On Fri, 2021-03-05 at 12:05 -0800, Jon Siwek wrote:
On Fri, Mar 5, 2021 at 6:21 AM James Lay <jlay@slave-tothe-box.net> wrote:

Ah...so....I think I'm misunderstanding something then. I'm currently on 3.2.3....which was released around December I think. As I read the email I read this as "you have two months to get off of Zeek 3". Is this not the case?

The situation/plan is:

* The core dev team will make 3.0.x (LTS) releases to patch any
security issues through April.
* The core dev team won't make any further 3.1.y or 3.2.z releases.

The release policy doesn't say anything about:

* Users need to get off particular releases: but there's risk
associated with staying unpatched or the effort of backporting
important patches themselves if they stay.
* The policy won't change: if there's an argument that convinces the
core dev team to provide patches for longer, then that's what happens.
* Other possible arrangements: where the core dev team aren't the ones
helping support older versions.  E.g. some scheme of giving wider
volunteer support access to manage the older `release/` branches in
the Zeek organization's Git repo or other community-driven
forking/patching model.

My understanding of the current plan: historically, there hasn't been
as much effort to avoid breaking changes as there has been for the
3.0.x to 4.0.0 (LTS) path, so the upgrade itself is hopefully a simple
process where a two month period is enough.  All plans for breaking
changes are revealed in deprecation warnings and release notes of
4.0.0, so people have more like 14+ months until 5.0.0 to adapt to any
of those more complex changes.  The non-LTS branches (e.g. 3.1.x and
3.2.y) were meant for those that can do upgrades quickly and care more
about using the latest features than about long support duration.

- Jon

Awesome thanks for the clarification...will be installing 4 soon enough ☺