[phpMyAdmin Developers] Branches and security fixes

[Isaac Bennetch]

Hello team,

In the past, once a release entered the LTS phase with fixes only for
security issues, we would switch from the QA branch to a MAINT branch and
releases would have a patch level (such as 4.0.8.1). Since we no longer do
patch-level release numbers, to be more consistent with Semver and some of
the tools we use, we should decide how to handle these LTS releases.

It often doesn’t make sense to merge QA_4_9 in to QA_5_0 because of changed
file names and different function declarations. Even though the fix is
often similar, it doesn’t always merge very well (one example we’ve seen
several times lately is the change in array declarations from (IIRC) [ … ]
to array( … ).

Would it benefit us to maintain a MAINT_4_9 branch that is meant to NOT
merge to QA_5_0. In that case, a security issue would need two pull
requests/commits, one for MAINT_4_9 and one for QA_5_0 (soon to be 5_1
anyway). I think that especially with the upcoming release of 5.1 this
might make maintenance easier for us.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.phpmyadmin.net/pipermail/developers/attachments/20201018/06b371ee/attachment.html>