You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: modules/ROOT/pages/policies.adoc
+12-10Lines changed: 12 additions & 10 deletions
Original file line number
Diff line number
Diff line change
@@ -14,20 +14,19 @@ The guarantees we give are on multiple levels as detailed below:
14
14
* The SDP itself
15
15
* CustomResourceDefinition (CRD) versions
16
16
* Supported product versions
17
-
* Supported OpenShift & Kubernetes
17
+
* Supported OpenShift & Kubernetes versions
18
18
19
19
All these policies may evolve as we learn what works best for our customers and for us.
20
20
21
-
These policies are from *June 2023*.
21
+
These policies are from *July 2023*.
22
22
23
23
24
24
== Stackable Data Platform Lifecycle Policy
25
25
26
26
NOTE: This policy concerns releases of our platform as a whole and how long and to which extent we support each version.
27
27
28
28
We do releases of our Stackable Data Platform.
29
-
30
-
These releases get a name based on the date they have been released (e.g. `23.4`, `23.7`). This name does not follow Semantic Versioning (Semver). We may release patches for a release, which then follow the PATCH naming semantics of Semver (e.g. `23.4.1`). See below for our policy on patches for the SDP.
29
+
These releases get a name based on the year and month they have been released in (e.g. `23.4`, `23.7`, also called https://calver.org/[CalVer]). This name does not follow Semantic Versioning (https://semver.org/[SemVer]). We may release patches for a release, which then follow the PATCH naming semantics of SemVer (e.g. `23.4.1`) or the _Micro_ name from CalVer. See below for our policy on patches for the SDP.
31
30
32
31
We do support an SDP release for a specific time after its release.
33
32
@@ -44,6 +43,7 @@ The following pictures show both scenarios:
44
43
TODO: Insert diagrams here
45
44
46
45
We _will_ release new patch releases of a SDP release (e.g. `23.4.1`) for any issues we deem Critical or High (see definition below) once fixes become available.
46
+
We _may_ release new patch releases for other reasons.
47
47
48
48
=== Maintenance Phase
49
49
@@ -57,8 +57,8 @@ TODO: Insert diagram
57
57
58
58
We may release patches for other reasons.
59
59
60
-
Customers are expected to upgrade their SDP environment to the most current supported patch (`23.4.z`) version.
61
-
60
+
Customers are expected to upgrade their SDP environment to the most current supported patch/micro (`23.4.z`) version.
61
+
Make sure to follow our release notes to learn of valid upgrade paths, some intermediate updates might be necessary.
62
62
63
63
== CRD Versioning Lifecycle Policy
64
64
@@ -94,12 +94,13 @@ SDP ships with a lot of different downstream products (e.g. Apache HBase, Apache
94
94
95
95
All of these products follow their own version semantics and release cadences and lifecycles, which is why we do not define a product lifecycle policy based on version numbers alone.
96
96
97
-
For every one of the products we ship we always support one LTS (Long Term Support) release line, which we generally recommend to use. A release line usually means that we are going to keep a `major.minor` release stable but will include newer patch versions in later SDP releases.
97
+
For every one of the products we ship we always support one LTS (Long Term Support) release line, which we generally recommend to use.
98
+
A release line usually means that we are going to keep a `major.minor` release stable but will include newer patch versions in later SDP releases.
98
99
99
100
Some products (e.g. Trino) don't follow Semver rules, for those we will follow separate rules and clearly document what version is considered LTS.
100
101
101
102
Every LTS release line is shipped for at least one full year.
102
-
After a year we may switch to a new release line.
103
+
After a year we may switch to a new release line - but there will always be at least an overlap of one release in which the old LTS version is deprecated, but a new LTS version is available.
103
104
Which line we chose as our LTS release is at our own discretion and is based on popularity, upstream lifecycle policies, stability, our own experience and other factors.
104
105
105
106
In addition to the LTS line we may also ship other versions, e.g. the latest upstream version.
@@ -126,12 +127,13 @@ We may ship new versions for existing SDP releases for other issues as well.
126
127
127
128
For every SDP release we will publish a list of supported Kubernetes versions.
128
129
129
-
We are aiming to support the last three Kubernetes versions but will make case-by-case decisions by taking into account the currently supported OpenShift versions as published by RedHat where it is our goal to support all versions that are in Full or Maintenance support. As the releases may be overlapping we might not always support the latest Kubernetes or OpenShift versions when we release a SDP version.
130
+
We are aiming to support the last three Kubernetes versions but will make case-by-case decisions by taking into account the currently supported Kubernetes versions.
131
+
We will also take into account currently supported OpenShift versions as published by RedHat. It is our goal to support all versions that are in Full or Maintenance support. As the releases may be overlapping we might not always support the latest Kubernetes or OpenShift versions when we release a SDP version.
130
132
131
133
132
134
== Support Policy (Security & Bugs)
133
135
134
-
Stackable will analyze all published security vulnerabilities (e.g. CVEs but other sources may apply as well) for all the products we support. We take various sources into account when assigning a criticality. Among those sources is the NVD database, but we place higher value on the self-assessments by the projects themselves, and we will additionally evaluate all vulnerabilities in the context of how they are used in the Stackable Data Platform.
136
+
Stackable will analyze published security vulnerabilities (e.g. CVEs but other sources may apply as well) for all the products we support as well components developed by us and their dependencies. We take various sources into account when assigning a criticality. Among those sources is the NVD database, but we place higher value on the self-assessments by the projects themselves, and we will additionally evaluate vulnerabilities in the context of how they are used in the Stackable Data Platform.
135
137
136
138
We will then assign a criticality to each vulnerability according to similar rating categories that https://access.redhat.com/security/updates/classification[RedHat has established]:
0 commit comments