I think we need to discuss in a meeting. I also would like to hear from Gorkem the
implications on it. Other than that, we can’t wait 12 months to apply security updates.
--
abstractj
On March 11, 2014 at 2:12:15 PM, Burr Sutter (bsutter(a)redhat.com) wrote:
> We are going to have to support a range of Cordova versions for
the following reasons:
1) Sync'ing with JBDS
2) Sync'ing with what is supported at any given moment - where
the supported version may only update 2 times a year
3) Addressing the fact that customers are slow to upgrade unless
there is a very real problem exposed in their specific application
- for example, if they don't use a particular Cordova plugin then
they might ignore a particular vulnerability that is tied to
a specific plugin. Another example, if their apps are only used
on 25 corporate executives phones, then they might determine
the vulnerability is less important (small, fixed audience).
We will need to pick a specific time window for all parties to "catch
up" like 12 months.