On Fri, Aug 06, 2021 at 02:11:12PM +0100, Howard Chu wrote:
Planning to post this to -announce soon, any comments?
Just a reminder to everyone: the Project has a long-standing policy of doing active development on only one release version at a time. To allow time for migrations we provide some overlap from one release version to the next. E.g., while 2.5 is active we will still provide critical bugfixes for 2.4. Since 2.4 has been around for something like 14 years now people may have forgotten this policy.
This is a heads up that with 2.6 due for release in September, all updates to 2.4 will cease at that time. Likewise, when 2.7 is released next year all updates to 2.5 will cease.
Also for clarity: We consider "Critical" bugs to include security flaws resulting in unauthorized data disclosure, or unauthorized remote code execution. We do not consider assert() failures or crashes resulting only in Denial of Service as security flaws.
Sounds good and to the point.