I wrote:
On 09/12/11 08:44, Trevor Parscal wrote:
I'd like to suggest something Neil has suggested before...
Maybe we could have an "API version" which corresponds to the rules given there, like the API version in PHP.
Our major versions (1.18 etc.) correspond to branches, and so we sometimes have to introduce non-backwards-compatible changes in minor releases in order to fix security vulnerabilities. If we only applied such security changes to new major releases, applying them would be tied to performing a major and potentially complex upgrade, which would slow down the mitigation process significantly.
Actually, come to think of it, PHP is probably a bad example for this. I told the PHP devs about a security vulnerability (a dangling pointer) in PHP 4, two years before the branch end-of-life, and they said they couldn't fix it in that branch because it would break the interface.
http://thread.gmane.org/gmane.comp.php.devel/34503
-- Tim Starling