Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add security policy #60

Merged
merged 2 commits into from
Feb 10, 2024
Merged

Add security policy #60

merged 2 commits into from
Feb 10, 2024

Conversation

shadowspawn
Copy link
Contributor

I am going through the process of "lifting" this project on Tidelift.
NB: There is not any current income!
You can apply as a lifter now too @abetomo , or leave it until later.

I copied the security policy from Commander, but have a question about it and Tidelift.

Tidelift has some simple options to describe the "security maintenance plan". I came up with six month support for older versions, which is not covered by their "common" plans. We could perhaps switch to support for one previous major version. This would usually be about a year since we do major versions to drop unsupported versions of node. (And the previous version of Commander we are supporting would usually include one unsupported version of node.)

The "one previous version" is nice and simple to describe, which I like. Alone it doesn't give any fixed minimum or maximum duration for support of the old version which I see as a small downside (say if we released a new major version every week!).

Shall I have a go at rewording so our policy covers "previous version" without a maximum time?

@abetomo
Copy link
Contributor

abetomo commented Feb 7, 2024

I agree.
I too think "one previous version" is better.

@shadowspawn
Copy link
Contributor Author

Trying very simple: no example, no table. I think this is fairly clear unless the reader does not know what a major version number is.

abetomo
abetomo approved these changes Feb 10, 2024
View reviewed changes
Copy link
Contributor

@abetomo abetomo left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

👍

@shadowspawn shadowspawn merged commit c09ce23 into develop Feb 10, 2024
12 checks passed
@shadowspawn shadowspawn deleted the feature/tidelift branch February 10, 2024 21:29
@shadowspawn shadowspawn added the pending release On a branch for eventual release, but not yet merged to main. label Feb 11, 2024
@shadowspawn shadowspawn mentioned this pull request Feb 11, 2024
Merged
@shadowspawn shadowspawn mentioned this pull request Mar 1, 2024
Merged
@shadowspawn shadowspawn removed the pending release On a branch for eventual release, but not yet merged to main. label Mar 1, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@abetomo abetomo abetomo approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@shadowspawn @abetomo