Create definitions.md #13
Conversation
This document **draft** aims to clearly define key terms related to the lifecycle of software and hardware products, providing a reference for understanding various phases from sales or creation to support termination. This is just a starting point and the TC will provide additional edits, inputs, etc. Fixes #11
|
|
||
| **Definition:** This term indicates the final phase of a software product’s lifecycle during which the developer ceases to provide maintenance services, including security patches, bug fixes, or any other form of software updates. Beyond this point, the software may become vulnerable to security risks as new threats emerge. However, a vendor may still support technical questions and may also investigate vulnerabilities in their products without providing a fix. | ||
|
|
||
| ## 4. Last Date of Support (End-of-Support) |
There was a problem hiding this comment.
A comment was received to expand this title to "Last Date of Support ( LDoS ) or End-of-Support (EoS) Date"
There was a problem hiding this comment.
Agree, This titles are better however shorter form EoS can get confused between End of Sale & End of Support, End of Service. If everyone agree we can use long form everywhere.
There was a problem hiding this comment.
I think abbreviations will occur naturally - better we define them here. So that it is clear, who gets the acronym "EoS"...
|
|
||
| ## 4. Last Date of Support (End-of-Support) | ||
|
|
||
| **Definition:** The Last Date of Support, or End-of-Support, refers to the final date when all types of support, including technical, maintenance, and security updates, will be provided for a software or hardware product. After this date, the product is considered unsupported and may pose risks or operational inefficiencies for users. |
There was a problem hiding this comment.
A new item/definition that we should add is "Extended Support" as suggested in #15
There was a problem hiding this comment.
This defination mostly seen on Operating System, taking a try .. please review/update.
Term : End of Extended Support
Definition : Extended Support period is when only critical security are provided under special agreements and after End of Extended Support date there is no support is provided.
There was a problem hiding this comment.
Similar to Extended Support, different segment may have a specialized term/definition. Can we allow Additional definition where a company/vendor/partner can put a custom information as text, URL ?
There was a problem hiding this comment.
Similar to Extended Support, different segment may have a specialized term/definition. Can we allow Additional definition where a company/vendor/partner can put a custom information as text, URL ?
To be frank: That is a bad idea. A standard should cover most (if not all) use cases. Introducing a way to use own definitions will actually prevent people from leaving their old system behind and following the standard. As user, I want to have one dataset that is comparable, not hundreds and being forced to figure out the mapping between the companies definition and OpenEoX...
There was a problem hiding this comment.
This defination mostly seen on Operating System, taking a try .. please review/update. Term : End of Extended Support Definition : Extended Support period is when only critical security are provided under special agreements and after End of Extended Support date there is no support is provided.
I had the same idea. Maybe, we need to differentiate between standard and extended support? Or paid/unpaid?
There was a problem hiding this comment.
I do agree with @tschmidtb51 that arbitrary definitions can lead to problems.
But there are products out there with at least three different "levels" of support and I suspect others might have more.
So, I do believe that the standard should allow for "a list of support definitions" the interpretation of which can be up to the user.
e.g. RedHat has "Full Support", "Maintenance Support", "Extended Update Support"
Ubuntu has something similar.
We need to be able to model those kinds of things and I don't think the standard should mandate how many levels are allowed.
"paid/unpaid" -> this seems more like an attribute on a support level.
There was a problem hiding this comment.
I agree. Unfortunately, sometimes the tools (i.e., CMDB, vuln mgmt, scanners) will be the ones making the "interpretation" of these definitions, so we may need to find a balance.
|
Can we add "Product or Product Identification" in definition. This will be basic term for which the community is defining EoS, LDoS, EoM etc information . |
There was a problem hiding this comment.
@santosomar Thank you for making the first draft - sorry for the late reply.
I have a few comments and will send out an email to the TC to facilitate the discussion.
|
|
||
| ## 1. Software End-of-Life (SEoL) or Software End-of-Sales (SEoS) | ||
|
|
||
| **Definition:** Software End-of-Life refers to the stage in a software product's lifecycle where it is no longer sold. |
There was a problem hiding this comment.
