Greetings Framework Teams, We've had some recent confusion on support policies. Much of that is my fault for not having codified on plone.org the outcome of our December discussion on the membership list. My apologies!
Both the board and I believed that there was effective consensus in favor of Hanno's draft policy in his 2008/12/20 e-mail (reproduced below). That policy distinguished between "active maintenance" and "security support." By my reading, *active support* of the 2.5 series has ceased. However, *security support* will continue until the release of P4. I think we are in agreement, though, that security support for a version that is not under active maintenance is limited to what can be achieved without significant structural work. Thus, the CSRF changes are not possible for 2.5.x. [Note: the most recent CVE on PlonePAS does not affect 2.5.x.] Unless anyone can make a case for re-evaluation, I hope we can take a common line on this in discussions in the other lists. In particular, we should be careful in any statement that Plone 2.5.x is unsupported to make sure that this only refers to active maintenance and not to security support. Thanks, Steve The policy algorithm from Hanno's 2008/12/20 message: """ Plone 2.5, 3.x and 4.x are considered major versions of Plone. Plone 3.1, 3.2, 3.3, 4.1, 4.2 are considered minor versions of Plone. - Active maintenance of Plone happens for one major versions of Plone at a time. - Once a new major version is released, the old major version is maintained until the first minor version of the new major version is released. - Active security support happens for the latest two major Plone versions at all times. This complies with the situation I mentioned above. What does this mean for future releases: 3.2 is released: - 3.1 moves from maintenance into security support - 3.2 sees maintenance releases 3.3 is released: - 3.2 moves from maintenance into security support - 3.3 sees maintenance releases 4.0 is released: - 2.5 looses security support - All 3.x releases retain security support - 3.3 (or the latest minor 3.x release) continues to see active maintenance releases - 4.0 sees maintenance releases 4.1 is released: - All 3.x releases retain security support - We stop maintenance releases for any 3.x release - 4.0 moves from maintenance into security support - 4.1 sees maintenance releases 4.2 is released: - 4.1 moves from maintenance into security support - 4.2 sees maintenance releases """ -- Steve McMahon Reid-McMahon, LLC st...@reidmcmahon.com st...@dcn.org _______________________________________________ Framework-Team mailing list Framework-Team@lists.plone.org http://lists.plone.org/mailman/listinfo/framework-team
