Description
We are seeing growing adoption of LoopBack 4, with many projects already deploying to production. It makes me wonder what kind of stability guarantees are our users expecting from the framework?
At the moment, there is a single release line "Current" where we make all changes (features small and large, bug fixes, security fixes, etc.). Upgrading a LB4-based project to a newer version may require some work on the user side, e.g. when a new TypeScript version is released. This could become a problem when a security vulnerability is fixed and the upgrade from a vulnerable to the fixed version is not trivial.
Is it perhaps time to introduce an LTS release line, where only bug fixes and security patches will be landed? The current LTS policy used for LoopBack 3.x can be found here:
Active LTS
A major LoopBack version (for example, 3.x) enters Active LTS when the next major version is released (for example, 4.0) and stays in Active LTS mode for at least six months.
Once a release enters LTS, no new features may be added to that release. Changes are limited to:
- Bug fixes;
- Security updates;
- Relevant documentation updates;
- Certain performance improvements where the risk of breaking existing applications is minimal;
- Changes that introduce large amount of code churn where the risk of breaking existing applications is low and where the change in question may significantly ease the ability to backport future changes due to the reduction in diff noise. Semver-minor changes are only permitted if required for bug fixes. Semver-major changes are only permitted if required for critical security and bug fixes.
Support for new major Node.js versions may be added if the required changes have a low risk of breaking existing applications.
Maintenance LTS
When a new major version (for example, 4.0) is released, the oldest Active LTS version (for example, 2.x) enters Maintenance LTS mode, where it will stay for as long as the Node.js LTS versions available at release time are maintained by the Node.js project.
Once a release moves into Maintenance LTS mode, only critical bugs, critical security fixes, and documentation updates will be permitted.
Specifically, adding support for new major Node.js versions is not permitted.
I'd like to use this issue to kick-off the initial discussion, where we can learn what our users actually need from the framework. Pinging @strongloop/loopback-maintainers @strongloop/loopback-next @raymondfeng @dhmlau