[dmoreno]

> It would be very unfortunate if free software users would have to remain vulnerable for a full year before they could have access to a newer version with a fix.

The last published version, even if its 12 months old, is and will be open source and free software, so it's up to the users and developers to keep it security updated. As with all free software. Is not as if Qt does not fix it nobody will. This is not closed software.

[Karliss]

Open source developers can keep working on the last published version but what happens after 12 months? Try to resolve 12 months worth of merge conflicts, hard fork and stop taking any further improvements from qt company, stop making any changes except the simplest bugfixes?

[em-bee]

isn't this effectively like android now?

[Karliss]

Yes and it is working badly. Ecosystem is fragmented. Phone manufacturers are struggling to keep up. Phone support gets dropped quickly, code written by manufacturers for specific phones gets thrown out. Open source fork maintainers need to gather code not only from Google but also each phone manufacturer. Open source forks die. Open source fork support for running newer Android version than one provided by manufacturer is limited, only a few versions at best and only for most popular phones (because solving 12month merge conflicts is hard).

That's with Android which is somewhat self-contained system and changes in external interfaces wifi protocols, mobile networks take long time and are incremental. Once a new version of windows or macOS comes out waiting 12 months is a big deal.