Defining EoL for Older Maven Versions

classic Classic list List threaded Threaded
6 messages Options
Reply | Threaded
Open this post in threaded view
|

Defining EoL for Older Maven Versions

Karl Heinz Marbaise-3
Hi,

based on the history we have defined Maven 2.X EoL five years after the
last release...[1]

Based on that I would suggest to define End Of Life for the following
Maven versions cause their release date is also five years ago...


Maven 3.0.5...3.2.5 included.

We have never backported some things in the last five year...

WDYT?

Kind regards
Karl Heinz Marbaise


[1]: https://maven.apache.org/docs/history.html#Maven_2

---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: Defining EoL for Older Maven Versions

Karl Heinz Marbaise-3
Hi,

I have a different opionion about End Of Life ...

at moment we are only testing our plugins with Maven 3.2.5 as lowest
version... we had the same dicussion more than a year before[1].

I see it simply as that:

We don't test all our plugins against versions like:

3.0.5, 3.1.1

This implies those plugins versions are not active being tested via our
CI...

The lowest version which we are currently testing is 3.2.5 see [2] and [3]

Apart from that:

The implication saying we define EoL for version X does not mean we will
backport some issues to other versions....maybe we decide to do that
based on Security issue etc. (the only reason I can imagine to do that)..

Furthermore the part you have suggest to support 3.6.X line with patches
for a time has never been done for earlier versions as well. We alway
work on most recent version..as you already mention we recommend in all
tickets to upgrade first...that strategy should being kept..


 From my point of view we should lift a new baseline to Maven 3.3.9 as
lowest version...any other version should be define as End Of Life...



Kind regards
Karl Heinz Marbaise

[1]
https://lists.apache.org/thread.html/9e0d47814e84b75ac87bc88c84c1c029fe4b63beed46c82dab1121b9%40%3Cdev.maven.apache.org%3E
[2]
https://builds.apache.org/view/M-R/view/Maven/job/maven-box/job/maven-surefire/job/master/
[3]
https://builds.apache.org/view/M-R/view/Maven/job/maven-box/job/maven-compiler-plugin/job/master/

On 14.12.19 12:43, Michael Osipov wrote:

> Am 2019-12-14 um 12:31 schrieb Karl Heinz Marbaise:
>> Hi,
>>
>> based on the history we have defined Maven 2.X EoL five years after the
>> last release...[1]
>>
>> Based on that I would suggest to define End Of Life for the following
>> Maven versions cause their release date is also five years ago...
>>
>>
>> Maven 3.0.5...3.2.5 included.
>>
>> We have never backported some things in the last five year...
>>
>> WDYT?
>
> That sounds like a plan, but not honest enough. If we include 3.3.9 and
> 3.5.4 we ultimately say that we still support this and patch it. But we
> don't! In tickets we require always to try to the latest version.
>
> What I would see as honest is that we would support 3.6.x with bugfixes
> for some amount of time and have a line moving forward, 3.7.x.
> Everything else is just a lie.
>
> Michael
>


---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: Defining EoL for Older Maven Versions

Karl Heinz Marbaise-3
Hi,

On 14.12.19 13:14, Michael Osipov wrote:
> If so, we have to define what "Support" and "Test" mean and post that on
> the website. I think this is an issue!

Very good point.

