Re: Meaning of ~~life~~ - end-of-life

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

Re: Meaning of ~~life~~ - end-of-life

Mirko Friedenhagen-5
Am 01.11.2018 um 13:10 schrieb Stephen Connolly <[hidden email]>:

>
> On Thu, 1 Nov 2018 at 11:57, Mirko Friedenhagen <[hidden email] <mailto:[hidden email]>>
> wrote:
>
>> # Meaning of life - for Maven Core
>> * For Maven 2[4] there is a dedicated page what EOL does mean.
>> * I think maybe we (I am not very active currently, sorry) should at least
>> manifest somewhere the meaning of life of a Maven core release as well.
>> * Some ideas follow, YMMV :-)
>>
>> ## Core gets patched!
>> * Looking at Maven's history page[2], I found no minor release was ever
>> updated to a new micro version after a new minor was released.
>> * So obviously a core version being not in the EOL state does not mean
>> that anything will be patched in a micro release (Or does it? Would a
>> „blocker" bug found in 3.0.5 lead to a 3.0.6?).
>>
>
> A critical security issue *might* be assessed by the PMC as warranting an
> update to some of the older release lines, but that would really require
> known compatibility issues that seriously block users upgrading to the
> latest and greatest Maven Core and a very serious security issue.
>
> Until we hit Maven 4.x and 5.x this should be mostly unlikely to occur...
> but I would not hold my breath


So for the practical issue of Homebrew, I would suggest to drop 3.0 and 3.1 as they are not even tested nowadays for compatibility with current plugins’ masters anyways.

Is the idea of having a page where your statement in regards of patching as decided by a PMC  is written down, so people know what to expect (or not) a good one or is this administrative overkill?

At least something like a standard test matrix page could be added to the Maven site, where the matrices are outlined. Anyone looking at the page may then decide how risky using an outdated version is.

Regards
Mirko
Reply | Threaded
Open this post in threaded view
|

Re: Meaning of ~~life~~ - end-of-life

rfscholte
On Thu, 01 Nov 2018 12:57:20 +0100, Mirko Friedenhagen  
<[hidden email]> wrote:

> Hello,
>
> # Preambel
> * I just opened a PR at Homebrew[0], a package manager for macOS, to  
> update Maven to 3.6.0.
> * First thing was, the Download page[1] still states 3.5.4 as latest and  
> greatest, which is a bit confusing given the change-date tells me it  
> changed just changed today.
> * And as Homebrew supports versioned packages, users may easily install  
> the latest micro-versions of minors 3.0, 3.1, 3.2, 3.3 and now of course  
> I wanted to add 3.5 to the mix.
> * One of the Homebrew maintainers now wants to remove at least one older  
> version. I agreed to start a discussion on this list :-)
> * After some searching I found the 3.0.5 EOL discussion[8], but could  
> not get a real conclusion. And today being a public holiday in the  
> catholic states of Germany I could not hinder myself to think about the:
>
>
> # Meaning of life - for Maven Core
> * For Maven 2[4] there is a dedicated page what EOL does mean.

IMO we should only talk about EOL for the major versions. Once Maven 3 is  
EOL, this maven-2-eol page will be replaced.
I don't intent to do this for every release saying explicitly: with this  
release we'll mark the previous as EOL.
Up until now nobody has asked to backport specific issues to a minor  
release of Maven3.

> * I think maybe we (I am not very active currently, sorry) should at  
> least manifest somewhere the meaning of life of a Maven core release as  
> well.
> * Some ideas follow, YMMV :-)
>
> ## Core gets patched!
> * Looking at Maven's history page[2], I found no minor release was ever  
> updated to a new micro version after a new minor was released.
> * So obviously a core version being not in the EOL state does not mean  
> that anything will be patched in a micro release (Or does it? Would a  
> „blocker" bug found in 3.0.5 lead to a 3.0.6?).
> * After a quick look into Jenkins I only found one job for master but  
> not for older „stable“ branches. master itself is built with 3.5.4.
> * Are there jobs which still build the older 3.x releases nowadays? Are  
> the old tags buildable?
>
>
> ## All Apache plugins and components are working with all cores!
> * Does it mean all Maven plugins and components developed by us are  
> tested against 3.0, 3.1, 3.2 and 3.3 and now 3.5 as well as 3.6?
> * Surefire[5] does have an impressing matrix, but I only see 3.5, 3.3  
> and 3.2 but not 3.1 or 3.0.
> * asfMavenTlpPlgnBuild does not include 3.0 or 3.1 either.

IIRC 3.1 is not available on the Jenkins of builds.a.o

And according to Olivier there's no need to test with 3.0 anymore, see
https://gitbox.apache.org/repos/asf?p=maven-jenkins-lib.git;a=commit;h=cf4396464a7d8ea19507e49c78dad77f94256bc7
I don't fully agree, but do understand this change. This will reduce the  
number of executions a little bit.

>
>
> ## Users may still download the old stuff!
> * This seems to be the case, all 3.X releases are downloadable from the  
> dist page[7]
>
>
> ## Users may still find the old documentation!
> * According to the history page[2] old documentation is still available.
>
> I am sure there is more that could be said.
>
> Best Regards
> Mirko
>
> [0] https://github.com/Homebrew/homebrew-core/pull/33572
> [1] https://maven.apache.org/download.cgi
> [2] https://maven.apache.org/docs/history.html
> [3] https://builds.apache.org/view/M-R/view/Maven/job/maven-box/
> [4] http://maven.apache.org/maven-2.x-eol.html
> [5]  
> https://builds.apache.org/view/M-R/view/Maven/job/maven-box/job/maven-surefire/job/master/
> [6]  
> https://gitbox.apache.org/repos/asf?p=maven-jenkins-lib.git;a=blob;f=vars/asfMavenTlpPlgnBuild.groovy;hb=HEAD
> [7] https://www.apache.org/dist/maven/maven-3/
> [8] https://markmail.org/message/k4o5nkhrvhb3j5a4
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [hidden email]
> For additional commands, e-mail: [hidden email]

---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]