I think we need to clarify somewhere that those only apply to in regards to the entity making the statement. There is an aftermarket for some things... (same applies to all definitions).
There was a problem hiding this comment.
Also: I would prefer to use "End-of-Sales" as definition point, if we are defining it based on the "sold" attribute.
There was a problem hiding this comment.
We need to communicate clearly, whether EoL and EoS is the same. IMHO it is not.
There was a problem hiding this comment.
EoS doesn't really apply to Open Source software and we often mark something as EoL.
So, either those are two distinct things (EoS / EoL) or the attribute "sold" should not be used.
In other words: I do agree with @tschmidtb51 that these are two distinct things.
|
|
||
| **Definition:** Hardware End-of-Life signifies the phase where a piece of hardware (like a server, router, or computer component) is no longer sold by its manufacturer. | ||
|
|
||
| ## 3. End-of-Software Maintenance or Security Vulnerability Support |
There was a problem hiding this comment.
I think those are two distinct things:
- End of Software Maintenance: No bugfixes, no new feature
- End of Security vulnerability Support: no more security fixes
This also reflects what is currently done by many open source projects (not backporting new features, but keeping security up-to-date for a while) and commercial products (e.g. Windows 10)
|
|
||
| **Definition:** This term indicates the final phase of a software product’s lifecycle during which the developer ceases to provide maintenance services, including security patches, bug fixes, or any other form of software updates. Beyond this point, the software may become vulnerable to security risks as new threats emerge. However, a vendor may still support technical questions and may also investigate vulnerabilities in their products without providing a fix. | ||
|
|
||
| ## 4. Last Date of Support (End-of-Support) |
There was a problem hiding this comment.
I think abbreviations will occur naturally - better we define them here. So that it is clear, who gets the acronym "EoS"...
|
|
||
| ## 4. Last Date of Support (End-of-Support) | ||
|
|
||
| **Definition:** The Last Date of Support, or End-of-Support, refers to the final date when all types of support, including technical, maintenance, and security updates, will be provided for a software or hardware product. After this date, the product is considered unsupported and may pose risks or operational inefficiencies for users. |
There was a problem hiding this comment.
Similar to Extended Support, different segment may have a specialized term/definition. Can we allow Additional definition where a company/vendor/partner can put a custom information as text, URL ?
To be frank: That is a bad idea. A standard should cover most (if not all) use cases. Introducing a way to use own definitions will actually prevent people from leaving their old system behind and following the standard. As user, I want to have one dataset that is comparable, not hundreds and being forced to figure out the mapping between the companies definition and OpenEoX...
|
|
||
| ## 4. Last Date of Support (End-of-Support) | ||
|
|
||
| **Definition:** The Last Date of Support, or End-of-Support, refers to the final date when all types of support, including technical, maintenance, and security updates, will be provided for a software or hardware product. After this date, the product is considered unsupported and may pose risks or operational inefficiencies for users. |
There was a problem hiding this comment.
This defination mostly seen on Operating System, taking a try .. please review/update. Term : End of Extended Support Definition : Extended Support period is when only critical security are provided under special agreements and after End of Extended Support date there is no support is provided.
I had the same idea. Maybe, we need to differentiate between standard and extended support? Or paid/unpaid?
There was a problem hiding this comment.
We may add a little more rigor through including services and releases respectively.
"This document aims to clearly define key terms related to the lifecycle of specifications, software, services, and hardware products, providing a reference for understanding various phases including but not limited to creation, releases, sales, until support termination.
Co-authored-by: tschmidtb51 <[email protected]>
Thank you @camaleon2016 ! Great point. I will incorporate those edits to the document. |
|
During the TC meeting on 2024-06-19, and within the comments of this PR, it was suggested to separate each definition into separate Github issues. |
|
I am closing this PR and all the work will be done in separate pull requests and the aforementioned and linked issues. |
This document draft aims to clearly define key terms related to the lifecycle of software and hardware products, providing a reference for understanding various phases from sales or creation to support termination.
This is just a starting point and the TC will provide additional edits, inputs, etc.
Fixes #11