Slow down with the official releases of contrib already, ok? ; )
I've noticed quite a few projects that seem to think the best time to make a new official release is after every CVS commit. While I'm happy to see people actually making official releases, please don't do this. ;) A) Constant stream of noise for your users thinking they have to keep upgrading all the time (via update_status, etc). B) Wasteful of resources (burns up diskspace on d.o for all the tarballs, bandwidth for all the downloads, etc). C) Wasteful of RAM for sites using one of your modules with update_status (update_status needs to download and parse an XML file describing the history of all your module's releases -- as the # of modules on a site grows, and as the number of releases of your module for a given version of core grows, the RAM consumption starts to go through the roof -- see http://drupal.org/node/238950). D) A new tarball after every CVS commit is exactly what the automatically re-generated development snapshot releases are for: http://drupal.org/handbook/cvs/releases/types#snapshot Please don't cry wolf. Only make a new official release when it's really worth it for everyone to upgrade. Thanks, -Derek (dww) p.s. Learn about this and other best practices for release management by reading the very concise 2 page handout about the topic I gave out at my talk at the Boston DrupalCon: http://drupal.org/files/maintain-release-handout.pdf p.p.s. If anyone wants to help fix update(_status)?.module to be less RAM hungry, please join us over at http://drupal.org/node/238950.
I think I'm more offended by update status in core, than people creating releases. :) All I ever wanted from the release system was a way to branch and version my code. I'd be really happy to see update_status disabled in core by default or be made less noisy ie) only make noise on sec update... Frankly contrib dev is noisy, and I don't see that changing. On Thu, May 22, 2008 at 12:58 PM, Derek Wright <drupal@dwwright.net> wrote:
I've noticed quite a few projects that seem to think the best time to make a new official release is after every CVS commit. While I'm happy to see people actually making official releases, please don't do this. ;)
A) Constant stream of noise for your users thinking they have to keep upgrading all the time (via update_status, etc).
B) Wasteful of resources (burns up diskspace on d.o for all the tarballs, bandwidth for all the downloads, etc).
C) Wasteful of RAM for sites using one of your modules with update_status (update_status needs to download and parse an XML file describing the history of all your module's releases -- as the # of modules on a site grows, and as the number of releases of your module for a given version of core grows, the RAM consumption starts to go through the roof -- see http://drupal.org/node/238950).
D) A new tarball after every CVS commit is exactly what the automatically re-generated development snapshot releases are for: http://drupal.org/handbook/cvs/releases/types#snapshot
Please don't cry wolf. Only make a new official release when it's really worth it for everyone to upgrade.
Thanks, -Derek (dww)
p.s. Learn about this and other best practices for release management by reading the very concise 2 page handout about the topic I gave out at my talk at the Boston DrupalCon: http://drupal.org/files/maintain-release-handout.pdf
p.p.s. If anyone wants to help fix update(_status)?.module to be less RAM hungry, please join us over at http://drupal.org/node/238950.
On May 22, 2008, at 10:13 AM, Darrel O'Pry wrote:
I think I'm more offended by update status in core, than people creating releases. :)
Them's fightin' words! ;)
All I ever wanted from the release system was a way to branch and version my code.
That's a good start, and one of my first itches I was scratching.
I'd be really happy to see update_status disabled in core by default
You're obviously not a member of the security team.
or be made less noisy ie) only make noise on sec update...
Already a knob for this.
Frankly contrib dev is noisy, and I don't see that changing.
I'm not (yet) ready to give up my multi-year quest to bring enlightenment about release management to the Drupal project as a whole. Help in this crusade is appreciated. Nay sayers will be ... ;) Cheers, -Derek (dww)
I think I'm more offended by update status in core, than people creating
releases. :)
Them's fightin' words! ;)
No, it's a statement that code and process is easier to change than people and my conviction that processes should adhere to people not the other way around. Not fighting words, just my opinion. I'd be really happy to see update_status disabled in core by default
You're obviously not a member of the security team. I don't think the security of every drupal site is the security teams responsibility as long as there is a notification system in place.. IIRC there is an email list and an RSS feed for security notices as well so the security team is being responsible in its role update_status or no. Taken in light of my following comment, which you so ingenously separated, makes your implication that I'm not concerned about security hollow. or be made less noisy ie) only make noise on sec update...
Already a knob for this. Where? Can I control it as a module maintainer?
Frankly contrib dev is noisy, and I don't see that changing.
I'm not (yet) ready to give up my multi-year quest to bring enlightenment
about release management to the Drupal project as a whole. Help in this crusade is appreciated. Nay sayers will be ... ;)
I don't think you should give up. I for one have learned a lot about version control thanks to your efforts. I think we do have to face 2 facts: 1) there is a lot to learn and some people won't learn it quickly. 2) there will always be new people. Which means contrib will always be noisy, no matter how successful you are in your self appointed task.
