In Red Hat, we are shipping Ruby 1.9.3 as a part of Red Hat Software Collections product. It means that we are going to support Ruby 1.9.3 at least until September 30, 2016 [1]. If the time comes and Ruby 1.9.3 should be EOLed, I am willing to keep Ruby 1.9.3 branch updated as long as we support it in our products (or as long as I'll stay Ruby maintainer in Red Hat).
I think it makes sense to do a 12 month maintenance cycle so people can start upgrading. Although 2.0.0 is nearly a drop-in replacement, it's not that easy for larger apps. 12 months feels like a reasonable amount of time for people to upgrade. Once the first cycle is over then Vit or someone else can take over security backporting based on the conversation we had yesterday.
Updated by 
Updated by 
Updated by