Comment by ryandrake

4 days ago

> Because updates don't just include new features but also bug and security fixes.

This practice needs to change, although it will be almost impossible to get a whole ecosystem to adopt. You shouldn’t have to take new features (and associated new problems) just to get bug fixes and security updates. They should be offered in parallel. We need to get comfortable again with parallel maintenance branches for each major feature branch, and comfortable with backporting fixes to older releases.

6 comments

ryandrake

Reply
nickserv  4 days ago

I maintain both commercial and open source libs. This is a non starter in both cases. It would easily double if not triple the workload.

For open source, well these are volunteer projects on my own time, you are always welcome to fork a given version and backport any fixes that land on main/master.

For commercial libs, our users are not willing to pay extra for this service, so we don't provide it. They would rather stay on an old version and update the entire code base at given intervals. Even when we do release patch versions, there is surprisingly little uptake.

nine_k  4 days ago

Semver was invented to facilitate that. Only if everyone adhered to it.

  • scheme271  4 days ago

    Semver doesn't help. The primary issue is effort. If it's an open source project with 1-2 devs, they probably won't be able to handle supporting multiple branches unless they're being paid to do this.

  • ghurtado  4 days ago

    > Semver was invented to facilitate that

    First time I've heard that. How does semver facilitate backporting?

    • cyphar  4 days ago

      Of course it doesn't provide backports by itself, it's a versioning system. But version number changes with SemVer are meant to indicate whether an update includes new fearhews or not (minor bump means new features, patch bump means bugfixes only).

      Of course, the actual issue is that maintaining backports isn't free, so expecting it from random single-person projects is a little unrealistic. Bug fixes in new code often need to be rewritten to work on old code. I do maintain old release branches for some projects and backporting single patches can cause whole new bugs that were never present in the main branch quite easily.