On May 22, 2008, at 4:33 PM, Darrel O'Pry wrote:
Already a knob for this.
Where? Can I control it as a module maintainer?
If you go to view your updates (at admin/logs/updates) there is a tab for settings (admin/logs/updates/settings) In here there are all kinds of knobs.
However, one thing that I've had several users tell me is that the big red "X" scares them and they think a -dev release is poison. I figured it would happen like this - and it has.
Perhaps a red background and a big red "X" are too scary and should be toned down.
But they are scary, and buggy, and in development. You really shouldn't use them to build sites with unless you really, really need to. Maybe the issue here is that the project_* modules enforce a particular development cycle and set of practices, and not everyone agrees with those, causing conflict. On Thu, May 22, 2008 at 11:37 PM, Matthew Farina <matt@mattfarina.com> wrote:
On May 22, 2008, at 4:33 PM, Darrel O'Pry wrote:
Already a knob for this.
Where? Can I control it as a module maintainer?
If you go to view your updates (at admin/logs/updates) there is a tab for settings (admin/logs/updates/settings)
In here there are all kinds of knobs.
-- Regards Steven Jones
I think he was asking if there's a way a module maintainer can, on drupal.org, flip a switch so that only security updates get sent out. I'm not sure that's the best approach, as I wouldn't want to be denied feature updates as a site owner if I so desired. Perhaps a better tack would be to make it a default setting on new Drupal installs to enable only security updates. That way, your average Drupal site maintainer would only have to contend with the trickle of security updates, rather than the onslaught of minor version increases. -marco On Thu, May 22, 2008 at 3:37 PM, Matthew Farina <matt@mattfarina.com> wrote:
On May 22, 2008, at 4:33 PM, Darrel O'Pry wrote:
Already a knob for this.
Where? Can I control it as a module maintainer?
If you go to view your updates (at admin/logs/updates) there is a tab for settings (admin/logs/updates/settings)
In here there are all kinds of knobs.
Marco, I think you propose a fair compromise... :) On Thu, May 22, 2008 at 6:56 PM, Marco Carbone <marco.carbone@gmail.com> wrote:
I think he was asking if there's a way a module maintainer can, on drupal.org, flip a switch so that only security updates get sent out. I'm not sure that's the best approach, as I wouldn't want to be denied feature updates as a site owner if I so desired.
Perhaps a better tack would be to make it a default setting on new Drupal installs to enable only security updates. That way, your average Drupal site maintainer would only have to contend with the trickle of security updates, rather than the onslaught of minor version increases.
-marco
On Thu, May 22, 2008 at 3:37 PM, Matthew Farina <matt@mattfarina.com> wrote:
On May 22, 2008, at 4:33 PM, Darrel O'Pry wrote:
Already a knob for this.
Where? Can I control it as a module maintainer?
If you go to view your updates (at admin/logs/updates) there is a tab for settings (admin/logs/updates/settings)
In here there are all kinds of knobs.
On May 22, 2008, at 1:33 PM, Darrel O'Pry wrote:
it's a statement that code and process is easier to change than people and my conviction that processes should adhere to people not the other way around
Then I should give up and we should go back to the jungle where contrib is a vast wasteland of unversioned goo. That's what project* and the drupal.org contrib repository should return to if the code/ process should adhere to people instead of the other way around. No thanks. ;) If anything, the last ~1.5 years have shown that the process is still too flexible, and there should be more ways that it forces the people to adhere to sane, consistent behavior, not less. For example: #252473: Prevent people from putting "-dev" in CVS tag names [1] and perhaps even: #90968: enforce sequential release tags in xcvs-taginfo [2] Not to mention disasters like: #198278: Prevent bogus branches by checking at commit time, too [3] that resulted in messes that still aren't completely resolved: #152832: cleanup faulty branches [4] Of course, if everyone were careful, and already comfortable with sane release management, it'd be a different story. Sadly, the d.o infrastructure mostly has to cater to the lowest common denominator in terms of ability and experience. I've been trying to balance the needs of experienced, clueful people like you and me, with the reality of 100s of brand new contributors and their propensity to break things, not to mention everyone's aversion to reading documentation. ;) I won't claim I've always made all the right decisions and choices, but I believe I've done a pretty good job of it. If you have disagreements, concrete help and constructive criticism would be much more appreciated than adding to the chorus of empty complaints ("it's offensive that update_status went into core"), even if you're already a valuable contributor in other ways. Thanks, -Derek [1] http://drupal.org/node/252473 [2] http://drupal.org/node/90968 [3] http://drupal.org/node/198278 [4] http://drupal.org/node/152832 p.s. "Them's fightin' words ;)" was meant as a joke and a pop-culture reference, nothing more.
