> I would consider 2.5 for EOL as well Good idea.
On 2024/06/28 12:38:54 Jochen Theodorou wrote: > +1 out with it > > I would consider 2.5 for EOL as well > > > Hi folks, > > > > Groovy 2.4.x hasn't been something we have progressed for some time. > > The last "real" commit to the GROOVY_2_4_X branch and the last release > > (2.4.21) were both in Dec 2020. > > > > For reference, 2.4.x supports back to JDK 1.6 while 2.5.x (which is > > not part of this discussion) supports back to JDK 1.7: > > https://groovy.apache.org/download.html#requirements > > > > On the recommended page for GitHub security policy: > > https://github.com/apache/groovy/security/policy > > > > We state: > > 2.4.x Only severe/critical vulnerabilities (*) > > (*) The 2.4.x stream is no longer the focus of the core team but > > critical security fixes or community contributions may lead to > > additional releases. > > > > I propose to make the EOL official. I don't think the "weak support" > > will be good enough once CRA regulations come into play. My > > understanding from the CRA requirements is that we either intend to > > provide timely fixes for vulnerabilities for any supported version, or > > we should mark versions as EOL. This doesn't stop us from making an > > emergency fix/release if we chose, it just indicates that shouldn't be > > the expectation. > > > > If anyone objects, please discuss here, otherwise I will create a VOTE > > thread in a few days. > > > > Paul. > > > > <https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=webmail> > > Virus-free.www.avast.com > > <https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=webmail> > > <#DAB4FAD8-2DD7-40BB-A1B8-4E2AA1F9FDF2> > >
