>If users adopt such policies that's their problem, we've done our homework.
For reference, Spring Boot has such a policy that forbids minor version upgrades. Sure your mileage might vary, however, it is an important bit of the ecosystem, and not providing a security patch effectively hurts Spring Boot users. Vladimir
