note about putting breaking security changes into a minor release
makes sense, but I'm a bit concerned that if someone is pinning their Superset
release to the most recent minor release and automatically upgrading, then they
won't notice the change. I might propose instead patching the current minor
release with the breaking security fix and releasing it with a new major
version number, then following up again with another major version. That way we
maintain the meaning of semantic versions, even when security issues show up.
Yeah, I agree on this possibility. One concern that I'm hearing is that
pushing out a major version will take time, and that releasing a security patch
should be addressed immediately. What I hear you suggesting is an alternative
which would be for example if you're on 1.4.3, to push out 2.0.0 with just the
security fix on top of 1.4.3, and then follow immediately with 3.0.0 with the
latest master including updated breaking changes/removed deprecations, etc? I
think that could be a safer solution, if anyone else has opinions on that. I
think in this example a 2.0.0 would take less time than the 3.0, but would it
be more time than a 1.4.4? Maybe not. It would mean two quick major versions
back to back, but I don't think it should happen often either.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
