Surly this is just a formality. If there have not been updates for two years they are pretty-much dead projects anyway. Conversely if you have been running on an old system for two years without problems then its likely to be pretty stable, so you can just stick with it on the understanding that there will be no fixes or enhancements.
Mostly. But if you found a really, really nasty security bug, does Apache go "OMG we must fix this" and release a vulnerability alert and a new point release even though it's been two years, or do they say that "that one's out of any kind of support, even extended security-only support, go upgrade because we won't even look at it". That is an important cutoff, even though nothing much happens with any product 3+ years after its release.
Surly this is just a formality (Score:3, Interesting)
Re:Surly this is just a formality (Score:2)
Mostly. But if you found a really, really nasty security bug, does Apache go "OMG we must fix this" and release a vulnerability alert and a new point release even though it's been two years, or do they say that "that one's out of any kind of support, even extended security-only support, go upgrade because we won't even look at it". That is an important cutoff, even though nothing much happens with any product 3+ years after its release.
Re: (Score:2)
That's what Apache presently does with the Win32 versions for deprecated Windows releases [apache.org].
(Note the unsubtle hints that Apache for Windows never was a good idea.)