Giters

CybOXProject / python-cybox

A Python library for parsing, manipulating, and generating CybOX content.

Home Page:http://cybox.readthedocs.org/

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Do development in non-master branch

elhoim opened this issue · comments

commented

re what is said in #255, could you please move your development in dev branch so that master is always working? That would be very helpful for other projects trying to integrate by using the master branch to get the latest working version instead of tags for a specific version.

commented

@elhoim, thanks for the suggestion!

As a rule, we always try to make sure that all unit tests are passing in master, so it should always be installable and usable by itself. As for #255, the issue wasn't that there was a bug in the master branch of python-cybox, it was that the current master is incompatible with python-stix (an external library).

We looked at a bunch of different git workflows, some of which use a develop branch and reserve master for release tracking. Many others designate master as development and leverage tags for releases (with aligns with GitHub's use of tags). We felt that our current approach worked great for us and aligned well with established workflows.

We designate master as development by using a .dev0 (or .dev<number>) appended onto the version number. For example, the current __version__ in master is 2.1.0.12.dev0, while the latest tag is 2.1.0.11. Our next release will likely be 2.1.0.12 (stripping off the .dev0).

Users should refer to the CybOX page on PyPI for downloading releases rather than pulling from any branches on GitHub. Anything not tagged and published to PyPI is considered "development".

I hope that helps! Thanks again for the suggestion--we are always looking for ways to improve our development practices :)

commented

Everything @bworrell said is true.

In normal use, releases should be downloaded from PyPI. If there is a bug that has been fixed in the master branch but has not yet made it into a release, let us know. We try to keep around a 6-8 week release cadence, but are happy to speed that up if there is a bug the most recent release that is blocking someone to the point that they want to run on master.

Also, for developers the "master" branches of python-stix, python-cybox, and python-maec should all work concurrently if they are all installed. It's in a bit of a weird state now where that isn't true. Hopefully, I will get the mixbox branch of python-stix merged in soon, which should make problems like #255 go away.

We've done it both ways in the course of the project, and think this approach works best. If there are factors that we aren't considering, please let us know.

Thanks again for the suggestion!