|
| 1 | +## Release Cadence and Support Policy ## |
| 2 | + |
| 3 | +This document describes the release cadence for runc as well as outlining the |
| 4 | +support policy for old release branches. Historically, despite runc being the |
| 5 | +most widely used Linux container runtime, our release schedule has been very |
| 6 | +ad-hoc and has resulted in very long periods of time between minor releases, |
| 7 | +causing issues for downstreams that wanted particular features. |
| 8 | + |
| 9 | +### Semantic Versioning ### |
| 10 | + |
| 11 | +runc uses [Semantic Versioning][semver] for releases. However, our |
| 12 | +compatibility policy only applies to the runc binary. We will make a |
| 13 | +best-effort attempt to reduce the impact to users that make direct use of |
| 14 | +`github.com/opencontainers/runc/libcontainer` as a Go library, but we do not |
| 15 | +formally guarantee that API compatibility will be preserved. |
| 16 | + |
| 17 | +[semver]: https://semver.org/spec/v2.0.0.html |
| 18 | + |
| 19 | +### Release Cadence ### |
| 20 | + |
| 21 | +runc follows a 6-month minor version release schedule, with the aim of releases |
| 22 | +happening at the end of April and October each year. |
| 23 | + |
| 24 | +The first release candidate will be created 2 months before the planned release |
| 25 | +date (i.e. the end of February and August, respectively), at which point the |
| 26 | +release branch will be created and will enter a feature freeze. No new features |
| 27 | +will be merged into the release branch, and large features being developed |
| 28 | +immediately before the feature freeze may have their merge delayed so as to not |
| 29 | +be included in the next release. Most releases will have two or three release |
| 30 | +candidates, but this may change depending on the circumstances of the release |
| 31 | +at the time. |
| 32 | + |
| 33 | +If a last-minute critical issue is discovered, the release may be delayed. |
| 34 | +However, the following release will still go according to schedule (except in |
| 35 | +the exceptionally unlikely scenario where the delay is 4-6 months long, in |
| 36 | +which case the next release is moved forward to when the subsequent release |
| 37 | +would have been). |
| 38 | + |
| 39 | +Here is a hypothetical release timeline to see how this works in practice: |
| 40 | + |
| 41 | +| Date | Release | Notes | |
| 42 | +| ---------- | ------------ | ----- | |
| 43 | +| 200X-02-28 | `1.3.0-rc.1` | `release-1.3` branch created, feature freeze. | |
| 44 | +| 200X-03-12 | `1.3.0-rc.2` | | |
| 45 | +| 200X-03-25 | `1.3.0-rc.3` | | |
| 46 | +| 200X-04-30 | `1.3.0` | `1.3` release published. | |
| 47 | +| 200X-05-10 | `1.3.1` | | |
| 48 | +| 200X-06-21 | `1.3.2` | | |
| 49 | +| 200X-06-25 | `1.3.3` | | |
| 50 | +| 200X-07-02 | `1.3.4` | | |
| 51 | +| 200X-08-28 | `1.4.0-rc.1` | `release-1.4` branch created, feature freeze. | |
| 52 | +| 200X-09-15 | `1.3.5` | Patch releases in other release branches have no impact on the new release branch. | |
| 53 | +| 200X-09-21 | `1.4.0-rc.2` | | |
| 54 | +| 200X-10-31 | `1.4.0` | `1.4` release published. | |
| 55 | +| 200X-11-10 | `1.4.1` | | |
| 56 | +| 200X-12-25 | `1.4.2` | | |
| 57 | + |
| 58 | +(And so on for the next year.) |
| 59 | + |
| 60 | +### Support Policy ### |
| 61 | + |
| 62 | +In order to ease the transition between minor runc releases, previous minor |
| 63 | +release branches of runc will be maintained for some time after the newest |
| 64 | +minor release is published. In the following text, `latest` refers to the |
| 65 | +latest minor (non-release-candidate) runc release published; `latest-1` is the |
| 66 | +previous minor release branch; and `latest-2` is the minor release branch |
| 67 | +before `latest-1`. For example, if `latest` is `1.4.0` then `latest-1` is |
| 68 | +`1.3.z` and `latest-2` is `1.2.z`. |
| 69 | + |
| 70 | + * Once `latest` is released, new features will no longer be merged into |
| 71 | + `latest` and only bug and security fixes will be backported, though we will |
| 72 | + be fairly liberal with what kinds of bugs will considered candidates for |
| 73 | + backporting. |
| 74 | + |
| 75 | + * `latest-1` will only receive security fixes and significant bug fixes (what |
| 76 | + bug fixes are "significant" are down to the maintainer's judgement, but |
| 77 | + maintainers should err on the side of reducing the number of backports at |
| 78 | + this stage). Users are encouraged to start testing and consider migrating to |
| 79 | + the `latest` release of runc, reporting any issues they may find. |
| 80 | + |
| 81 | + * `latest-2` will only receive high severity security fixes (CVEs that have |
| 82 | + been assessed as having CVSS score 7 or higher). At this point, users still |
| 83 | + using `latest-2` would be strongly encouraged to upgrade to either `latest` |
| 84 | + or `latest-1`. |
| 85 | + |
| 86 | + * Any older releases will no longer recieve any updates, and users are |
| 87 | + encouraged to upgrade in the strongest possible terms, as they will not |
| 88 | + receive any security fixes regardless of severity or impact. |
| 89 | + |
| 90 | +This policy only applies to minor releases of runc with major version `1`. In |
| 91 | +the unlikely event of a runc `2.0` release, this document will be updated to |
| 92 | +reflect the necessary changes to the support policy for the `1.y` major release |
| 93 | +branch of runc. |
0 commit comments