Skip to content

Commit

Permalink
Drop obsolete info on yanking from security policy
Browse files Browse the repository at this point in the history
Versions may still be yanked for security reasons under specific
circumstances, but this is not the usual or most common practice in
GitPython, at least currently. Recent security updates have not
been accompanied by yanking older versions, and allowing these
versions to be selected automatically even when not called for
specifically can be good, such as to prevent an even older version
with even more vulnerabilities from being installed in situations
where for some reason the latest version is not yet being used.

In general, users shouldn't (and don't) assume all non-yanked
versions to be free of security fixes that later versions have
received. This change updates SECURITY.md to avoid giving that
impression, but of course some versions of GitPython may still be
yanked in the future if circumstances warrant it.
  • Loading branch information
EliahKagan committed Oct 13, 2023
1 parent 1e7d885 commit d6b678c
Showing 1 changed file with 1 addition and 2 deletions.
3 changes: 1 addition & 2 deletions SECURITY.md
Original file line number Diff line number Diff line change
Expand Up @@ -2,8 +2,7 @@

## Supported Versions

Only the latest version of GitPython can receive security updates. If a vulnerability is discovered, a fix can be issued in a new release, while older releases
are likely to be yanked.
Only the latest version of GitPython can receive security updates. If a vulnerability is discovered, a fix can be issued in a new release.

| Version | Supported |
| ------- | ------------------ |
Expand Down

0 comments on commit d6b678c

Please sign in to comment.