On Fri, Mar 31, 2023 at 3:17 AM Olivier Lamy <ol...@apache.org> wrote: > > LGTM > It should be linked to core version support. > Might need some update of https://maven.apache.org/docs/history.html > maybe we should write some policy such we support only last version of > 3 last main branches (e,g reached GA): > > - 3.6.x > - 3.8.x > - 3.9.x
There's at least one plugin that's not at 3.2.5 minimum yet, maybe more. I haven't seen anything earlier than 3.3 in years, so I think we can safely move to 3.3 minimum, and *maybe* 3.5. However only the last three major versions is far too aggressive. There are still a lot of random package managers out there that don't update very fast, if at all. E.g. someone on Mac OS Catalina 10.15.7 will get no further updates unless they directly install Maven instead of using HomeBrew, and I have at least one Mac that's stuck on 10.14. I'm not sure what Maven version Homebrew installs there. Core developers and people who use Maven all day, every day will install it from Apache, but there are a lot of folks out there who just pull it out once or twice a year when they need it, or when some random package requires it. They're not necessarily even fulltime or professional programmers. The most recent version I've seen a package manager install is 3.6.3. We've heard on this list from people who can't upgrade past 3.7 or 3.8 due to unexpected behavior changes and bugs that impacted them. And what happens when there's the next critical security vulnerability in some logging framework or I/O package? Do we tell these users they have to upgrade everything all at once to fix it? 3.5.4 is advanced enough. The community isn't ready to move further. -- Elliotte Rusty Harold elh...@ibiblio.org --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@maven.apache.org For additional commands, e-mail: dev-h...@maven.apache.org
