| xjm |
We'll also want to secure some time from a framework manager, probably one who has not already been involved in the initiative. larowlan or alexpott. |
| xjm |
I think it's important to start planning for this now because I realized none of my clients want to sponsor a 3-month review process that yields one credit. |
| xjm |
Past initiatives have gotten blocked for months because committers were not available, and the scope of AU's codebase from TUF through the UI is huge |
| hestenet (he/him) |
We have been thinking about setting up one-off bounties for extra hard issues |
| hestenet (he/him) |
We have a way to do that. |
| xjm |
Like a mini D8 Accelerate -- great idea |
| effulgentsia |
Obviously, a huge +1 from me to get a bounty or contract from the DA to @xjm (and also to a framework manager who's not me if one is available) 🙂 |
| hestenet (he/him) |
Extra credit bounty is actually pretty easy. $$ is always the tough one, but we're at least looking at it |
| xjm |
So like, certain issues would secretly get a marketplace ranking bump worth multiple normal issues? Or special treatment on the org page? That kind of thing? |
| hestenet (he/him) |
Basically we have a 'special projects' field on org profiles where we can add arbitrary credit. We have internal guideilnes about how to use ofc - but that's the underlying technical capability. And we can annotate it. |
| hestenet (he/him) |
So we could say:+50 credits for issue #1235 |
| hestenet (he/him) |
(This is a relatively new capability - we haven't really used it yet) |
| xjm |
That sounds very useful |
| hestenet (he/him) |
I'd be very glad to use it here. |
| Warped |
Credit in review/audit for each issue discovered would give incentive to sponsoring initial review/audit, since that would likely create the most issues, and is very important. |
| xjm |
@quietone also |
| xjm |
My kneejerk is "yech |
| xjm |
But I will read the issue |
| xjm |
Essentially, the problem boils down to that with respect to minor update functionality, any future improvements we make to the updater would take one additional full minor cycle until it's usable, if the updater itself is part of the drupal/core repo.Works as designed IMO. |
| xjm |
We would not do minor updates of an external dependency in patch releases either |
| effulgentsia |
We wouldn't, but the site could. |
| longwave |
what if it was required for a security release? |
| xjm |
We would bend over backwards to make it BC as always |
| xjm |
As we've done many a time for dependencies we don't control 🙂 |
| xjm |
To me this just sounds like AU wants to entirely burn the experimental module process to the ground because they're better than other initiatives or something; I have concerns with that aspect too |
| xjm |
I guess maybe you're trying to blend the CKE5/JSON:API approach with having something surfaced by core? |
| xjm |
I will think about it but initially I have concerns on many sides |
| longwave |
we can make exceptions to the backport policy, at least to the currently-supported minor, if needed |
| longwave |
If we commit this improvement to 11.2 only (not backport to 11.1 or 11.0)ie. here we could backport the improvement to 11.1 as well if it was considered important enough |
| xjm |
Yes, we can backport safe things to experimental betas, and do, when the value outweighs the disruption |
| longwave |
11.0 would be security only by that time and so usually would be left alone |
| xjm |
We don't need to add the overhead of an external repo to achieve that discretion |
| effulgentsia |
No, that's not the motivation. The updater is unique in that (if part of drupal/core itself) you can't use its functionality until there's a released version that's one higher. For everything else, people can even test a dev branch. |
| xjm |
We also consistently backport upgrade path fixes to the security-only branch, so something that's a bug in AU would often qualify |
| xjm |
@effulgentsia I don't understand that statement and it does not seem to be covered in the IS -- why? |
| longwave |
is it that the updater has to be forward-compatible with whatever version you are trying to update to? |
| longwave |
and we obviously can't guarantee that until the future version comes out |
| tedbow |
if the fix to the update is only in the latest manner. one of the funcitonalities, updating to the next minor, can never actually be tested |
| tedbow |
by anyone manually |
| catch |
"If we commit this improvement to 11.2 only (not backport to 11.1 or 11.0), then no one can test it (without applying some version remapping shenanigans) until after 11.3 is released, since you'd first need to update to 11.2 using 11.1's updater and then updating to 11.3 would be the first core minor update that you can perform with 11.2's updater." from the IS |
| effulgentsia |
Sorry, need to jump on a work meeting. I'll read up and respond to this thread tomorrow. |
| xjm |
I don't understand how that means what Alex said |
| xjm |
Or how that's different from other modules |
| xjm |
You can always manually update |
| xjm |
You don't need autoupdates to update itself when it is experimental |
| xjm |
Maybe I should try to understand this when I have more time |
| effulgentsia |
Yeah, there's no rush with this |
| longwave |
