pgjdbc/pgjdbc GitHub issues and pull requests (mirror)
help / color / mirror / Atom feedFrom: sehrope (@sehrope) <[email protected]>
To: pgjdbc/pgjdbc <[email protected]>
Subject: Re: [pgjdbc/pgjdbc] PR #4079: docs: spell out the proactive-security window in SECURITY.md
Date: Wed, 20 May 2026 11:35:30 +0000
Message-ID: <[email protected]> (raw)
In-Reply-To: <[email protected]>
References: <[email protected]>
If I'm reading this correctly, you're suggesting we publish 10 versions of the driver, continue to support all of them, and every time we release a new version, we commit to supporting it as a release line for 5 years?
That's way too many versions for something that is inherently supposed to be backwards compatible. We go out of our way to avoid breaking changes. And if there are any, unless there is a security reason why we cannot revert them, we consider breaking changes to be bugs that need to be fixed.
Users really should be using the latest version of the driver. For the 99.9999999% of people that are on JDK8+, there is no technical reason they cannot. It's purely bureaucratic.
If we are going to have multiple concurrent supported versions, perhaps an "LTS" model is more appropriate (see https://nodejs.org/en/about/previous-releases). We could periodically cut a new release that we would commit to supporting for a known timeframe. Only CVEs would be backpatched and user's could choose to use those branches knowing they will never get anything added or improved.
We could have a fixed number of LTS release lines active at any given time (I like just one...). When one ends, we start a new one using the latest non-LTS release. That could be a fixed schedule or whenever we as a group decide to do so. But it'd be well defined with specific off ramp.
And regarding the JDK 6/7 versions, I think we just scrap them entirely.
view thread (10+ messages) latest in thread
reply
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Reply to all the recipients using the --to and --cc options:
reply via email
To: github://pgjdbc/pgjdbc
Cc: [email protected], [email protected]
Subject: Re: [pgjdbc/pgjdbc] PR #4079: docs: spell out the proactive-security window in SECURITY.md
In-Reply-To: <<[email protected]>>
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
This inbox is served by agora; see mirroring instructions
for how to clone and mirror all data and code used for this inbox