Semantic versioning

My 2 cents, Vanilla 3.0 should be tied to something big - so I think the KB release would be worthwhile, or did you not have it tied to anything major. I was looking at the calendar and July 22, 2010, was the day Vanilla 2 was announced. Would be a great day to announce Vanilla 3 :)

I support semver if for no other reason than making our version numbers actually mean something. Right now, they essentially represent an arbitrary state of our codebase. If we use semver appropriately, comparing numbers will help set expectations of our users (OSS and Enterprise) on how much has changed in the product between those versions.

I'm also a fan of semver, because we can better draw a line in the sand when we want to introduce BC-breaking changes in Vanilla. It's easier for users to recognize that upgrading from v3 to v4 might break their site/addon (and obvious to users familiar with semver), versus upgrading from v3.1 to v3.2. We put a long tail on our BC support with no truly great way to communicate when that support vanishes. As a result, we feel compelled to indefinitely maintain that support. Semvar would help that communication, as well as (hopefully) emboldening us to start sloughing off some ancient BC in earnest.

I like that @D̸̨͝ą̸͂a̵͍̔z̴̙͋K̶̤̀u̷̢̇ - If that is what @Linc meant. I hadn't read it that way 😀

I’m wholly in favour of semantic versioning. There are a few things I'd like to make clear though:

Strictness

I'm ok with not being too strict in what is a breaking change:

• Methods and classes marked with @internal should be considered as private methods.
• Adding a CSS class to an element could technically be considering a breaking change in our world customizations and custom theming. I don't think something like that should be considered a breaking change.

LTS for open source versions

@Ryan Touched on this slightly with discussion of our long tail of open source support. I'd like to make a clear distinction of what the support timeline would be (this would be the timeline for how long we back-port security fixes to open source releases).

We could probably play with how long we do these for, but I'd think we could look at it like this:

• Open source always has an active release. This is the latest final point release that we make. If we didn't do the whole dev release thing we would have probably called many of the early 2.8.dev iterations 2.7.x and the time we decided to make a big open source release would be 2.8 exactly is it is now.
• Open source sometimes has a long term release. This can be done when update our minimum system requirements. Eg. We're bumping our minimums to PHP 7.1 and hopefully our MySQL version up, so we may decide to offer offer a period of security patches to a previous release no longer on cloud similar to what we did with 2.5 (PHP 5.6 EOL). If we don't skip an OSS release like we did with 2.4 or 2.7 this shouldn't be an issue going forward.
• Cloud releases get a ¯\_(ツ)_/¯. I don't particularly care what we call these because we don't have to do too much LTS on them.

We should probably keep the LTS open source versions minimal. I don't even think we necessarily need it for every breaking change. Only some of them. As an example Node.JS & Ubuntu only do LTS on even numbered versions but I don't think we necessarily need to tie ourselves to it.

Example.

3.0 - Has new minimum PHP version so 2.8 gets a 6 month LTS (or less. @Linc probably has the best feel for these timelines).

3.x.x - We only ever worry about the latest 3.x.

4.x - Some breaking changes, but users on the 3.x trunk are expected to update to here if they want continued security patches. We may still have a brief period of support for 3.x due to timelines with our enterprise clients, but we should try and minimize this.

Some interim time - Maybe LTS for for the old PHP/MySQL version is done. This doesn't mean we need another LTS yet.

5.x - Some breaking changes + PHP 7.2 minimum version. Time for another LTS.

Deprecations and Major releases

We have a good chunk of deprecated functions at the moment. We probably need to do a bit more triage here. I have a whole slew of previously deprecated functions that I put in our 2.8 release notes, but if there's any more that we might want to be rid of in 3.0 we may want to do a 2.9 adding more of them. @AlexanderKim this would be your chance. Our rules for deprecation currently though are to remove all of our internal usages (vanilla & vanillaforums github orgs).

I'm just a dolt. I hadn't noticed the link you added @Linc . As I mentioned, it's not anything that impacts me one way or the other - but it's clearer now and makes sense.

I'm pretty sure for chrome it's every 6 weeks actually, but point taken.