River Development ProcessTracking issues and changes
Handling Security -related IssuesThere are three options associated with the "Security Level" field in the JIRA instance:
When a potential security -related issue is identified in the River sourcebase, initial discussion on it should occur on the private PPMC list. If the person(s) who identified the issue are not on the PPMC, they should be included in the discussion. If the issue is acknowledged as a valid security issue, a JIRA issue needs to be created with the "Security Level" field marked to "Security risk, visible to committers". As soon as appropriate (for example, when the impact is understood and/or there is a resolution/fix developed), the "Security Level" should be changed to "Security risk, visible to anyone" and an explanation/discussion should occur in the broader River community on the river-dev list. Code Reviews
TestingDeveloping test cases and running test suites are desired but not required prior to an integration. If unit tests are created for a change, the developer is encouraged to add them to the JIRA issue for sharing. Version NumberingEach Apache River deliverable has a version number of: m.n.r m = major version The major version number will in general only be increased in case of major changes that might introduce compatibility problems or represent some fundamental improvements. The minor versions reflect the various feature releases, the last part of the version number reflects the maintenance release. Branching PolicyOngoing development for the next release takes place in the /trunk. Once feature complete for a (non maintenance) release the trunk is branched into /branches/<m.n> which in general also reflects the moment a release candidate is presented to the public in a fairly short period of time. Ongoing development continues in the /trunk, issues found against the release candidate will be fixed in /branches/<m.n> and likely merged into the /trunk. Once a release candidate is ready for a first customer release /branches/<m.n> is branched into /tags/<m.n>.0. When support is required for a particular release m.n, the development for a fix-release is conducted in /branches/<m.n>. When a bug-fix release is ready it is branched into /tags/<m.n.r> where r is a positive number and increased for each maintenance release. Although ongoing development should take place in /trunk, there is a /skunk branch that can be utilized for 'experimental' work that must not disturb the /trunk, that needs to be visible to others and/or might require participation of others. In general the lifetime of such branch should be short to give it a chance of successful integration into the /trunk when the 'experiment' has been found valuable. Summarized
/trunk | |-------- /branches/2.1/ | \ | \ ------- /tags/2.1.0/ | \ | \ ------- /tags/2.1.1/ | \ | |-------- /branches/2.2/ | \ | \ ------- /tags/2.2.0/ | \ | |-------- /skunk/<catchy_name> | | |-------- /branches/3.0/ | \ | \ ------- /tags/3.0.0/ | \ | \ ------- /tags/3.0.1/ |