On Tue, Jun 22, 2021 at 3:03 PM Jon Robson <jrobson(a)wikimedia.org> wrote:
A few questions to provoke discussion/share knowledge
better:
* Why does the train run Tue,Wed, Thur rather than Mon,Tue,Wed
I'd note here that the standard security deployment window is Monday
between 21:00 and 23:00 UTC. That date and time is not a hard requirement
by any means, but having such a window exist early in the week, prior to
the start of the train, has worked out well for a few reasons. It's both
convenient and less risky to only deploy security patches to a single wmf
production branch, which is the case most Mondays. It's also less risky
having the space to monitor patches and roll them back or re-patch during
the week, as opposed to say, on a Friday, with substantially reduced
coverage going into most weekends. Of course there are times when critical
security issues need to be dealt with on a Friday or even over the weekend,
but in general, the Security Team likes to avoid this. Moving the train to
a Mon, Tue, Wed cadence would imply the security window be moved to the
previous Friday or possibly Thursday, which is doable, but not desired for
the aforementioned reasons.
--
Scott Bassett
sbassett(a)wikimedia.org