On Fri, Apr 2, 2021 at 11:44 AM Romain Manni-Bucau <rmannibu...@gmail.com> wrote:
> So teams pick a version with semver like in mind assuming they will get > security fixes in this branch for the duration of the projects which tend > to be wrong since maven tends to update minor as often as patch digit. That is a very unjustified assumption. A miniscule fraction of open source projects issue patch releases for anything but head. The Linux kernel comes to mind. I can't think of a second, and none from the Apache Project. I'm sure they're out there, but it's certainly less than 1%. Absent an explicit statement that a minor version will receive security fixes in the future, I would never assume that anything other than the latest release is likely to be patched. -- Elliotte Rusty Harold elh...@ibiblio.org --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@maven.apache.org For additional commands, e-mail: dev-h...@maven.apache.org