On Fri, May 30, 2008 at 4:40 AM, Derek Wright <drupal@dwwright.net> wrote:
On May 22, 2008, at 1:33 PM, Darrel O'Pry wrote:
it's a statement that code and process is easier to change than people and
my conviction that processes should adhere to people not the other way around
Then I should give up and we should go back to the jungle where contrib is a vast wasteland of unversioned goo. That's what project* and the drupal.org contrib repository should return to if the code/process should adhere to people instead of the other way around. No thanks. ;)
I think you're completely wrong here. It was by request and popular demand from both contrib authors and end users that the current release system was built. Otherwise the community would not have ponied up the money for the work to be done. I just think the system should give developers such as myself more freedom in versioning our modules. Unlike the rest of the world that are writing modules that are only dependent on core.... I'm writing modules that are dependent on other Contrib modules, and I would like to be able to reflect that in my versioning.
If anything, the last ~1.5 years have shown that the process is still too flexible, and there should be more ways that it forces the people to adhere to sane, consistent behavior, not less. For example:
#252473: Prevent people from putting "-dev" in CVS tag names [1]
only becuase -dev is reserved by the release system for a predetermined release name. The bug only exists because of an enforced naming system. <constructive criticism>The -dev extra is still a little limiting. a timestamp would almost be better. I personally feel users who want to follow head will be using CVS, and those who don't knwo how to use CVS but want to test are using -dev.tar.gz. A timestamp would be a solid indicator as to which -dev release they're using since it is a moving target.</contructive criticism>
and perhaps even:
#90968: enforce sequential release tags in xcvs-taginfo [2]
There was no bug behind this. It's just your opinion of how releases should be numbered. Personally each release I work toward has a set of goals to be accomplished for that release... There is always the possibility that I will do two releases worth of work and release... now is it fair to require me to alter my internal documentation because *you* think releases should be sequential and I overshot my target?
Not to mention disasters like:
#198278: Prevent bogus branches by checking at commit time, too [3]
Yep validation for the enforced naming structure should be universal if we're going to have enforced naming conventions, but is un related to the general concept of a more flexible release system.
that resulted in messes that still aren't completely resolved: #152832: cleanup faulty branches [4]
I think I have a few of those... and wouldn't it be wonderful if I could fix them myself. At the very least the ability to edit my release names/delete releases to change mis tagged things, etc would be nice... I mean I am maintainer over my project right? I am the one who is *expected* to bear the support load right?
Of course, if everyone were careful, and already comfortable with sane release management, it'd be a different story. Sadly, the d.o infrastructure mostly has to cater to the lowest common denominator in terms of ability and experience. I've been trying to balance the needs of experienced, clueful people like you and me, with the reality of 100s of brand new contributors and their propensity to break things, not to mention everyone's aversion to reading documentation. ;) I won't claim I've always made all the right decisions and choices, but I believe I've done a pretty good job of it. If you have disagreements, concrete help and constructive criticism would be much more appreciated than adding to the chorus of empty complaints ("it's offensive that update_status went into core"), even if you're already a valuable contributor in other ways.
I think, for the community, there is more advantage in teaching people sane release management and helping people become comfortable with it than there is enforcing it. Knowledge and skill propogation is an awesome thing. It also allows more freedom for unexpected use cases, and the ability for individuals to experiment with their own release managment within constraints that won't just break the packaging system. Seeking what works best for them and their workflow. An issue queue can be motivation enough to make someone research best practices. p.s. "Them's fightin' words ;)" was meant as a joke and a pop-culture
reference, nothing more.
p.s. I know I'm still giving you a hard time and telling you to put a multicolored LED wall on your bikeshed.
On 30 May 2008, at 4:35 PM, Darrel O'Pry wrote:
<constructive criticism>The -dev extra is still a little limiting. a timestamp would almost be better. I personally feel users who want to follow head will be using CVS, and those who don't knwo how to use CVS but want to test are using -dev.tar.gz. A timestamp would be a solid indicator as to which -dev release they're using since it is a moving target.</contructive criticism>
i'm sitting in the same situation right now. I would like to create weekly releases from HEAD on a project i am working on right now. -dev has too many semantics related to it for my purposes.
Quoting Adrian Rossouw <adrian@bryght.com>:
I would like to create weekly releases from HEAD on a project i am working on right now. -dev has too many semantics related to it for my purposes.
Can you explain the desire better? How is it helpful for a weekly release? How is -dev not helpful? Earnie -- http://for-my-kids.com/ -- http://give-me-an-offer.com/
so go ahead and make a release every week. i don't see what the issue is. you want a release to be automatically created for you on your preferred schedule? thats quite an exotic need. On Fri, May 30, 2008 at 10:42 AM, Adrian Rossouw <adrian@bryght.com> wrote:
On 30 May 2008, at 4:35 PM, Darrel O'Pry wrote:
<constructive criticism>The -dev extra is still a little limiting. a timestamp would almost be better. I personally feel users who want to follow head will be using CVS, and those who don't knwo how to use CVS but want to test are using -dev.tar.gz. A timestamp would be a solid indicator as to which -dev release they're using since it is a moving target.</contructive criticism>
i'm sitting in the same situation right now.
