The Drupal project has a long tradition of only supporting the two most recent, stable versions of core (currently that Drupal 7 & 8).

It was on February 24th, 2016 that support for Drupal 6 was officially dropped (including support from the Drupal Security Team).

There were a number of unprecedented things about Drupal 6's End-of-Life (EOL):

People actually, like, cared! When Drupal 5 (and earlier versions) were End-of-Lifed, no one made a peep. However, when Drupal 8's release was getting close (which meant Drupal 6's EOL was coming as well) a number of people in the community got quite upset at the "sudden" loss of support.
The EOL was postponed three months. Due to #1, for the first time, the Drupal Security Team supported three versions of Drupal (6, 7, & 8) at once.
Official Long-Term Support vendors were selected to continue security support after EOL. The Drupal Security Team sent out a call for applications by vendors to become official Drupal 6 LTS vendors, and ultimately, three vendors were selected: Acquia, Tag 1, and myDropWizard (a company I co-founded).
As both a member the Drupal Security Team and a representative of one of the Drupal 6 LTS vendors, I'd like to lead a conversation to discuss the following questions:

Did we do the right thing extending support for Drupal 6 by three months?
How has security support for Drupal 6 gone after the EOL?
Was selecting Drupal 6 LTS vendors the right thing to do, ie. did it solve the desire in the community to support Drupal 6 for longer?
How can we do better next time, ie. when Drupal 7 reaches it's EOL in 2-3 years time?
Come and join the discussion!