akrabat
commented
7 years ago We'd love a PR that added something.
Current policy is that we only provide security fixes for Slim 2 and that we intend to continue bug fixing Slim 3 when Slim 4 comes out.
Closed ndobromirov closed 7 years ago
akrabat
commented
7 years ago We'd love a PR that added something.
Current policy is that we only provide security fixes for Slim 2 and that we intend to continue bug fixing Slim 3 when Slim 4 comes out.
ndobromirov
commented
7 years ago So if I am understanding it correctly the current policy is: Latest stable -> new features + bug fixes + security fixes. Latest stable (- 1) -> bug fixes + security fixes Latest stable (- 2) -> security fixes Latest stable (- 3) -> no support
Every transition is roughly 2 years. so to put this into a real example: Current stable is Slim 3 Slim 2 will continue to get fixes and security until Slim 4 is out. What's the current state of Slim 1 - security only?
When Slim 4 is out: (some time this year?) Slim 3 will get bug-fixes + security fixes. Slim 2 will get only security fixes.
So to answer my question (very roughly), Slim 2 will die when Slim 5 comes out. (some time 2019+).
I'd love to make a PR with that info, but first validate my thoughts.
Also if you can give me some concrete dates I can base the calendar on :) and also where the docks should be located in the repository.
akrabat
commented
7 years ago It's nowhere near that formal. Slim 2 doesn't get bug fixes any more, but does get security and PHP compatibility fixes. Slim 3 will get bug fixes after 4 comes out, but I don't know for how long.
ndobromirov
commented
7 years ago Ok, so Slim 2 EOL comes with Slim 4 (or very close after it), just as Slim 1 is not supported currently?
akrabat
commented
7 years ago Not really - if a security issue is found in Slim 2 after 4 is released and someone provides a PR that works, then I'll release a new version of 2.
ndobromirov
commented
7 years ago Well the support is if there is a security issue in Slim 4 and one year after it's release it is found and fixed in 4 and 3 and it's affecting 2. How does this affect Slim 2 at that point?
I've started this conversation due to an audit of a particular Slim 2 application. That was done in early 2015 (just before Slim 3 was out). As it is kind of important to use supported software, I will need to know the time-frame for them to migrate to newer version (3 or 4).
akrabat
commented
7 years ago If as security issue was found in 4 or 3 and we could determine that it affected 2 and we had the knowledge to safely back port, we would do.
i.e. we will make best efforts to fix known security issues in Slim 2+.
In practice, the differences between 2 and 3/4 are significant enough that it's unlikely to happen as there's so little shared code.
ndobromirov
commented
7 years ago Ok, so now that this was cleared the documentation PR should be against this this repository? https://github.com/slimphp/Slim-Website
I will try to make a draft sometime this week based on the information gathered here.
akrabat
commented
7 years ago That's the one.
ndobromirov
commented
7 years ago I will be marking this as closed and open a new issue against the other repository. Thanks! :)
For example PHP language has this documentation page: Supported Versions. Based on that information people can decide and plan for migrations from version to version.
I was not able to find anything similar in the documentation of Slim about the framework. I do not see it feasible for the maintainers to continue support for legacy versions of Slim indefinitely (even though it would be awesome for clients).
In that regard, as Slim 4 is on it's way, how long Slim 2 is going to be supported?