I do know companies who still use 3.2.3 and they don't dare to update because of a misconfiguration. Should we care? Or perhaps they should have bought support contracts for such use cases?
If we say "support the 3.6 branch fur such amount of time" it also means reacting to vulnerabilities in time, doesn't it? But yes, better have a clear statement than no statement at all. Am Sa., 14. Dez. 2019 um 12:43 Uhr schrieb Michael Osipov <micha...@apache.org>: > > Am 2019-12-14 um 12:31 schrieb Karl Heinz Marbaise: > > Hi, > > > > based on the history we have defined Maven 2.X EoL five years after the > > last release...[1] > > > > Based on that I would suggest to define End Of Life for the following > > Maven versions cause their release date is also five years ago... > > > > > > Maven 3.0.5...3.2.5 included. > > > > We have never backported some things in the last five year... > > > > WDYT? > > That sounds like a plan, but not honest enough. If we include 3.3.9 and > 3.5.4 we ultimately say that we still support this and patch it. But we > don't! In tickets we require always to try to the latest version. > > What I would see as honest is that we would support 3.6.x with bugfixes > for some amount of time and have a line moving forward, 3.7.x. > Everything else is just a lie. > > Michael > > --------------------------------------------------------------------- > To unsubscribe, e-mail: dev-unsubscr...@maven.apache.org > For additional commands, e-mail: dev-h...@maven.apache.org > --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@maven.apache.org For additional commands, e-mail: dev-h...@maven.apache.org
