You don't have to keep up if you don't want to. Your apps will not stop working if you choose not to upgrade. I have apps still running on Rails 1.x and 2.x. They don't get huge traffic and they are meeting the customer's needs. There would be no business advantage for these particular customers if I had to charge them to upgrade.

Yes you do have to keep up. Because one day you'll go install your 2.3 app on a new server, and you'll have an incompatible version of some library because Rails 2.3 didn't specify version number dependencies.

Like what happened to Rails 3.0.7 and Rake 2 weeks ago.

That's why you use Bundler. In my experience Bundler solves this problem 100%. Lock your gems and get Ruby from RVM and the chances of nasty surprises are next to nil.

I wish the Rubygems guys would put down the crack pipe though. They're the one problem in this setup and, admittedly, they're a massive problem :(

Bundler didn't solve the Rake issue because by default, Rails doesn't put rake in the bundle :)

Another thing to learn.

Will they keep doing security patches for those?

They have been pretty good about doing that. There was a security patch for Rails 2.3.x 6 days ago: http://weblog.rubyonrails.org/2011/6/8/ann-rails-2-3-12-has-...

It's not just security (and other) patches for Rails, it's maintenance for the assorted plugins one inevitably ends up using.

If you've a Rails 2.x app with plugin ActsLikeWhatever, and you run into some problem with that plugin, chances are the fix will only be in the newest, non-Rails2, release.

Support for 2.3 will be dropped as soon as 3.1 is out.

It took me five minutes of reading the changelog to figure out what I have to stop using in 3.1. There are additional features that can be integrated into a workflow at whatever pace is desired. People are making a bigger deal of this than they should, I think.

It's possible that in the future I'll be complaining about changes. My point is just that climbing that first hill is fairly painless for a newbie.