My team has this one shared component that gets involved in like every feature’s development. This year, we’re loading like 5 different features onto it, all with different timelines, and my head’s about to explode trying to figure out how to make it all fly.

How does everyone else do their software releases? Do you freeze prod and then do one big release later? Throw everything into prod during dev, hope no one sees the unreleased stuff, and just announce it later? Or something else entirely?

  • @[email protected]
    link
    fedilink
    English
    18 months ago

    I don’t think the security people would like that idea very much

    Why not? How do your feature flags work?

    • @treechickenOP
      link
      18 months ago

      Our flags are dynamic. Service basically reads them from an env var at runtime to determine if requests go through.

      Security, at my place at least, has been very conservative about not launching stuff into prod until they’ve pentested in our test stage which has kinda forced us to do waterfall :|

      • @[email protected]
        link
        fedilink
        English
        18 months ago

        Sounds rough. My fiancé does security, and from what I’ve gathered from him, the best time for security to get involved is at the design stage. They look over the proposal, give their input, and then nobody’s surprised at release time, and teams can follow agile practices. Obviously there’s still a review of the final product, but that can be done asynchronously after the fact to confirm that best-practices were followed.

        Easy to say, hard to put into practice. Certainly depends on the kind of service your business provides.