From Chad's "I'm passing the torch on MW releases" parting thought on https://gerrit.wikimedia.org/r/#/c/437867/ :
I think we should *stop* the process now wherein we generate tarballs *before* we push the patches to Gerrit. I think the proper order should beFix in production Fix in master & supported branches Tag new releases Send the announcement e-mail with links to * The patches themselves / the tags * The soon-to-be-live tarballs Tarball
It's the most streamlined process, and would allow us to get to a point of one security release per patch. This has the triple benefits of making the upgrade delta easier to understand, keeping production patches to a minimum. and finally getting rid of the GIANT backlog of stuff we throw at Zuul/Jenkins all at once when we do multiple patches in a release. With the simplification of the build process in this overall change (drop composer, vendor as submodule, removing the entire patch-an-untagged-release crap) there's no reason the script can't be run quickly (nearly automatic, I'd say) to churn out the tarballs *minutes* from being announced.
I'd kinda hinted to folks this is where I was taking things, but I don't think I've laid them out as such yet. 1.31 is clearly the last release with my name on it, but here's where I was gonna go with 1.32 and beyond and I'd like to see someone take up the torch.