are you just saying that the first version will not update core itself, but future versions might be able to update core, and that would require manual upgrades of core to use that functionality? if so i think that is fine for a minor feature release; we don't expect other features to be backported so why is this one special |
| longwave |
it's actually a good thing to announce in a blog post/release note/etc that Drupal 11.2 will be able to self-update to future minors, instead of just saying "this is now available if you update drupal/somepackage" |
| xjm |
The thing is they can update core; it's just a config setting |
| xjm |
It's just off by default in the MVP |
| xjm |
Sorry other way around |
| xjm |
The functionality is there for any kind of update you would do; we just configure it to the safest subset to start |
| xjm |
Unless the design has changed since I worked on it |
| tedbow |
for almost everything else you as soon as it is committed to dev you can check it out and test it manually .that is not true for auto-updates for 2 reasons.if you check out dev we don’t support any updates from a dev versionEven without 1) when the fix to the updater ships in 11.2.1. Nobody will actually know if the complete functionality of the module works until 11.3.0. Because you can’t do a minor update until then. So basically from 11.2.1 until 11.3.0 comes out we may have broken minor updates. We won’t know for sureI am not saying that is good enough reason to put it in its own repo but it does make it different then any other module |
| xjm |
It's contrib updates that are dangerous, or minor updates, but a site should still be able to turn them on with code if they are bleeding-edge. But you can always still manually update. |
| xjm |
Is there an issue for the dev version thing? It seems like people would need to update from dev versions all the time |
| tedbow |
really? I think at that point you could just use composer manually. I don’t think we can safely know your situation at that point |
| xjm |
@tedbow I think if we broke updates we would backport fixes; that's like ultra-critical. It's upgrade path. |
| longwave |
i don't get how 2. is different whether the updater is in the same repo or not |
| tedbow |
it depends which version of core we make the separate repo compatible with. We could keep compatible with the last 2 versions so right away it would possible to use it for a minor update |
| xjm |
@tedbow It just sounds like a policy decision that might have been discussed somewhere. I think I would be surprised if I wanted to update to stable but the normal workflow was broken, if that's a production design to not update from dev. But I think it should be discussed in an issue so as not to sidetrack this. |
| longwave |
you also can't force a user to update drupal/automatic_updates to get a compatibility fix with 11.3.0 that wasn't anticipated when they installed 11.2.1 and the related version of AU, so you're in the same situation |
| tedbow |
@longwave I am not sure if are talking about the same thing.if the updater is part of core, say11.2.3 - is the last drupal version. 11.1 is still getting security releases11.2.3 - adds a change to the UpdaterThe Minor updates functionality cannot be tested in 11.2.3 because there is no 11.3.0 to update toIf the updater is NOT part of core1.0.1 of the Updater is released.1.0.x of the update is compatible with 11.0.x (as far back as far possible in patch verisons) and 11.1.x1.0.1 could be tested to update core from 10.1.LATEST to 11.2.3In gitlab testing we could set up a matrix of testing to updating from all compatible 10.0.x versions to 11.2.3. This would ensure know that core versions would be compatible with the updates not just generic build testing |
| longwave |
you could still have that matrix by patching 11.1 and ensuring it can update to 11.2 even if we never released 11.1 with that committed |
| longwave |
you still can't guarantee an update to 11.3 will work until 11.3 is released either way? |
| longwave |
in fact I think there would be some benefit in allowing a test to update a minor to -dev HEAD to ensure that we haven't broken anything in HEAD |
| tedbow |
no you can’t be user.but you could make a test with composer aliases to make sure that 11.3-dev works as 11.3.0 |
| tedbow |
you could do that even it is part of core |
| longwave |
indeed |
| tedbow |
so yeah we should explore what is possible. We will probably need new kinds of the test than what we have now |
| tedbow |
allowed by gitlab but also because we have new need with an updater |
| longwave |
a build test might be able to do it if it has a full checkout of the repo, ie. both the from and to branches available |
| tedbow |
sure we could probably do anything.perhaps as pre-steps in gitlab we could create composer projects for every version core we want to update from |
| longwave |
or just allow the code to update to dev releases but only allow it to be used in tests? unless there is some other limitation on that |
| xjm |
Is the dev release thing one of the readiness checks? |
| tedbow |
yes |
| xjm |
OK so a decision we made several years back and we should dig up and review why 🙂 |
| tedbow |
k, will look into it. |
xjm, effulgentsia, drumm, tedbow, hestenet, Warped, longwave, catch, TravisCarden
Comments
Comment #10
hestenetComment #11
xjmAmending attribution.