On Thu, May 5, 2016 at 4:31 PM, Chad <innocentkil...@gmail.com> wrote:
> Well then it sounds like it won't make the 1.27 release. We've known > this branching was coming for the last 6 months :) > Is there a way to do a backport before the release candidate gets published? The problem with doing major changes after an LTS release is that both the old and the new version has to be maintained for the full support cycle. AuthManager is a complete rewrite of all authentication-related interfaces, special pages and APIs (the patch to update the release notes [1] gives a good overview of the scope). Landing it in 1.28 would mean that future security fixes would have to be completely rewritten for 1.27, instead of simply cherry-picked; and updates to authentication-related extensions would have to be written twice, for two completely different interfaces, if the author wants to keep the LTS-compatible version up to date. The same goes for bots/tools which need to interact with the account creation API (and to a lesser extent the login API as well). Given that 1.27 is going to be supported for 3 years, that would a significant burden. I understand that lines have to be drawn somewhere and releases would never get done if everyone was allowed all the time to get just one more change in, but major reworkings of security-sensitive core components don't happen often so cutting some slack there is surely less painful than the alternative. [1] https://gerrit.wikimedia.org/r/#/c/282202/29/RELEASE-NOTES-1.27 _______________________________________________ Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l
