Over in #2136029 : Decide if and how to extend D6 security support 12 months past an 8.0.0 release there's been a very lively discussion on how to deal with the situation of having ~200K active Drupal 6 sites with Drupal 8 on its way. We're trying to strike a balance between allowing site owners and module developers ample time to migrate away from Drupal 6, while at the same time not unreasonably burdening Drupal's contributor community.
The latest proposal there by Dries is to extend support for security fixes only for Drupal 6 until one year past Drupal 8's release (or 8.2.0 in the new world order), in order to allow time for a viable migration path from D6 => D8 to materialize. We're actively seeking input from contrib maintainers on this proposal.
Note: the discussion is long, but the issue summary is up to date, so hopefully allows you to save some time. :)