So, has anyone figured out an efficient process yet to 'freeze' all releases/versions of a piece of software so that people can keep using it as it is forever seemingly unchanged, while still providing security updates and ensuring interoperability of eg. file formats?
(This is not a "recommend me a tool" question. This is a *process* question.)
@joepie91 My understanding is that it's impossible, unless you have an extreme amount of engineers essentially maintaining all the dependencies by themselves. Like, most software and libraries don't have multiple major versions maintained upstream at once. So if you are on an older version - receiving a security update is either a (pretty custom) backport, or updating the dependency to latest.
@KFears Right, but "updating the dependency to latest" is more or less the direction I'm thinking in. Some kind of process to make that an (economically/time-wise) viable thing to do in a software maintenance process.
@joepie91 I don't think that's possible without extremely strict semver adherence from dependencies...