You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Drop obsolete info on yanking from security policy
Versions may still be yanked for security reasons under specific
circumstances, but this is not the usual or most common practice in
GitPython, at least currently. Recent security updates have not
been accompanied by yanking older versions, and allowing these
versions to be selected automatically even when not called for
specifically can be good, such as to prevent an even older version
with even more vulnerabilities from being selected in situations
where for some reason the latest version cannot yet be used.
In general, users shouldn't (and don't) assume all non-yanked
versions to be free of security fixes that later versions have
received. This change updates SECURITY.md to avoid giving that
impression, but of course some versions of GitPython may still be
yanked in the future if circumstances warrant it.
Copy file name to clipboardexpand all lines: SECURITY.md
+1-2
Original file line number
Diff line number
Diff line change
@@ -2,8 +2,7 @@
2
2
3
3
## Supported Versions
4
4
5
-
Only the latest version of GitPython can receive security updates. If a vulnerability is discovered, a fix can be issued in a new release, while older releases
6
-
are likely to be yanked.
5
+
Only the latest version of GitPython can receive security updates. If a vulnerability is discovered, a fix can be issued in a new release.
0 commit comments