Are bug fixes / security patches ever back-ported to old versions of dask and distributed?

Given the fact-moving pace of dask development, I assume new features are never back-ported (please correct me if I’m wrong).

What about bug fixes and security patches? Are they ever back-ported to old versions of dask and distributed? If so, how far back will the back-porting go?

Thanks!

Correct, we are not in the practice of back-porting fixes. If some critical situation were to arise in the future, we could perhaps reconsider this stance. That conversation would presumably happen in a github issue concerning whatever security vulnerability that arose.

1 Like

There has been some interest in long-term-support (LTS) releases for Dask/Distributed (see, e.g., the 2021 User Survey), so these may exist in the future. In that case, I would imagine that security fixes would be backported to those releases.

I don’t think there are current plans to do long term support releases (although yes, in our surveys people do say they’d be willing to pin their requirements to those if they did exist)

Thanks all for your inputs.

FWIW, this is something that is on Coiled’s roadmap

1 Like