Le ven. 2 avr. 2021 à 16:08, Elliotte Rusty Harold <[email protected]> a écrit :
> On Fri, Apr 2, 2021 at 11:44 AM Romain Manni-Bucau > <[email protected]> wrote: > > > So teams pick a version with semver like in mind assuming they will get > > security fixes in this branch for the duration of the projects which tend > > to be wrong since maven tends to update minor as often as patch digit. > > That is a very unjustified assumption. A miniscule fraction of open > source projects issue patch releases for anything but head. The Linux > kernel comes to mind. I can't think of a second, and none from the > Apache Project. I'm sure they're out there, but it's certainly less > than 1%. Absent an explicit statement that a minor version will > receive security fixes in the future, I would never assume that > anything other than the latest release is likely to be patched. > Agree with that, this is why we have a "defining a release policy before next release" track right now but in the mean time, since several apache project defined such policy (thinking to karaf and tomee) and that maven is really really mainstream, we can't ignore it had been done today - and once again it is why we get so much negative feedback each time we jump versions. So let's fix the immediate need and accomodate our users and fix the real issue right after/soon to avoid it happens again. > > -- > Elliotte Rusty Harold > [email protected] > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [email protected] > For additional commands, e-mail: [email protected] > >
