Andreas Bergmeier

@ramsey @joeldebruijn @Di4na One may derive that from what is said in the license, maybe.
My point is - explicit communication is better than implicit communication.
Thus I would advocate for explicitly defining with which latencies binaries will be provided, issues will be answered or security problems will be engaged.

And note that "never" should be a valid definition.

@joeldebruijn @Di4na Wanting provide no services is fair. Expecting to get more than zero is natural IMO.

This currently is an expectation game where everyone loses.
Thus my proposal is to be transparent about which services can be provided (no services is fair, too).
Keep in mind this is a recursive problem. Even if you would want to provide a certain service, your dependencies might not even allow it.

@Di4na I do disagree a bit. If you provide prebuilt software or packages, then IMO you de-facto act as a kind of "Supplier".
It would be really good to have a way of expressing on GitHub and friends which kind of Services one is prepared to provide - say "Prebuilt software", "Reaction to Issues in x days", ....
I feel like it needs to be more transparent in the software chain, which services one can expect - if any.