My team has this one shared component that gets involved in like every feature’s development. This year, we’re loading like 5 different features onto it, all with different timelines, and my head’s about to explode trying to figure out how to make it all fly.

How does everyone else do their software releases? Do you freeze prod and then do one big release later? Throw everything into prod during dev, hope no one sees the unreleased stuff, and just announce it later? Or something else entirely?

  • @OneCardboardBox
    link
    English
    110 months ago

    I don’t think the security people would like that idea very much

    Why not? How do your feature flags work?

    • @treechicken@lemmy.worldOP
      link
      fedilink
      110 months ago

      Our flags are dynamic. Service basically reads them from an env var at runtime to determine if requests go through.

      Security, at my place at least, has been very conservative about not launching stuff into prod until they’ve pentested in our test stage which has kinda forced us to do waterfall :|

      • @OneCardboardBox
        link
        English
        110 months ago

        Sounds rough. My fiancé does security, and from what I’ve gathered from him, the best time for security to get involved is at the design stage. They look over the proposal, give their input, and then nobody’s surprised at release time, and teams can follow agile practices. Obviously there’s still a review of the final product, but that can be done asynchronously after the fact to confirm that best-practices were followed.

        Easy to say, hard to put into practice. Certainly depends on the kind of service your business provides.