From 0487937af3e78f5e651716bf16ea6c4d8d783f70 Mon Sep 17 00:00:00 2001 From: Wolfgang Walther Date: Tue, 4 Jun 2024 21:36:45 +0200 Subject: [PATCH] postgresql: add readme with eol-policy This was discussed and agreed on in [1]. [1]: https://github.com/NixOS/nixpkgs/pull/310580#discussion_r1597284693 --- .../modules/services/databases/postgresql.md | 21 +++++++++++++++++++ pkgs/servers/sql/postgresql/default.nix | 8 +++++++ 2 files changed, 29 insertions(+) diff --git a/nixos/modules/services/databases/postgresql.md b/nixos/modules/services/databases/postgresql.md index 8a587832cd8c..e76f127335c7 100644 --- a/nixos/modules/services/databases/postgresql.md +++ b/nixos/modules/services/databases/postgresql.md @@ -244,6 +244,27 @@ The upgrade process is: $ ./delete_old_cluster.sh ``` +## Versioning and End-of-Life {#module-services-postgres-versioning} + +PostgreSQL's versioning policy is described [here](https://www.postgresql.org/support/versioning/). TLDR: + +- Each major version is supported for 5 years. +- Every three months there will be a new minor release, containing bug and security fixes. +- For criticial/security fixes there could be more minor releases inbetween. This happens *very* infrequently. +- After five years, a final minor version is released. This usually happens in early November. +- After that a version is considered end-of-life (EOL). +- Around February each year is the first time an EOL-release will not have received regular updates anymore. + +Technically, we'd not want to have EOL'ed packages in a stable NixOS release, which is to be supported until one month after the previous release. Thus, with NixOS' release schedule in May and November, the oldest PostgreSQL version in nixpkgs would have to be supported until December. It could be argued that a soon-to-be-EOL-ed version should thus be removed in May for the .05 release already. But since new security vulnerabilities are first disclosed in Februrary of the following year, we agreed on keeping the oldest PostgreSQL major version around one more cycle in [#310580](https://github.com/NixOS/nixpkgs/pull/310580#discussion_r1597284693). + +Thus: +- In September/October the new major version will be released and added to nixos-unstable. +- In November the last minor version for the oldest major will be released. +- Both the current stable .05 release and nixos-unstable should be updated to the latest minor. +- In November, before branch-off for the .11 release, the EOL-ed major will be removed from nixos-unstable. + +This leaves a small gap of a couple of weeks after the latest minor release and the end of our support window for the .05 release, in which there could be an emergency release to other major versions of PostgreSQL - but not the oldest major we have in that branch. In that case: If we can't trivially patch the issue, we will mark the package/version as insecure **immediately**. + ## Options {#module-services-postgres-options} A complete list of options for the PostgreSQL module may be found [here](#opt-services.postgresql.enable). diff --git a/pkgs/servers/sql/postgresql/default.nix b/pkgs/servers/sql/postgresql/default.nix index ff9f4f4150a2..3040e8074b32 100644 --- a/pkgs/servers/sql/postgresql/default.nix +++ b/pkgs/servers/sql/postgresql/default.nix @@ -1,5 +1,13 @@ self: let + # Before removing an EOL major version, make sure to check the versioning policy in: + # /nixos/modules/services/databases/postgresql.md + # + # Before removing, make sure to update it to the last minor version - and if only in + # an immediately preceding commit. This allows people relying on that old major version + # for a bit longer to still update up to this commit to at least get the latest minor + # version. In other words: Do not remove the second-to-last minor version from nixpkgs, + # yet. Update first. versions = { postgresql_12 = ./12.nix; postgresql_13 = ./13.nix;