I am not a committer, but I’d leave towards leaving it open ended if the tooling to produce a release remains working.
I think EOL is very important to convey “hey, we no longer can produce a release” or “we no longer have the in house knowledge to maintain this”, but if the release process is still manageable, and people aren’t trying to jam in NEW FEATURES into 1.x, then I don’t see why you need to close it off. I am very appreciative of the 1.9.5 coming out, and I would hope that if more CVE’s pop up, being able to publish a 1.9.6 would be great. What if, and this is just an idea, you reframed things? Instead of talking about EOL, what if you talked about LTS: Long Term Support. 1.9 is our LTS. If a CVE pops up, you can expect a 1.9.6 or 1.9.7. There will never be a 1.10 with new features. All new features will go to OpenNLP 3. We reserve the right to decide when 1.9 line is no longer LTS. My experience in Solr is that there is a HUGE set of people who are happy with their specific solution, and won’t ever upgrade till there is a big event. For them, knowing they are on a LTS version, and knowing that it can be produced reasonably easily, seems like a win-win for everyone. When 1.9.x becomes a pain to release, then call the LTS period “done”. I wrote down some specifics that I haven’t actually shared with the Solr community yet, but here you go: https://docs.google.com/document/d/17qJIfbSoRYvwrPt5OWjqmliwghflDzV9fA0XmXmNSBE/edit?usp=sharing Eric > On Jun 18, 2026, at 12:39 PM, Kristian Rickert <[email protected]> wrote: > > a) +1 > b) I'd lean on a short grace period. > > > On Wed, Jun 17, 2026 at 11:52 PM Richard Zowalla <[email protected]> > wrote: > > > a) +1 > > b) b2/b3 (if other CVEs are approaching) > > > > Examples: https://tomcat.apache.org/tomcat-9.0.x-eos.html > > <https://tomcat.apache.org/tomcat-9.0.x-eos.html> > > > > > Am 18.06.2026 um 05:23 schrieb Martin Wiesner <[email protected]>: > > > > > > Hi all, > > > > > > given recent security fixes that landed in OpenNLP's main branch and the > > request for back porting these changes to the very oldskoolish 1.9.x line > > [1], the people involved noticed that the efforts to maintain three > > separate version lines along the road were pretty high and resource > > consuming. > > > > > > Therefore, I'd like to propose to (finally) declare Apache OpenNLP 1.9.x > > EOL publicly via a News announcement on the project's website. > > > > > > Primary questions: > > > (a) Do we have consensus that such an EOL announcement is long overdue > > and should be put out rather soonish? > > > (b) Time of the announcement: Options that I see: > > > - b1: Directly with the projected release of the 1.9.5, marking it as > > the last release ever to be expected for OpenNLP 1.x. > > > - b2: Shortly after - with a grace period - for instance End of July > > 2026, or similar short ranged targets. > > > - b3: End of year 2026, that is Dec 31, 2026 > > > (c) Are there any requirements by the ASF to put out an EOL > > announcement? Jeff, do you have infos about it? > > > > > > Open for others to add thoughts and related aspects to this discussion. > > > Please share your opinions and provide (your) answers to question (a) to > > (c). > > > > > > Best > > > Martin | mawiesne > > > -- > > > [1] https://lists.apache.org/thread/nvzl4g2b6rc149nf54xpnorjso5h0mlp > > > <https://lists.apache.org/thread/nvzl4g2b6rc149nf54xpnorjso5h0mlp> > > Disclaimer The information contained in this communication from the sender is confidential. It is intended solely for use by the recipient and others authorized to receive it. If you are not the recipient, you are hereby notified that any disclosure, copying, distribution or taking action in relation of the contents of this information is strictly prohibited and may be unlawful. This email has been scanned for viruses and malware, and may have been automatically archived by Mimecast, a leader in email security and cyber resilience. Mimecast integrates email defenses with brand protection, security awareness training, web security, compliance and other essential capabilities. Mimecast helps protect large and small organizations from malicious activity, human error and technology failure; and to lead the movement toward building a more resilient world. To find out more, visit our website.
