@@ -32,22 +32,23 @@ branches.
3232
3333## What Kind of PRs are Good for Cherry Picks
3434
35- Compared to the normal master branch's merge volume across time,
36- the release branches see one or two orders of magnitude less PRs.
37- This is because there is an order or two of magnitude higher scrutiny.
38- Again, the emphasis is on critical bug fixes, e.g.,
35+ Patch releases must be easy and safe to consume, so security fixes
36+ and critical bugfixes can be delivered with minimal risk of regression.
3937
40- - Loss of data
41- - Memory corruption
42- - Panic, crash, hang
43- - Security
38+ Only the following types of changes are expected to be backported:
4439
45- A bugfix for a functional issue (not a data loss or security issue) that only
46- affects an alpha feature does not qualify as a critical bug fix.
40+ - Security fixes
41+ - Dependency updates that just aim to silence some scanners
42+ and do not fix any vulnerable code are ** not** eligible for cherry-picks.
43+ - Regression fixes
44+ - Critical bug fixes (loss of data, memory corruption, panic, crash, hang)
45+ - A bugfix for a functional issue (not a data loss or security issue) that only
46+ affects an alpha feature does not qualify as a critical bug fix.
47+ - Prerequisite changes for critical dependency updates (e.g. [ go updates] ( https://github.com/kubernetes/sig-release/blob/master/release-engineering/handbooks/go.md#minor-version-updates ) )
48+ - Test-only changes to stabilize failing / flaky tests on release branches
4749
48- If you are proposing a cherry pick and it is not a clear and obvious critical
49- bug fix, please reconsider. If upon reflection you wish to continue, bolster
50- your case by supplementing your PR with e.g.,
50+ If you are proposing a cherry pick outside these categories, please reconsider.
51+ If upon reflection you wish to continue, bolster your case by supplementing your PR with e.g.,
5152
5253- A GitHub issue detailing the problem
5354
@@ -62,21 +63,6 @@ your case by supplementing your PR with e.g.,
6263- Key stakeholder SIG reviewers/approvers attesting to their confidence in the
6364 change being a required backport
6465
65- To illustrate the point, dependency updates that just aim to silence some scanners
66- and do not fix any vulnerable code are NOT eligible for cherry-picks.
67-
68- If the change is in cloud provider-specific platform code (which is in the
69- process of being moved out of core Kubernetes), describe the customer impact,
70- how the issue escaped initial testing, remediation taken to prevent similar
71- future escapes, and why the change cannot be carried in your downstream fork of
72- the Kubernetes project branches.
73-
74- It is critical that our full community is actively engaged on enhancements in
75- the project. If a released feature was not enabled on a particular provider's
76- platform, this is a community miss that needs to be resolved in the ` master `
77- branch for subsequent releases. Such enabling will not be backported to the
78- patch release branches.
79-
8066## Initiate a Cherry Pick
8167
8268### Before you begin
0 commit comments