[prev in list] [next in list] [prev in thread] [next in thread] 

List:       gnupg-users
Subject:    Re: Breaking changes
From:       Dan Kegel <dank () kegel ! com>
Date:       2018-05-23 11:56:46
Message-ID: CAPF-yOYtz4RTES1b=+3wBk7yc84oeDN52ddWM4Qnz=AVdCDE1g () mail ! gmail ! com
[Download RAW message or body]

On Tue, May 22, 2018 at 10:24 PM, Fiedler Roman <Roman.Fiedler@ait.ac.at> wrote:
> > https://en.wikipedia.org/wiki/GNU_Privacy_Guard
> > already give an end-of-life date for 2.0, but none for 1.4.
> > And since Ubuntu 16.04 includes 1.4, there are likely
> > to still be a few vocal 1.4 users out there.
> > 
> > How about announcing an end-of-life date for 1.4 that
> > is in the future (say, by 3 to 6 months)?
> 
> In my opinion, just "announcing" EOL (especially with such a short notice) is quite \
> bad practice for products aiming to be used in production setups also. This quite \
> negatively affects trust into the product as your costs may change quite rapidly. \
> You might argue, that companies should be used to paying for things. They are, but \
> they want to have some planning when they are expected to pay. Would you like your \
> car manufacturer announce, that your car is not secure any more in 6 month and that \
> you have to pay for non-standard maintenance, if you still want to operate it \
> securely? 
> Apart from that: some companies using open source software are non-profit \
> companies, like mine in research business. If our software strategy is bad - e.g. \
> because upstream forces us suddenly to switch/pay, where we did not expect it - \
> research funding money (mostly from the society) has to be used to keep the \
> projects running. 
> So when talking about EOL, gpg community should consider writing down a consistent \
> EOL strategy, similar to those of Ubuntu, Linux kernel or others or something like \
> I tried to argue for in the middle of \
> https://lists.gnupg.org/pipermail/gnupg-users/2018-May/060539.html

Yes, exactly!

And taking a look at https://www.ubuntu.com/info/release-end-of-life,
one sees that Ubuntu 12.04 and 14.04 have a final end of life in about
February 2019;
16.04 lives until Feb 2021.

To be kind to enterprise customers, GnuPG could pick one of
those two dates as the EOL for 1.4.  Matching 16.04's EOL
would strand the fewest users, but even just matching 14.04's
would make sense to a lot of people.

Also, gnupg.org should add a web page like
https://www.gnupg.org/release-end-of-life
that lays out the EOL for all released versions;
the only one with a clear EOL is 2.0.x, and that's a bit buried in
text on the front page.
- Dan

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users


[prev in list] [next in list] [prev in thread] [next in thread]

Configure | About | News | Add a list | Sponsored by KoreLogic