Kind regards
Karl Heinz Marbaise

>
> M
>
> Am 2019-12-14 um 13:07 schrieb Karl Heinz Marbaise:
>> Hi,
>>
>> I have a different opionion about End Of Life ...
>>
>> at moment we are only testing our plugins with Maven 3.2.5 as lowest
>> version... we had the same dicussion more than a year before[1].
>>
>> I see it simply as that:
>>
>> We don't test all our plugins against versions like:
>>
>> 3.0.5, 3.1.1
>>
>> This implies those plugins versions are not active being tested via our
>> CI...
>>
>> The lowest version which we are currently testing is 3.2.5 see [2] and
>> [3]
>>
>> Apart from that:
>>
>> The implication saying we define EoL for version X does not mean we will
>> backport some issues to other versions....maybe we decide to do that
>> based on Security issue etc. (the only reason I can imagine to do that)..
>>
>> Furthermore the part you have suggest to support 3.6.X line with patches
>> for a time has never been done for earlier versions as well. We alway
>> work on most recent version..as you already mention we recommend in all
>> tickets to upgrade first...that strategy should being kept..
>>
>>
>>  From my point of view we should lift a new baseline to Maven 3.3.9 as
>> lowest version...any other version should be define as End Of Life...
>>
>>
>>
>> Kind regards
>> Karl Heinz Marbaise
>>
>> [1]
>> https://lists.apache.org/thread.html/9e0d47814e84b75ac87bc88c84c1c029fe4b63beed46c82dab1121b9%40%3Cdev.maven.apache.org%3E
>>
>> [2]
>> https://builds.apache.org/view/M-R/view/Maven/job/maven-box/job/maven-surefire/job/master/
>>
>> [3]
>> https://builds.apache.org/view/M-R/view/Maven/job/maven-box/job/maven-compiler-plugin/job/master/
>>
>>
>> On 14.12.19 12:43, Michael Osipov wrote:
>>> Am 2019-12-14 um 12:31 schrieb Karl Heinz Marbaise:
>>>> Hi,
>>>>
>>>> based on the history we have defined Maven 2.X EoL five years after the
>>>> last release...[1]
>>>>
>>>> Based on that I would suggest to define End Of Life for the following
>>>> Maven versions cause their release date is also five years ago...
>>>>
>>>>
>>>> Maven 3.0.5...3.2.5 included.
>>>>
>>>> We have never backported some things in the last five year...
>>>>
>>>> WDYT?
>>>
>>> That sounds like a plan, but not honest enough. If we include 3.3.9 and
>>> 3.5.4 we ultimately say that we still support this and patch it. But we
>>> don't! In tickets we require always to try to the latest version.
>>>
>>> What I would see as honest is that we would support 3.6.x with bugfixes
>>> for some amount of time and have a line moving forward, 3.7.x.
>>> Everything else is just a lie.
>>>
>>> Michael
>>>

---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: Defining EoL for Older Maven Versions

Karl Heinz Marbaise-3
In reply to this post by Karl Heinz Marbaise-3
On 15.12.19 12:14, Elliotte Rusty Harold wrote:
> Tentative +1.
>
> Is there any reason we would ever backport a fix to 3.0 or 3.2? E.g.
> this was the last release to support Java 1.6.

Unfortunately my crystal ball is under repair...I can't see into the
future...

I would say if we a really bad security issue would could decide to do a
backport for older releases...But based on the history I know and can
read through the mailing archives it has not happened yet...



>
> Or would we simply tell users to upgrade to 3.6.3?
>
>
> On Sat, Dec 14, 2019 at 6:31 AM Karl Heinz Marbaise <[hidden email]> wrote:
>>
>> Hi,
>>
>> based on the history we have defined Maven 2.X EoL five years after the
>> last release...[1]
>>
>> Based on that I would suggest to define End Of Life for the following
>> Maven versions cause their release date is also five years ago...
>>
>>
>> Maven 3.0.5...3.2.5 included.
>>
>> We have never backported some things in the last five year...
>>
>> WDYT?
>>
>> Kind regards
>> Karl Heinz Marbaise
>>
>>
>> [1]: https://maven.apache.org/docs/history.html#Maven_2
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: [hidden email]
>> For additional commands, e-mail: [hidden email]

---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: Defining EoL for Older Maven Versions

Manfred Moser-4
Chiming in late since I remember we discussed this before.

Here is my view.

All releases beyond the most recent one are essentially end of lifed. We never backport, we have no explicit support and whenever we fix something it goes into the next release.

That is what we concluded last time and that is the reason why the download page only offers the latest version.

Anything else is misleading our users with some sort of support or guarantee that things continue to work and are tested when really they are not.

Of course we make a best effort to keep things smooth ... but thats really where it ends.

