> > Yes, this would be great. Right now users are confused what EOL means and > what they can expect. > >
I think the project would need to land on an agreed position. I tried to find any reference to my earlier statement around CVEs on the latest unmaintained branch but could not find it (I'm sure it was mentioned somewhere :( How many past branches? All CVEs? What if CVEs are in dependencies? And is this a slippery slope, will such a formalised and documented commitment lead to more users on EOL versions? (see below) How do other committers feel about this? I am also asking specifically for 3.11 since this release has been around > so long that it might warrant longer support than what we would offer for > 4.0. > > This logic can also be the other way around :-) We should be sending a clear signal that OSS users are expected to perform a major upgrade every ~two years. Vendors can, and are welcome to solve this, but the project itself does not support any user's production system, it only maintains code branches and performs releases off them, with our focus on quality solely on those maintained branches.
