Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Simplify security policy #2150

Merged
merged 1 commit into from
Feb 13, 2024
Merged

Simplify security policy #2150

merged 1 commit into from
Feb 13, 2024

Conversation

shadowspawn
Copy link
Collaborator

Pull Request

Problem

The timeframe for supporting old versions for six months is a bit unusual and needs extra info on how it is implemented (i.e. table of expiry dates). It is custom and does not fit into standard Tidelift support patterns.

Solution

Supporting security updates for current version and previous major version is simple to explain and understand. It is a standard pattern on Tidelift.

As long as we release the next major version longer than six months from now, the change is an extension to the support period, so ok to do now without waiting for a major release to change policy.

ChangeLog

Extend security support to full lifetime of previous major version.

@shadowspawn
Copy link
Collaborator Author

Have the same change pending here too: commander-js/extra-typings#60

abetomo
abetomo approved these changes Feb 12, 2024
View reviewed changes
Copy link
Collaborator

@abetomo abetomo left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

👍

@shadowspawn shadowspawn merged commit 623c01b into tj:develop Feb 13, 2024
8 checks passed
@shadowspawn shadowspawn deleted the feature/security-policy-rework branch February 13, 2024 06:20
@shadowspawn shadowspawn added the pending release Merged into a branch for a future release, but not released yet label Feb 13, 2024
@shadowspawn shadowspawn removed the pending release Merged into a branch for a future release, but not released yet label May 18, 2024
@shadowspawn
Copy link
Collaborator Author

Released in v12.1.0

@Exkaleburx Exkaleburx mentioned this pull request Jun 8, 2024
Open
@viqueen viqueen mentioned this pull request Jun 8, 2024
Closed
@OKEAMAH OKEAMAH mentioned this pull request Jun 9, 2024
Open
@nicomt nicomt mentioned this pull request Jun 9, 2024
Open
@calvin-kimani calvin-kimani mentioned this pull request Jun 9, 2024
Open
@StemmlerSisters StemmlerSisters mentioned this pull request Jun 9, 2024
Open
@OKEAMAH OKEAMAH mentioned this pull request Jun 9, 2024
Open
@Noggling Noggling mentioned this pull request Jun 10, 2024
Open
This was referenced Jun 19, 2024
Open
Open
@JoKacar JoKacar mentioned this pull request Jun 23, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@abetomo abetomo abetomo approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@shadowspawn @abetomo