Manfred

Karl Heinz Marbaise wrote on 2019-12-16 12:57 (GMT -08:00):

> On 15.12.19 12:14, Elliotte Rusty Harold wrote:
>> Tentative +1.
>>
>> Is there any reason we would ever backport a fix to 3.0 or 3.2? E.g.
>> this was the last release to support Java 1.6.
>
> Unfortunately my crystal ball is under repair...I can't see into the
> future...
>
> I would say if we a really bad security issue would could decide to do a
> backport for older releases...But based on the history I know and can
> read through the mailing archives it has not happened yet...
>
>
>
>>
>> Or would we simply tell users to upgrade to 3.6.3?
>>
>>
>> On Sat, Dec 14, 2019 at 6:31 AM Karl Heinz Marbaise <[hidden email]> wrote:
>>>
>>> Hi,
>>>
>>> based on the history we have defined Maven 2.X EoL five years after the
>>> last release...[1]
>>>
>>> Based on that I would suggest to define End Of Life for the following
>>> Maven versions cause their release date is also five years ago...
>>>
>>>
>>> Maven 3.0.5...3.2.5 included.
>>>
>>> We have never backported some things in the last five year...
>>>
>>> WDYT?
>>>
>>> Kind regards
>>> Karl Heinz Marbaise
>>>
>>>
>>> [1]: https://maven.apache.org/docs/history.html#Maven_2
>>>
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: [hidden email]
>>> For additional commands, e-mail: [hidden email]
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [hidden email]
> For additional commands, e-mail: [hidden email]
>


---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: Defining EoL for Older Maven Versions

Enrico Olivelli
Hi,

Some points:
In my experience upgrading Maven has never been a problem (thanks to the
great attention we pay to backward compatibility)

Maven versioning scheme is very unusual and I suppose that people really
don't care about it or even they can't understand. Maven version is useful
only to plugin developers.
If you really have  problem with Maven usually the fix is about upgrading a
plugin, a dependency of a plugin and rarely to upgrade Maven core.

So my take is that there is no need to have an explicit "support" for older
releases other than the last released.
The case of security vulnerabilities in Maven core, or probably in third
party dependency is important, but we can spin off a branch and create a
release

For old releases the code is available on github and ASF git repository,
anyone can create its own fork and eventually port his fix to the community

just my two cents
Enrico




Il giorno lun 16 dic 2019 alle ore 23:29 Manfred Moser <
[hidden email]> ha scritto:

> Chiming in late since I remember we discussed this before.
>
> Here is my view.
>
> All releases beyond the most recent one are essentially end of lifed. We
> never backport, we have no explicit support and whenever we fix something
> it goes into the next release.
>
> That is what we concluded last time and that is the reason why the
> download page only offers the latest version.
>
> Anything else is misleading our users with some sort of support or
> guarantee that things continue to work and are tested when really they are
> not.
>
> Of course we make a best effort to keep things smooth ... but thats really
> where it ends.
>
> Manfred
>
> Karl Heinz Marbaise wrote on 2019-12-16 12:57 (GMT -08:00):
>
> > On 15.12.19 12:14, Elliotte Rusty Harold wrote:
> >> Tentative +1.
> >>
> >> Is there any reason we would ever backport a fix to 3.0 or 3.2? E.g.
> >> this was the last release to support Java 1.6.
> >
> > Unfortunately my crystal ball is under repair...I can't see into the
> > future...
> >
> > I would say if we a really bad security issue would could decide to do a
> > backport for older releases...But based on the history I know and can
> > read through the mailing archives it has not happened yet...
> >
> >
> >
> >>
> >> Or would we simply tell users to upgrade to 3.6.3?
> >>
> >>
> >> On Sat, Dec 14, 2019 at 6:31 AM Karl Heinz Marbaise <[hidden email]>
> wrote:
> >>>
> >>> Hi,
> >>>
> >>> based on the history we have defined Maven 2.X EoL five years after the
> >>> last release...[1]
> >>>
> >>> Based on that I would suggest to define End Of Life for the following
> >>> Maven versions cause their release date is also five years ago...
> >>>
> >>>
> >>> Maven 3.0.5...3.2.5 included.
> >>>
> >>> We have never backported some things in the last five year...
> >>>
> >>> WDYT?
> >>>
> >>> Kind regards
> >>> Karl Heinz Marbaise
> >>>
> >>>
> >>> [1]: https://maven.apache.org/docs/history.html#Maven_2
> >>>
> >>> ---------------------------------------------------------------------
> >>> To unsubscribe, e-mail: [hidden email]
> >>> For additional commands, e-mail: [hidden email]
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: [hidden email]
> > For additional commands, e-mail: [hidden email]
> >
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [hidden email]
> For additional commands, e-mail: [hidden email]
>
>