I would like to create weekly releases from HEAD on a project i am working on right now. -dev has too many semantics related to it for my purposes.
On Fri, 30 May 2008 10:35:04 -0400, "Darrel O'Pry" <darrel.opry@gmail.com> wrote:
I think you're completely wrong here. It was by request and popular demand from both contrib authors and end users that the current release system was built. Otherwise the community would not have ponied up the money for the work to be done.
I just think the system should give developers such as myself more freedom in versioning our modules. Unlike the rest of the world that are writing modules that are only dependent on core.... I'm writing modules that are dependent on other Contrib modules, and I would like to be able to reflect that in my versioning.
Crazy idea that may already be possible, I've not tried: One of the issues with -dev is that some module maintainers use it for "mostly stable but I've not fully debugged it yet, please test", while others use it for "dude, it doesn't even compile, it's got syntax errors all over the place, wtf are you using it for?" And there's no way to tell which is which, and it can even change over time in the same module. What if we allowed non-pattern-compliant branches, but did not permit the creation of release nodes? That would allow those with more CVS-fu to do all kinds of wacky "me only" experimental branches but people who still get all their code from drupal.org/projects/* won't even have a way to get to it until it goes into the "main, kinda stable, needs testing" -dev branch (which module maintainers don't even have to make release nodes for if they don't want to, as now). --Larry Garfield
On Fri, May 30, 2008 at 10:23 AM, Larry Garfield <larry@garfieldtech.com> wrote:
One of the issues with -dev is that some module maintainers use it for "mostly stable but I've not fully debugged it yet, please test", while others use it for "dude, it doesn't even compile, it's got syntax errors all over the place, wtf are you using it for?" And there's no way to tell which is which, and it can even change over time in the same module.
What if we allowed non-pattern-compliant branches, but did not permit the creation of release nodes? That would allow those with more CVS-fu to do all kinds of wacky "me only" experimental branches but people who still get all their code from drupal.org/projects/* won't even have a way to get to it until it goes into the "main, kinda stable, needs testing" -dev branch (which module maintainers don't even have to make release nodes for if they don't want to, as now).
I can't speak for the more experienced maintainers, but this sounds complicated and over my head. :) My devs tend to fall somewhere in the middle of those two extremes and I simply document that on the project page. Maybe we should just encourage people to put a note on their pages saying how _they_ feel about the state of their dev snapshots so potential users can decide which they'd rather use? Michelle
On May 30, 2008, at 9:12 AM, Michelle Cox wrote:
Maybe we should just encourage people to put a note on their pages saying how _they_ feel about the state of their dev snapshots so potential users can decide which they'd rather use?
Good suggestion. ;) Both of the full DrupalCon talks I've given on this topic [1] [2], and the handout I wrote [3], all repeat the idea that one of the key ways to be a responsible maintainer is to clearly communicate the status of your code and your plans/intentions for the future. There are already a variety of channels for this communication. I don't know what else to do to encourage people, other than to keep repeating myself. It's possible this isn't mentioned in enough of the handbooks to be visible, so if an aspiring documentation team member wanted to help this particular problem, they could pepper the appropriate handbook pages with suggestions about clearly communicating status + intentions. Thanks, -Derek (dww) [1] http://badcamp07.org/07/sessions/how-develop-and-maintain-your- drupal-contribution [2] http://boston2008.drupalcon.org/session/maintain-contributions [3] http://drupal.org/files/maintain-release-handout.pdf
On Fri, May 30, 2008 at 12:27 PM, Derek Wright <drupal@dwwright.net> wrote:
Good suggestion. ;) Both of the full DrupalCon talks I've given on this topic [1] [2], and the handout I wrote [3], all repeat the idea that one of the key ways to be a responsible maintainer is to clearly communicate the status of your code and your plans/intentions for the future. There are already a variety of channels for this communication. I don't know what else to do to encourage people, other than to keep repeating myself.
It's possible this isn't mentioned in enough of the handbooks to be visible, so if an aspiring documentation team member wanted to help this particular problem, they could pepper the appropriate handbook pages with suggestions about clearly communicating status + intentions.
Sorry, Derek, I should have figured such a thing was already in the docs somewhere. I don't know if it's that it's not mentioned enough or that there's just simply too much information out there and stuff gets missed. It's been a long time since I got my cvs account... Is this linked to in the email that gets sent out? If not, it should be. Michelle
Quoting Michelle Cox <shellmultimedia@gmail.com>:
On Fri, May 30, 2008 at 12:27 PM, Derek Wright <drupal@dwwright.net> wrote:
Good suggestion. ;) Both of the full DrupalCon talks I've given on this topic [1] [2], and the handout I wrote [3], all repeat the idea that one of the key ways to be a responsible maintainer is to clearly communicate the status of your code and your plans/intentions for the future. There are already a variety of channels for this communication. I don't know what else to do to encourage people, other than to keep repeating myself.
