Page MenuHomePhabricator
Create Task
Maniphest T156640

Improve LTS support of extensions
Closed, DuplicatePublic
Actions

Description

Problem

MediaWiki has a LTS release, which receives security updates. Unfortunately most extensions are being developed in current master or maybe latest wmf* branch. That means that downloading an extension from REL1_27 branch (e.g. by using Special:ExtensionDistributor) leaves the user with an outdated and potentially insecure codebase.

Who would benefit

Everyone who wants to use LTS version of MediaWiki and also be sure extensions that work with this version don't have security issues or severe bugs

Proposed solution

At least the greater WMF extensions like "WikiEditor", "VisualEditor/Parsoid", "FlaggedRevs", "CategoryTree", ... should get bugfix and security cherry-picks/backports from the current development into REL1_27.

Of course most voluntary, WMF-independent extension developers won't have time/will to do something like this, but maybe we can find a way to help them or at least make them more aware of the LTS release.

Related Objects

Event Timeline

Osnard created this task.Jan 30 2017, 3:42 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptJan 30 2017, 3:42 PM
RHeigl awarded a token.Jan 30 2017, 3:43 PM
Aklapper added a comment.Jan 30 2017, 9:06 PM

At least the greater WMF extensions like "WikiEditor", "VisualEditor/Parsoid", "FlaggedRevs", "CategoryTree", ... should get bugfix and security cherry-picks/backports from the current development into REL1_27.

As far as I know that should have been already the case for a while regarding security fixes and other really important bugfixes.
Do you have any recent specific examples when this was not the case, or what is your statement based on? :)

Of course most voluntary, WMF-independent extension developers won't have time/will to do something like this, but maybe we can find a way to help them or at least make them more aware of the LTS release.

Maintainers are free to start that they don't support certain older MW versions, and anyone is free to contact maintainers to ask for supporting older MW versions. So it's a bit unclear to me how you expect to "improve LTS support of extensions" exactly...

RichardHeigl added a project: MediaWiki-Stakeholders-Group.Jan 30 2017, 10:58 PM
Osnard added a comment.Jan 31 2017, 8:30 AM

Well, maybe it is just a wrong impression that I have. I've had another look at the change history of a few WMF extensions and there actually seem to be bugfix changes on the LTS branches [1][2][3]. They are only a few but that may also be a sign for the very high code quality of those extensions.

I still believe that the LTS versions should be more visible within the MediaWiki world. E. g. in the info boxes on extension pages there could be three separate buttons for download : "Latest", "LTS 1.27", "LTS 1.23". With a recommendation to use a LTS version. This could encurage developers to focus on those branches. Also Special:ExtensionDistributor could feature such buttons/recommendations. Last but not least this could be part of the tutorials/howto section on mediawiki.org: "How to maintain LTS branches".

[1] https://gerrit.wikimedia.org/r/#/q/status:merged+project:mediawiki/extensions/WikiEditor+branch:REL1_23
[2] https://gerrit.wikimedia.org/r/#/q/status:merged+project:mediawiki/extensions/FlaggedRevs+branch:REL1_27
[3] https://gerrit.wikimedia.org/r/#/q/status:merged+project:mediawiki/extensions/CategoryTree+branch:REL1_23

srishakatux added projects: Release-Engineering-Team, Deployments, MediaWiki-extensions-General.Feb 2 2017, 11:18 PM
srishakatux moved this task from To Be Triaged to Extensions on the Developer-Wishlist (2017) board.
srishakatux subscribed.Feb 3 2017, 11:32 PM

This proposal is selected for the Developer-Wishlist voting round and will be added to a MediaWiki page very soon. To the subscribers, or proposer of this task: please help modify the task description: add a brief summary (10-12 lines) of the problem that this proposal raises, topics discussed in the comments, and a proposed solution (if there is any yet). Remember to add a header with a title "Description," to your content. Please do so before February 5th, 12:00 pm UTC.

Aklapper removed a project: Deployments.Feb 4 2017, 6:36 PM
greg edited projects, added MediaWiki-Releasing; removed Release-Engineering-Team.Feb 6 2017, 6:00 PM
greg subscribed.
FreedomFighterSparrow subscribed.Feb 8 2017, 10:47 AM
Tgr mentioned this in T158148: Promote Developer Wishlist 2017 proposals.Feb 28 2017, 1:31 AM
MGChecker subscribed.Aug 19 2017, 11:56 AM
demon closed this task as a duplicate of T108734: Backport security fixes to stable + LTS [non-bundled] extension branches.Jan 12 2018, 10:57 PM
cicalese moved this task from Needs Discussion to Closed on the MediaWiki-Stakeholders-Group board.Jul 31 2019, 1:09 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits