DOC: Formalize LTS backport policy

[pllim]

Description

This pull request is to formalize LTS backport policy.

We have to decide where to best place such a policy and hammer out the wordings.

Fixes #11405

[github-actions]

👋 Thank you for your draft pull request! Do you know that you can use [ci skip] or [skip ci] in your commit messages to skip running continuous integration tests until you are ready?

[Cadair]

I approve this message.

[Cadair]

After the standard support life cycle.

[pllim]

@Cadair , can you please elaborate on this?

[Cadair]

Well why the LTS version is both "the LTS" and the latest release the backport policy is the same as normal?

[embray]

I think this is well stated, thank you.

[saimn]

After some thought I tend to disagree, or at least that not what LTS means for me. As a comparison, Python releases have bugfix releases during 2 years, and then security/critical fix releases when needed during 3 more years. Changing LTS to security/critical/on-demand fixes only is a regression imo, and not what LTS was intended for, and also not what we have been doing since LTS started.
I understand the maintenance cost but I think that we could reduce this cost with a better backport/release procedure. Also backporting bugfixes is often not that difficult in terms of conflict since bugfixes usually impact limited sections of the code. At least with my io.fits hat, I think that bugfix backport are usually not complicated, and are of great value for LTS users. If we want to stop doing that, it would mean for me the end of LTS. And about backporting security/critical fixes, there is no need for a LTS branch for that. I guess if there was some security/critical fix (which is not so frequent with our codebase, not web oriented etc.) we would try to backport it to any recent enough version we can anyway.

[embray]

@saimn I agree with your points overall, and it's how I feel as well. But I didn't really want to push back on this because I know LTS maintenance has been a big burden for all involved, so I'm sympathetic to the desire to change the policy. I know I just wrote earlier that I think this policy is well-said, you have me wanting to backtrack a bit.

I think the backport procedure usually worked pretty well in the past but over time became more complicated for various reasons (mostly to do with CI I think). Now that we are experimenting with meeseeksbot and also have CI a little better straightened out for the 4.0.x branch (#11123) I think we should wait and see if it becomes any easier.

Maybe what we could do is soften this slightly with wording like:

Bug fixes that are trivial to backport, and critical bug fixes.

Where we can define "trivial to backport" as either "automated backports merge / pass CI without any additional intervention" or it would take me at most 5 minutes to resolve any minor merge conflicts. And by "me" I mean I'll volunteer.

[saimn]

Indeed, the backport workflow with the bot should help by backporting just after PRs are merged (so changes would still be fresh, and it would be up to the sub-package maintainer to see if it's worth fixing the conflicts) and by running CI on the backport branches more regularly.

[pllim]

So, uh, how do we proceed? Should I just close this without merge?

[eteq]

Some wording suggestions based on some out-of-band discussion.

My two cents is that with the backport bot things should be a bit easier, so "critical" is not mandatory. But it is good to have this here nonetheless to make sure everyone understands that the purpose of LTS and the scope of fixes.

[pllim]

@Cadair , you mean like this?

Suggested change

	Starting from astropy 5.0, backports to Long-Term Stable (LTS) releases
	After the standard support life cycle, backports to Long-Term Stable (LTS) releases

[pllim]

Update:

• I applied new wordings from Erik, so should be less controversial now?
• Still not sure what Stuart wanted in his comment above.
• Should I move this to the section where it would only be rendered in latest and not stable?

[embray]

Should I move this to the section where it would only be rendered in latest and not stable?

I don't know--if that's the policy starting v5.0 I don't see why it shouldn't be in the stable docs. I think we want to defend this policy as "stable" and not be pressured into changing it. If it absolutely must be changed, I think any change to the policy should coincide with a new release. But as it is I'm pretty sure this covers all the bases, including the "pipelines that absolute need it can have backports but they must be willing to help".

[hamogu]

How about "users"? In most cases, those users are institutions, but I don't think that we should write a policy that explicitly excludes non-institutional users.

[pllim]

I added "users". Look better now?

[pllim]

Hmm looks like I need to rebase to get rid of failures.

[pllim]

We can further word-smith this in follow-up PR(s). Thanks for the reviews!