Le ven. 31 mars 2023 à 14:09, Elliotte Rusty Harold <elh...@ibiblio.org> a écrit :
> On Fri, Mar 31, 2023 at 3:17 AM Olivier Lamy <ol...@apache.org> wrote: > > > > LGTM > > It should be linked to core version support. > > Might need some update of https://maven.apache.org/docs/history.html > > maybe we should write some policy such we support only last version of > > 3 last main branches (e,g reached GA): > > > > - 3.6.x > > - 3.8.x > > - 3.9.x > > > There's at least one plugin that's not at 3.2.5 minimum yet, maybe more. > > I haven't seen anything earlier than 3.3 in years, so I think we can > safely move to 3.3 minimum, and *maybe* 3.5. However only the last > three major versions is far too aggressive. There are still a lot of > random package managers out there that don't update very fast, if at > all. E.g. someone on Mac OS Catalina 10.15.7 will get no further > updates unless they directly install Maven instead of using HomeBrew, > and I have at least one Mac that's stuck on 10.14. I'm not sure what > Maven version Homebrew installs there. Core developers and people who > use Maven all day, every day will install it from Apache, but there > are a lot of folks out there who just pull it out once or twice a year > when they need it, or when some random package requires it. They're > not necessarily even fulltime or professional programmers. > > The most recent version I've seen a package manager install is 3.6.3. > We've heard on this list from people who can't upgrade past 3.7 or 3.8 > due to unexpected behavior changes and bugs that impacted them. And > what happens when there's the next critical security vulnerability in > some logging framework or I/O package? Do we tell these users they > have to upgrade everything all at once to fix it? > > 3.5.4 is advanced enough. The community isn't ready to move further. > Not sure it is relevant but we can do a security release on 1.x if some people will, this is how asf works so 3.5 can be under that scope but it is not realistic to think we would handle seriously more than 2 major so 4.x and 3.9 are really the one with some resources. It is morr about ensuring it is known and written somewhere than anything else, nothing changes except we assume what we do instead of faking handling more than facts IMHO. Also people blocked on < 3.8 are mainly blocked for "not maven" reasons so it shouldnt block us at that stage IMHO. > -- > Elliotte Rusty Harold > elh...@ibiblio.org > > --------------------------------------------------------------------- > To unsubscribe, e-mail: dev-unsubscr...@maven.apache.org > For additional commands, e-mail: dev-h...@maven.apache.org > >