It's possible this isn't mentioned in enough of the handbooks to be visible, so if an aspiring documentation team member wanted to help this particular problem, they could pepper the appropriate handbook pages with suggestions about clearly communicating status + intentions.
Sorry, Derek, I should have figured such a thing was already in the docs somewhere. I don't know if it's that it's not mentioned enough or that there's just simply too much information out there and stuff gets missed. It's been a long time since I got my cvs account... Is this linked to in the email that gets sent out? If not, it should be.
Probably both too much and not mentioned enough. IMO the best place to link these is in the project edit form instructions; email tends to get misplaced and I'm getting mentally older and tend to forget. If linked in the project edit form then it should be known that the project page was meant to be a communications mechanism for the project. The same for the release pages nodes, which should state the differences in that release. Earnie -- http://for-my-kids.com/ -- http://give-me-an-offer.com/
On May 30, 2008, at 8:23 AM, Larry Garfield wrote:
Crazy idea that may already be possible, I've not tried:
...
What if we allowed non-pattern-compliant branches, but did not permit the creation of release nodes?
Not possible, precisely because enforcing a standard convention for branch and tag names has been one of the key parts of trying to keep (some of) the insanity in check. It seems the regular practice for new contributors is: A) This stuff is new and complicated, I don't get it. B) Lemme try making a bunch of branches and tags, and see what happens. C) Lemme try making release nodes. D) At first sign of trouble, email dww or file support issues. (Notice: "Read the docs" isn't on the list). So, at step (B), if there's any flexibility at all, they'll do all kinds of crazy things (which are hard to clean up after the fact). Then, at step (C), they'll get even more agitated: [critical bug] "I made my tags but I can't make releases". Really, how much more flexibility do you need? You're at 5.x-2.*, which is stable. You're starting new features and trying stuff out. Make a DRUPAL-5--3 branch, but don't make a release node for it. There you have it -- a branch you can play with, try out crazy things, but then people won't be trying to use it, -dev or otherwise. One thing I'd _consider_ (but not necessarily implement) is some kind of "use advanced CVS" permission care of the drupalorg.module, and have our validation scripts (and perhaps form_alter() on the release- related forms) honor this perm to give more flexibility. But, then, it's a headache to maintain a new role that has this permission, it's work to write this code, it's two sets of reality to document and maintain, etc, etc. And, just because you claim you know what you're doing and you need additional flexibility doesn't make it so. ;) Cheers, -Derek (dww)
A) This stuff is new and complicated, I don't get it. B) Lemme try making a bunch of branches and tags, and see what happens. C) Lemme try making release nodes. D) At first sign of trouble, email dww or file support issues.
(Notice: "Read the docs" isn't on the list).
So, at step (B), if there's any flexibility at all, they'll do all kinds of crazy things (which are hard to clean up after the fact). Then, at step (C), they'll get even more agitated: [critical bug] "I made my tags but I can't make releases".
Heck! So let's install Quiz module to have each CVS applicant *prove* that he/she has read and understood the docs. If all questions have been answered correctly, CVS access will be granted. :)
Daniel F. Kudwien wrote:
Heck! So let's install Quiz module to have each CVS applicant *prove* that he/she has read and understood the docs. If all questions have been answered correctly, CVS access will be granted. :)
Oooooh that sounds delicious. ;) -mf
This was already raised an shot down in the issue queue folks. ;-) Don't have a link handy but it was a few months ago. - Addi On May 30, 2008, at 3:15 PM, Michael Favia wrote:
Daniel F. Kudwien wrote:
Heck! So let's install Quiz module to have each CVS applicant *prove* that he/she has read and understood the docs. If all questions have been answered correctly, CVS access will be granted. :)
Oooooh that sounds delicious. ;) -mf
Derek Wright wrote:
It seems the regular practice for new contributors is:
A) This stuff is new and complicated, I don't get it. B) Lemme try making a bunch of branches and tags, and see what happens. C) Lemme try making release nodes. D) At first sign of trouble, email dww or file support issues.
(Notice: "Read the docs" isn't on the list).
