If there is interest in the community to backport security fixes to no longer supported versions of Django, what is the likelihood that a core dev would merge them in to the appropriate stable branch? This would not include packaging an official release, but would provide a way for those stuck on older versions a better way to help others who are similarly stuck. I realize that it does require time to verify pull requests and "too much effort" is a completely valid answer.
I'm not stuck and currently have no vested interest in backporting anything to unsupported versions. I'm only trying to further the discussion. Regards, Michael Manfre On Tue, Aug 13, 2013 at 11:21 AM, Jacob Kaplan-Moss <ja...@jacobian.org>wrote: > I'm sorry; I was snarkier and nastier than I should have been (and than I > intended to be). Thanks for calling me on it; I'll try to do better next > time. > > Jacob > > > On Tue, Aug 13, 2013 at 10:03 AM, Andre Terra <andrete...@gmail.com>wrote: > >> On Tue, Aug 13, 2013 at 9:22 AM, Jacob Kaplan-Moss <ja...@jacobian.org>wrote: >> >>> >>> >>>> We have apps in production running Django 1.3. There won't be any >>>> security fixes. If there's a critical vulnerability, we may have to do a >>>> lot of unpaid work to either backport the fix, >>> >>> >>> I have to say I find this kinda hilarious: you *know* it's a lot of work >>> to backport stuff, and you'd like *us* to do that work instead of you. >>> >>> >>>> I'm not asking anyone to do my job for me (I hope) but it would be >>>> really nice to have something like 3 years of support for core >>>> infrastructure like Django, that's really painful to upgrade, and even more >>>> painful to replace. It would certainly help me to sleep better at night. >>>> >>> >>> But you are, actually, asking us to work for you. And we're happy to do >>> it! This is what open source is all about; volunteering to do work (often >>> rather thankless work) to help other people sleep at night. But there's a >>> limit to the free time we have, and there's a limit to the amount of scut >>> work you can expect a volunteer community to do for you. >>> >> >> >> Not to hijack the thread purposely, but it's hard not to point out what a >> great example of "poor attitude" this is, as was called out in a thread >> here on django-developers a while back[0]. Since you'd rather not have >> discussions *post facto*, I guess it doesn't hurt to be timely. >> >> Cheers, >> AT >> >> [0] >> https://groups.google.com/forum/#!topic/django-developers/DUQtBrM2iTs/discussion >> >> -- >> You received this message because you are subscribed to the Google Groups >> "Django developers" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to django-developers+unsubscr...@googlegroups.com. >> To post to this group, send email to django-developers@googlegroups.com. >> Visit this group at http://groups.google.com/group/django-developers. >> For more options, visit https://groups.google.com/groups/opt_out. >> >> >> > > -- > You received this message because you are subscribed to the Google Groups > "Django developers" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to django-developers+unsubscr...@googlegroups.com. > To post to this group, send email to django-developers@googlegroups.com. > Visit this group at http://groups.google.com/group/django-developers. > For more options, visit https://groups.google.com/groups/opt_out. > -- You received this message because you are subscribed to the Google Groups "Django developers" group. To unsubscribe from this group and stop receiving emails from it, send an email to django-developers+unsubscr...@googlegroups.com. To post to this group, send email to django-developers@googlegroups.com. Visit this group at http://groups.google.com/group/django-developers. For more options, visit https://groups.google.com/groups/opt_out.
