Backporting fixes

'''This page is a work in progress. Comments are welcome on the talk page, but remember this is not final!'''

Bugs are found in MediaWiki all the time. Some of these bugs are pretty high priority for the Wikimedia Foundation (eg: security-related or they break needed functionality by the Wikimedia community) and need special care to ensure all of the right users get the fix in the appropriate amount of time. There are three main classes of backports:
 * 1) Those that are security related and thus need to be deseminated as widely as possible as quickly as possible;
 * 2) Those that need to be applied to any stable or released (and supported) version of MediaWiki
 * 3) And those that need to be applied to the Wikimedia Foundation server cluster that hosts the wikis for Wikimedia-related projects.

Security Related Backports

 * 1) If you find a security flaw in MediaWiki, please email security@wikimedia.org directly with details. Please give us a couple days to fix the issue and roll out new releases for third-party users before public disclosure.
 * 2) These are filed as bugs in Bugzilla, but are marked Security and thus are not public before the fix has been released.
 * 3) The issue is diagnosed and a solution is created.
 * 4) A 'hotfix' is deployed to the WMF Cluster, where all of the Wikimedia Wikis are hosted.
 * NB: The WMF Cluster is running up to two different MediaWiki versions at any time, and both versions are hotfixed at the same time; ie: to 1.22wmf1 and 1.22wmf2.
 * 1) After this hotfix is deployed a security tarball release of MediaWiki is made for all currently supported versions and made available for download.

Stable/Suported Release Backports

 * 1) A bug is discovered that is causing pain for Wikimedia community members/users of mediawiki.
 * 2) (Some decision on priority to fix the bug is made)
 * 3) A fix is created for the bug.
 * 4) Now if the fix is deemed high priority enough for the Wikimedia community that it can not wait until the next scheduled deployment (sometimes up to 2 weeks later depending on the specific wiki) it needs to be backported to a previously deployed version.
 * Depending on the timing, it needs to be backported to up to 2 different versions of currently deployed MediaWiki, as above with the security fix.
 * 1) Important bugs can be proposed for backporting to a tarball release update by going to the corresponding bug report in Bugzilla and setting the "Backport_to_Stable" dropdown field to "?".

WMF Cluster Backports

 * 1) Make sure there is a bug registered in Bugzilla for the issue.
 * 2) On that bug, set the Backport_WMF "flag" to the "?" option.
 * NB: This sends the WMF release manager an email as it is a "request to set the Backport_WMF flag"
 * 1) The Release Manager determines if the fix for this bug is worthy of being backported to the currently deployed code.
 * 2) If yes, they will set it to "+"
 * 3) If no, they will set it to "-"
 * 4) If set to "+", then the Release Manager will schedule a deployment window for this fix (depending on when the bug is fixed, of course).
 * 5) During that window, the fix will be deployed, and all is well again.