This is overly cynical, it's possible to read the docs and still feel overwhelmed by having to learn a new system. This isn't a problem with the docs, they're great, but it is still a steep learning curve. Also, you're on the receiving end of those who gets stuck, how many people have never needed to raise a ticket? Having said that, those constraints have saved me from breaking stuff in CVS on multiple occasions. I've read the docs, and understand CVS reasonably well these days, but that doesn't stop the odd stupid mistake. I expect most Drupal devs want a _simple_ system to manage their releases. The current release system is nearly perfect for that, and anyone who doesn't like it is welcome to run their own version control system and sync with the drupal.org repos as they see fit. Lets keep drupal.org CVS simple, well constrained, and easy to use. Remember the 80/20 rule: Derek's time (in my opinion) is better served getting features that 80% of the community use perfect, than pandering to the needs of the 20% who want something different. Particularly when that 20% could set something up themselves, without having to lean on the limited resources of Derek and Co. (see Ubercart and eCommerce modules for examples of this). Kind Regards, Liam McDermott.
dww wrote: "I've noticed quite a few projects that seem to think the best time to make a new official release is after every CVS commit. While I'm happy to see people actually making official releases, please don't do this." Well, I am one of the ones who likes to roll up several changes at once, so I use -dev releases in between. However, one thing that I've had several users tell me is that the big red "X" scares them and they think a -dev release is poison. I figured it would happen like this - and it has. Perhaps a red background and a big red "X" are too scary and should be toned down.
Quoting Nancy Wichmann <nan_wich@bellsouth.net>:
dww wrote: "I've noticed quite a few projects that seem to think the best time to make a new official release is after every CVS commit. While I'm happy to see people actually making official releases, please don't do this."
Shouldn't this be tempered with the frequency of changes?
Well, I am one of the ones who likes to roll up several changes at once, so I use -dev releases in between.
This is also tempered with the frequency of changes, correct?
However, one thing that I've had several users tell me is that the big red "X" scares them and they think a -dev release is poison. I figured it would happen like this - and it has.
Bug fixes are one thing while feature enhancements are another. More documentation on the project page will help your users feel comfortable with the -dev package. State exactly the differences and how you feel it works.
Perhaps a red background and a big red "X" are too scary and should be toned down.
Again more documentation on the project page is a must. Say exactly what is known to work and what is known not to work. That will help tone down the "big red "X"". Earnie -- http://for-my-kids.com/ -- http://give-me-an-offer.com/
Earnie Boyd wrote:
This is also tempered with the frequency of changes, correct? Of course. Also the types of changes.
Bug fixes are one thing while feature enhancements are another. More documentation on the project page will help your users feel comfortable with the -dev package. State exactly the differences and how you feel it works. It doesn't seem to matter all that much. I've had occasion to ask a specific user to test out the -dev version and they've been scared to to do that.
Perhaps a red background and a big red "X" are too scary and should be toned down. Again more documentation on the project page is a must. Say exactly what is known to work and what is known not to work. That will help tone down the "big red "X"". I don't put it out if I haven't tested it and had it work for me. So everything works. I have had very few occasions where I do state that something will be changed in release xxx.
Quoting Nancy Wichmann <nan_wich@bellsouth.net>:
Earnie Boyd wrote:
This is also tempered with the frequency of changes, correct? Of course. Also the types of changes.
Bug fixes are one thing while feature enhancements are another. More documentation on the project page will help your users feel comfortable with the -dev package. State exactly the differences and how you feel it works. It doesn't seem to matter all that much. I've had occasion to ask a specific user to test out the -dev version and they've been scared to to do that.
Testing -dev in development is one thing. Testing -dev in production is something else. Scared here has the impression that the user doesn't want to screw with production and perhaps doesn't have a development staging environment. Some users just need more hand holding.
Perhaps a red background and a big red "X" are too scary and should be toned down. Again more documentation on the project page is a must. Say exactly what is known to work and what is known not to work. That will help tone down the "big red "X"". I don't put it out if I haven't tested it and had it work for me. So everything works. I have had very few occasions where I do state that something will be changed in release xxx.
Well the -dev is meant to be a holding place for potentially underdeveloped code. It is the reason for the "big red "X"" and if you're using it otherwise then you tend to be on the losing side; an experience I've known well with an SF project I help manage. With Drupal projects I will at times upload changes to CVS regardless of the functioning so that I can work from more than one computer. Earnie -- http://for-my-kids.com/ -- http://give-me-an-offer.com/
Just to point out another small issue I've noticed, is that it's not wise for maintainers to give in to pressure to make releases for users bug fix and feature requests. I've seen this often, where a user finds a bug submits a patch, or it's fixed by the maintainer, and the maintainer suggests, in the queue, that the user download the -dev and test to see if the issue is resolved. This would work great if some users followed the queue and tested the contrib modules which get new features in -dev and then report back. However many users don't consider this to be important, and won't upgrade to a -dev because they don't want to test, don't want to spend the time upgrading, or don't want to upgrade from a stable to a -dev, or -dev to a -dev. So the maintainer makes a release, maybe tags it beta, and lets update status tell their users to upgrade, and then they wait to see what issues pop up. I hate to say it, but I think I may have related the frequency of contrib releases to a lack of testing. -Mike __________________ Michael Prasuhn mike@mikeyp.net http://mikeyp.net 503.488.5433 714.356.0168 cell 949.200.7670 fax
Perhaps the root of the problem here is that -dev versions can be used in *two* different ways, even within the same project, and that both ways are acceptable depending on the circumstance? For example, in Drupal core, 6.x-dev is currently stable and there is nothing particularly wrong with using it on a production site, but 7.x-dev is definitely not stable. Is there any way that dev versions could be given two different labels to help indicate this, something like "-dev" and "-stable"? If you have already released version 6.x-1.0 of your module, for example, then a development snapshot labeled 6.x-1.x-stable would be an indication that only tested bugfixes are being committed to this branch. True "-dev" versions could still be themed with the foreboding red X, but "-stable" versions could be themed differently (yellow background?) so that module maintainers feel more comfortable holding off on the next official release. I haven't looked at all into the implementation, but if this turned out to be feasible, I think it might go a long way towards solving the problem mentioned here. --David Rothstein
David Rothstein wrote:
[snip] For example, in Drupal core, 6.x-dev is currently stable and there is nothing particularly wrong with using it on a production site, but 7.x-dev is definitely not stable.
