Hi Not sure if this is useful, but I thought it might be helpful to throw my perspective as someone who has built four sites with Django (two of which are public, and one of those has to be HIPAA compliant). I will update to dot releases after the main release to give the main release time to shake out, so I will do 1.4.x to 1.5.1. And I will update to security releases as soon as they come out. I have done 1.3.x -> 1.4.x -> 1.5.x and they have all been painless, each migration taking less than 1/2 day. Point being that back-porting is not something I would ever need.
Cheers François On Aug 13, 2013, at 11:34 AM, Michael Manfre <mman...@gmail.com> wrote: > If there is interest in the community to backport security fixes to no longer > supported versions of Django, what is the likelihood that a core dev would > merge them in to the appropriate stable branch? This would not include > packaging an official release, but would provide a way for those stuck on > older versions a better way to help others who are similarly stuck. I realize > that it does require time to verify pull requests and "too much effort" is a > completely valid answer. > > I'm not stuck and currently have no vested interest in backporting anything > to unsupported versions. I'm only trying to further the discussion. > > Regards, > Michael Manfre > > > > On Tue, Aug 13, 2013 at 11:21 AM, Jacob Kaplan-Moss <ja...@jacobian.org> > wrote: > I'm sorry; I was snarkier and nastier than I should have been (and than I > intended to be). Thanks for calling me on it; I'll try to do better next time. > > Jacob > > > On Tue, Aug 13, 2013 at 10:03 AM, Andre Terra <andrete...@gmail.com> wrote: > On Tue, Aug 13, 2013 at 9:22 AM, Jacob Kaplan-Moss <ja...@jacobian.org> wrote: > > We have apps in production running Django 1.3. There won't be any security > fixes. If there's a critical vulnerability, we may have to do a lot of unpaid > work to either backport the fix, > > I have to say I find this kinda hilarious: you *know* it's a lot of work to > backport stuff, and you'd like *us* to do that work instead of you. > > I'm not asking anyone to do my job for me (I hope) but it would be really > nice to have something like 3 years of support for core infrastructure like > Django, that's really painful to upgrade, and even more painful to replace. > It would certainly help me to sleep better at night. > > But you are, actually, asking us to work for you. And we're happy to do it! > This is what open source is all about; volunteering to do work (often rather > thankless work) to help other people sleep at night. But there's a limit to > the free time we have, and there's a limit to the amount of scut work you can > expect a volunteer community to do for you. > > > Not to hijack the thread purposely, but it's hard not to point out what a > great example of "poor attitude" this is, as was called out in a thread here > on django-developers a while back[0]. Since you'd rather not have discussions > post facto, I guess it doesn't hurt to be timely. > > Cheers, > AT > > [0] > https://groups.google.com/forum/#!topic/django-developers/DUQtBrM2iTs/discussion > > -- > You received this message because you are subscribed to the Google Groups > "Django developers" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to django-developers+unsubscr...@googlegroups.com. > To post to this group, send email to django-developers@googlegroups.com. > Visit this group at http://groups.google.com/group/django-developers. > For more options, visit https://groups.google.com/groups/opt_out. > > > > > -- > You received this message because you are subscribed to the Google Groups > "Django developers" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to django-developers+unsubscr...@googlegroups.com. > To post to this group, send email to django-developers@googlegroups.com. > Visit this group at http://groups.google.com/group/django-developers. > For more options, visit https://groups.google.com/groups/opt_out. > > > -- > You received this message because you are subscribed to the Google Groups > "Django developers" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to django-developers+unsubscr...@googlegroups.com. > To post to this group, send email to django-developers@googlegroups.com. > Visit this group at http://groups.google.com/group/django-developers. > For more options, visit https://groups.google.com/groups/opt_out. > > -- You received this message because you are subscribed to the Google Groups "Django developers" group. To unsubscribe from this group and stop receiving emails from it, send an email to django-developers+unsubscr...@googlegroups.com. To post to this group, send email to django-developers@googlegroups.com. Visit this group at http://groups.google.com/group/django-developers. For more options, visit https://groups.google.com/groups/opt_out.
