Am 01.11.2018 um 13:10 schrieb Stephen Connolly <stephen.alan.conno...@gmail.com>: > > On Thu, 1 Nov 2018 at 11:57, Mirko Friedenhagen <mfriedenha...@gmx.de > <mailto:mfriedenha...@gmx.de>> > wrote: > >> # Meaning of life - for Maven Core >> * For Maven 2[4] there is a dedicated page what EOL does mean. >> * I think maybe we (I am not very active currently, sorry) should at least >> manifest somewhere the meaning of life of a Maven core release as well. >> * Some ideas follow, YMMV :-) >> >> ## Core gets patched! >> * Looking at Maven's history page[2], I found no minor release was ever >> updated to a new micro version after a new minor was released. >> * So obviously a core version being not in the EOL state does not mean >> that anything will be patched in a micro release (Or does it? Would a >> „blocker" bug found in 3.0.5 lead to a 3.0.6?). >> > > A critical security issue *might* be assessed by the PMC as warranting an > update to some of the older release lines, but that would really require > known compatibility issues that seriously block users upgrading to the > latest and greatest Maven Core and a very serious security issue. > > Until we hit Maven 4.x and 5.x this should be mostly unlikely to occur... > but I would not hold my breath
So for the practical issue of Homebrew, I would suggest to drop 3.0 and 3.1 as they are not even tested nowadays for compatibility with current plugins’ masters anyways. Is the idea of having a page where your statement in regards of patching as decided by a PMC is written down, so people know what to expect (or not) a good one or is this administrative overkill? At least something like a standard test matrix page could be added to the Maven site, where the matrices are outlined. Anyone looking at the page may then decide how risky using an outdated version is. Regards Mirko