This is not correct. Drupal 6.x-dev cannot be supported and may break your site. Example issue (5.x-dev): http://drupal.org/node/127936 Transient security issues in Drupal y.x-dev will also not get security announcements. Regards, Heine
On Tue, May 27, 2008 1:24 am, Heine Deelstra wrote:
[snip] For example, in Drupal core, 6.x-dev is currently stable and there is nothing particularly wrong with using it on a production site, but 7.x-dev is definitely not stable.
This is not correct.
Drupal 6.x-dev cannot be supported and may break your site. Example issue (5.x-dev): http://drupal.org/node/127936
Transient security issues in Drupal y.x-dev will also not get security announcements.
Interesting, thank you for clarifying this. Note, however, that running a dev version of core is recommended by some (usually-)reliable sources and is done (or at least appears to be done) by several prominent websites... check the CHANGELOG.txt of some of your favorite Drupal sites ;) Obviously, it can never be "officially" recommended or supported, but site admins who know their way around Drupal seem to be doing it - so if it's really a problem even in these cases, then perhaps more education on this point would be beneficial. --David Rothstein
On Wed, May 28, 2008 at 7:37 AM, David Rothstein <dmr37@cornell.edu> wrote:
On Tue, May 27, 2008 1:24 am, Heine Deelstra wrote:
[snip] For example, in Drupal core, 6.x-dev is currently stable and there is nothing particularly wrong with using it on a production site, but 7.x-dev is definitely not stable.
This is not correct.
Drupal 6.x-dev cannot be supported and may break your site. Example issue (5.x-dev): http://drupal.org/node/127936
Transient security issues in Drupal y.x-dev will also not get security announcements.
Interesting, thank you for clarifying this. Note, however, that running a dev version of core is recommended by some (usually-)reliable sources and is done (or at least appears to be done) by several prominent websites... check the CHANGELOG.txt of some of your favorite Drupal sites ;) Obviously, it can never be "officially" recommended or supported, but site admins who know their way around Drupal seem to be doing it - so if it's really a problem even in these cases, then perhaps more education on this point would be beneficial.
--David Rothstein
Using core -dev of a finished version amounts to whether it is your lucky day or not. Say, it breaks your site once a week, if you can accept the odds. I learned that last year, when I used a 5.x-dev version on an unlucky day. But it was bound to happen sooner or later, because I was "updating" that site "regularly". Of course with 7.x the odds are that it will break somehow the first time.
On Wed, 28 May 2008 00:37:41 -0400 (EDT), "David Rothstein" <dmr37@cornell.edu> wrote:
On Tue, May 27, 2008 1:24 am, Heine Deelstra wrote:
[snip] For example, in Drupal core, 6.x-dev is currently stable and there is nothing particularly wrong with using it on a production site, but 7.x-dev is definitely not stable.
This is not correct.
Drupal 6.x-dev cannot be supported and may break your site. Example issue (5.x-dev): http://drupal.org/node/127936
Transient security issues in Drupal y.x-dev will also not get security announcements.
Interesting, thank you for clarifying this. Note, however, that running a dev version of core is recommended by some (usually-)reliable sources and is done (or at least appears to be done) by several prominent websites... check the CHANGELOG.txt of some of your favorite Drupal sites ;) Obviously, it can never be "officially" recommended or supported, but site admins who know their way around Drupal seem to be doing it - so if it's really a problem even in these cases, then perhaps more education on this point would be beneficial.
--David Rothstein
Another catch with 6.x core specifically is that the dev versions run E_ALL|E_NOTICE, while the stable versions disable notices. Since most modules are developed against a stable release, that means most modules will not be E_NOTICE-safe. So running 6.x-dev is likely to get you notices thrown all over the place. (I opposed disabling E_NOTICE warnings for D6 stable for exactly that reason, but was overruled.) --Larry Garfield
On Thu, 29 May 2008 00:13:56 +0200 (CEST), "Karoly Negyesi" <karoly@negyesi.net> wrote:
(I opposed disabling E_NOTICE warnings for D6 stable for exactly that reason, but was overruled.)
