Greetings ruby-core, We just started this conversation on the security mailing list, but I'm moving it here so more people can contribute to the discussion. Yugui is no longer maintaining (or has expressed that she no longer wishes to maintain) the 1.9.2 branch going forward. Since this change wasn't announced very publicly before it happened I'm afraid people may be caught off guard and may not be prepared to upgrade. I'd like to take over maintainership of 1.9.2 for a short period of time; as for how long the branch should continue on is up for discussion. 3-6 months seems reasonable to me, not sure how people feel about that? Hopefully this will get the conversation started. Once we have a decision made it'd probably make sense to announce an exact date so people know when 1.9.2 will no longer receive security fixes. -Sam
on 2013-11-27 14:57
on 2013-12-03 17:11
Oops, accidentally sent this to ruby-cvs. Thanks for bringing this up Sam! I was also surprised to find that 1.9.2 did not have a public EOL announcement on the site. I've been talking with Zach, it'd be great if we could announce some more formal release stuff with the 2.1.0 announcement that 1.9.2 is EOL. I'd be happy to help maintain security backports to 1.9.2 and work with Sam while Heroku has to do it. I'm working on our end of life policies for Heroku and I think we'll have to maintain 1.8.7/1.9.2 until June next year for our customers. We're looking at a 6 month time frame of announcing EOL and when we can actually do it.