We are going to have to support a range of Cordova versions for the following reasons:1) Sync'ing with JBDS
2) Sync'ing with what is supported at any given moment - where the supported version may only update 2 times a year
3) Addressing the fact that customers are slow to upgrade unless there is a very real problem exposed in their specific application - for example, if they don't use a particular Cordova plugin then they might ignore a particular vulnerability that is tied to a specific plugin. Another example, if their apps are only used on 25 corporate executives phones, then they might determine the vulnerability is less important (small, fixed audience).
We will need to pick a specific time window for all parties to "catch up" like 12 months.
I'd vote for encourage even if security should always be priority 1.
I feel that if the supported Cordova Lib versions of the AeroGear plugins are changed every time a security vulnerability is discovered and a new Cordova Lib version is released, then our plugins will always support only the latest Cordova Lib version.
Thanks,
Tolis
_______________________________________________
aerogear-dev mailing list
aerogear-dev@lists.jboss.org
https://lists.jboss.org/mailman/listinfo/aerogear-dev