Re: Do I understand the support schedule correctly?

On Sun, Aug 5, 2012 at 12:24 AM, Steve Bergman <sbergman27@gmail.com> wrote:
> I'm considering using Django for 2 projects. An LFS shop and a site
> which will use Pinax. Both high profile Django apps. At this time, the
> latest supported Django version for both is 1.3.3. If I understand
> correctly, the 1.3 branch of Django will no longer get security
> updates after 1.5 releases. The nominal release cycle for Django
> appears to be 9 months. And in practice it looks more like 1 year. So
> Django 1.5 should be out sometime between December and March. If I
> deploy in a month, that means a forced upgrade on both framework and
> apps in just 3 to 6 months from launch. And that's assuming that the
> apps have versions which support Django 1.4 by that time.
> Obviously, I'm missing something here, since no sane organization
> would accept such a situation. (It would certainly be a deal-breaker
> for us.) But I'm not sure what it is that I'm missing.

From Django's perspective, you've correctly understood the situation.
We officially support a development release, a stable release, and a
security release (currently 1.5 in preparation, 1.4 and 1.3
respectively). Our releases come on a 9-12 month cycle, which means
that if you were to move to the current stable release (1.4) right
now, you could reasonably expect to receive security updates for the
next 18 months or so (i.e., until the release of Django 1.6).

The problem you've got isn't with Django, it's with the downstream
tools you want to use *with* Django. I can't speak with authority for
Pinax or LFS, but if they're reporting that they're only officially
supporting Django 1.3, then yes; you'd be deploying onto 16 month old
code right now, and you will have a problem when Django 1.5 comes out
in a few months. This would be worth taking up with the Pinax and LFS
development teams; Django 1.4 came out almost 4 months ago -- if the
maintainers of these projects haven't made a statement about Django
1.4 support, that's slightly concerning.

However, I would say that Django itself has a very strong backwards
compatibility policy. I recently updated a sizeable codebase from 1.3
to 1.4, and the only problems I encountered were with the test suite
-- ironically, minor changes to Django's test runner in 1.4 revealed
some test failures that were being silenced by 1.3's test runner.
Chances are, the issue with Pinax and LFS is entirely one of
documentation -- i.e., that the projects in question simply haven't
updated their documentation, not that there is a problem preventing
them from moving onto future releases.

I would also add that when we make a security release, we provide full
disclosure of the issue, including a description of the problem and a
patch for our supported versions. Often, this patch is identical
between versions, so it may be possible for you to be running a very
old version of Django an manually apply any security patches
(effectively doing your own security release for an officially
unsupported Django version).

Yours,
Russ Magee %-)

--
You received this message because you are subscribed to the Google Groups "Django users" group.
To post to this group, send email to django-users@googlegroups.com.
To unsubscribe from this group, send email to django-users+unsubscribe@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/django-users?hl=en.