This decision stands steadfast.
Regards
NK
As does my objection to it. :-) </off-topic> --Larry Garfield
Quoting David Rothstein <dmr37@cornell.edu>:
Perhaps the root of the problem here is that -dev versions can be used in *two* different ways... --8<--
I haven't looked at all into the implementation, but if this turned out to be feasible, I think it might go a long way towards solving the problem mentioned here.
I think the best thing is to remove the confusion of what -dev means. A -dev release is only to be used to allow developers an easy method to know what the package will look like from an installation process. A -dev release isn't meant to be a "for general use" release. The "big red "X"" is there because of this and ppl just need to stop using -dev for anything else. If you have a stable bug fix release then release it. If you are planning more changes then wait and release it later. The point of Derek's original mail was to say, don't let every CVS change be a new release if there are planned changes in the near future. Planning is what should happen before a release is released. Earnie -- http://for-my-kids.com/ -- http://give-me-an-offer.com/
On May 27, 2008, at 5:01 AM, Earnie Boyd wrote:
I think the best thing is to remove the confusion of what -dev means. A -dev release is only to be used to allow developers an easy method to know what the package will look like from an installation process. A -dev release isn't meant to be a "for general use" release. The "big red "X"" is there because of this and ppl just need to stop using -dev for anything else.
The project module and/or update status module might be able to solve this dilemma by allowing a site to notify its admins that a newer release is either a bugfix/feature release, or a security release with some greater degree of distinction. As it stands right now, we do notify people when a module has a security update, but we don't really have a clear distinction between whether or not it'd be nice to get that new upgrade, or whether I really *really* need it in order to survive the botPharms. Do we have a good enough distinction between whether a new release is cool, or mandatory? I've ever really noticed a difference. -- Joel Farris "Any society that would give up a little liberty to gain a little security will deserve neither and lose both." **Ben Franklin
Quoting Senpai <senpai_san@mac.com>:
On May 27, 2008, at 5:01 AM, Earnie Boyd wrote:
I think the best thing is to remove the confusion of what -dev means. A -dev release is only to be used to allow developers an easy method to know what the package will look like from an installation process. A -dev release isn't meant to be a "for general use" release. The "big red "X"" is there because of this and ppl just need to stop using -dev for anything else.
The project module and/or update status module might be able to solve
I don't use the update status module. I can see how this might be creating issues of "something new is released; OMG I must install this upgrade."
this dilemma by allowing a site to notify its admins that a newer release is either a bugfix/feature release, or a security release with some greater degree of distinction. As it stands right now, we do notify people when a module has a security update, but we don't really have a clear distinction between whether or not it'd be nice to get that new upgrade, or whether I really *really* need it in order to survive the botPharms.
I'm subscribed to the security mail list. It tells me about the releases that are important for security and exactly what the issue is.
Do we have a good enough distinction between whether a new release is cool, or mandatory? I've ever really noticed a difference.
Perhaps not; but the project release page should be updated by the maintainer to explain the differences. If not, open an issue for the maintainer to update the project release page with the differences. Earnie -- http://for-my-kids.com/ -- http://give-me-an-offer.com/
On Tue, May 27, 2008 8:01 am, Earnie Boyd wrote:
I think the best thing is to remove the confusion of what -dev means. A -dev release is only to be used to allow developers an easy method to know what the package will look like from an installation process. A -dev release isn't meant to be a "for general use" release. The "big red "X"" is there because of this and ppl just need to stop using -dev for anything else.
If you have a stable bug fix release then release it. If you are planning more changes then wait and release it later. The point of Derek's original mail was to say, don't let every CVS change be a new release if there are planned changes in the near future. Planning is what should happen before a release is released.
Agreed, but I don't think it's obvious that this is due to lack of education. It could be, but it could also be that people are doing it deliberately in order to get around existing limitations, as others have suggested. I guess the only way to find out is to ask. I just looked through the project list, found a few that seem to be creating official releases way too frequently, and posted a support request in each to ask why. We'll see if they respond with any interesting explanations. --David Rothstein
participants (21)
-
Addison Berry -
Adrian Rossouw -
Cog Rusty -
Daniel F. Kudwien -
Darrel O'Pry -
David Rothstein -
Derek Wright -
Earnie Boyd -
Heine Deelstra -
Karoly Negyesi -
Larry Garfield -
Liam McDermott -
Marco Carbone -
Matthew Farina -
Michael Favia -
Michael Prasuhn -
Michelle Cox -
Moshe Weitzman -
Nancy Wichmann -
Senpai -
Steven Jones