On Tue, May 22, 2018 at 10:24 PM, Fiedler Roman <[email protected]> wrote: >> https://en.wikipedia.org/wiki/GNU_Privacy_Guard >> already give an end-of-life date for 2.0, but none for 1.4. >> And since Ubuntu 16.04 includes 1.4, there are likely >> to still be a few vocal 1.4 users out there. >> >> How about announcing an end-of-life date for 1.4 that >> is in the future (say, by 3 to 6 months)? > > In my opinion, just "announcing" EOL (especially with such a short notice) is > quite bad practice for products aiming to be used in production setups also. > This quite negatively affects trust into the product as your costs may change > quite rapidly. You might argue, that companies should be used to paying for > things. They are, but they want to have some planning when they are expected > to pay. Would you like your car manufacturer announce, that your car is not > secure any more in 6 month and that you have to pay for non-standard > maintenance, if you still want to operate it securely? > > Apart from that: some companies using open source software are non-profit > companies, like mine in research business. If our software strategy is bad - > e.g. because upstream forces us suddenly to switch/pay, where we did not > expect it - research funding money (mostly from the society) has to be used > to keep the projects running. > > So when talking about EOL, gpg community should consider writing down a > consistent EOL strategy, similar to those of Ubuntu, Linux kernel or others > or something like I tried to argue for in the middle of > https://lists.gnupg.org/pipermail/gnupg-users/2018-May/060539.html
Yes, exactly! And taking a look at https://www.ubuntu.com/info/release-end-of-life, one sees that Ubuntu 12.04 and 14.04 have a final end of life in about February 2019; 16.04 lives until Feb 2021. To be kind to enterprise customers, GnuPG could pick one of those two dates as the EOL for 1.4. Matching 16.04's EOL would strand the fewest users, but even just matching 14.04's would make sense to a lot of people. Also, gnupg.org should add a web page like https://www.gnupg.org/release-end-of-life that lays out the EOL for all released versions; the only one with a clear EOL is 2.0.x, and that's a bit buried in text on the front page. - Dan _______________________________________________ Gnupg-users mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnupg-users
