Hi, all! This is a draft for a tor long-term support policy for the program "tor". Please let me know what you think. It's based on earlier work and surveys, but it isn't final till we say it is, and it needs more commentary. Please keep in mind that dropping support for any old release is an inconvenience to some nice busy people, and that supporting any old release is an inconvenience to other nice busy people. Therefore, "don't inconvenience anybody" is not a viable goal here: instead we are stuck with a balancing act. Also please remember the bikeshed. ;) http://bikeshed.com/ == Background == In the past, Tor has had no actual policy for how long we support older releases of the core "tor" network program. We've aimed for informal rules like "support old releases as long as it isn't too much trouble," or "support old releases as long as a lot of people really need it," but these aren't working so well with our new release schedule. The good thing about our new release schedule is that we try to put out two stable release series per year, when previously we were finishing release series once every ~18 months. But this means that, to support the last N years of releases, we need to support three times as many older release series as we did before. This won't scale, and probably isn't a good use of our time. Therefore, we're adopting a practice from several other free software projects with a rapid release schedule: we are going to support some Tor releases for different amounts of time than others. == Levels of support == Here's the plan. * Every new release series will be supported for at least nine months after it becomes stable, and for at least three months after another release series becomes stable. Example: * The first 0.2.8.x stable release was released in August 2016. So it will be supported until at least 9 months later, in May 2017. But if the first 0.2.9.x stable release had not been released until April 2017, we'd keep supporting 0.2.8.x for another 3 months past that point, to July 2017. * Occasionally, we will designate some Tor release series as "long-term support" releases. These will be supported for an amount of time to be announced in advance -- typically, for 3 years. * For the release series that exist today, we will support them according to the schedule at the end of this document. == What does support entail? == For all supported releases, we intend: * Information needed to connect to the Tor network (directory authorities, fallback directories, geoip tables) will be kept up-to-date. * Important security issues will get fixed. * Major stability issues will get fixed. * Portability regressions will get fixed. * Portability bugs to major supported platforms will get fixed. For the most recent supported stable release only: * Misleading documentation will get fixed. * Smaller bugs that significantly impact user experience will get fixed. We do NOT expect: * That directory authorities will be able to run any but the two most recent stable releases. * That unsupported releases will all work on the Tor network. * That unsupported releases will all fail to work on the Tor network. * That older supported releases will provide the same privacy as the newer ones. == The obligatory disclaimer == This document is about plans, not promises. We'll try hard to follow through on these plans, but it's always possible that something unexpected will happen and we'll need to choose between following this policy to the letter and maintaining our users' security. If that happens, we'll aim for protecting our users. == Plan for current releases == 0.2.4.x, 0.2.6.x, and 0.2.7.x, will all receive at least one more stable release. Support for them will end on 1 August 2017. 0.2.8.x will be supported until 1 January 2018. 0.2.5.x is retroactively declared an LTS release, and will be supported until 1 May 2018. 0.2.9.x is an LTS release, and will be supported until at least 1 January 2020.