Backporting fixes

'''This page is a work in progress. Comments are welcome on the talk page, but remember this is not final!'''

Bugs are found in MediaWiki all the time. Some of these bugs are pretty high priority for the Wikimedia Foundation (eg: security-related or they break needed functionality by the Wikimedia community) and need special care to ensure all of the right users get the fix in the appropriate amount of time. There are three main classes of backports:
 * 1) Those that are security related and thus need to be deseminated as widely as possible as quickly as possible;
 * 2) Those that need to be applied to any stable or released (and supported) version of MediaWiki
 * 3) And those that need to be applied to the Wikimedia Foundation server cluster that hosts the wikis for Wikimedia-related projects.

Security Related Backports

 * 1) If you find a security flaw in MediaWiki, please email security@wikimedia.org directly with details. Please give us a couple days to fix the issue and roll out new releases for third-party users before public disclosure.
 * 2) These are filed as bugs in Bugzilla, but are marked Security and thus are not public before the fix has been released.
 * 3) The issue is diagnosed and a solution is created.
 * 4) A 'hotfix' is deployed to the WMF Cluster, where all of the Wikimedia Wikis are hosted.
 * NB: The WMF Cluster is running up to two different MediaWiki versions at any time, and both versions are hotfixed at the same time; ie: to 1.22wmf1 and 1.22wmf2.
 * 1) After this hotfix is deployed a security tarball release of MediaWiki is made for all currently supported versions and made available for download.

Stable/Suported Release Backports

 * 1) A bug is found that is causing problems to users of released versions of MediaWiki.
 * 2) Someone proposes it to be backported to the Stable/Supported versions of MediaWiki by setting the "Backport_to_Stable" flag to "?" on the bug.
 * 3) The MediaWiki Release Manager determines if the bug is important enough to backport the fix.
 * This decision is based on criteria such as: number of users affected, severity of the issue, and complexity of the fix.
 * If it is important enough, then the flag is set to "+" (approve)
 * If not, then the flag is set to "-" (reject)
 * 1) The bug is fixed in the development version of MediaWiki and tested there.
 * 2) Then, the fix is applied to the Stable version of MediaWiki with additional tests there.
 * 3) If all is well, then a new tarball release of MediaWiki is created and announced.

WMF Cluster Backports

 * 1) Make sure there is a bug registered in Bugzilla for the issue.
 * 2) On that bug, set the Backport_WMF "flag" to the "?" option.
 * NB: This sends the WMF release manager an email as it is a "request to set the Backport_WMF flag"
 * 1) The WMF Release Manager determines if the fix for this bug is worthy of being backported to the currently deployed code.
 * 2) If yes, they will set it to "+"
 * 3) If no, they will set it to "-"
 * 4) If set to "+", then the Release Manager will schedule a deployment window for this fix (depending on when the bug is fixed, of course).
 * 5) During that window, the fix will be deployed, and all is well again.