From a29a8750c914ac1d13fc784994132a077d47e686 Mon Sep 17 00:00:00 2001 From: Eliah Kagan Date: Fri, 13 Oct 2023 02:23:07 -0400 Subject: [PATCH] Drop obsolete info on yanking from security policy Versions may still be yanked for security reasons under specific circumstances, but this is not the usual or most common practice in GitPython, at least currently. Recent security updates have not been accompanied by yanking older versions, and allowing these versions to be selected automatically even when not called for specifically can be good, such as to prevent an even older version with even more vulnerabilities from being selected in situations where for some reason the latest version cannot yet be used. In general, users shouldn't (and don't) assume all non-yanked versions to be free of security fixes that later versions have received. This change updates SECURITY.md to avoid giving that impression, but of course some versions of GitPython may still be yanked in the future if circumstances warrant it. --- SECURITY.md | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/SECURITY.md b/SECURITY.md index cf25c09ea..cbfaafdde 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -2,8 +2,7 @@ ## Supported Versions -Only the latest version of GitPython can receive security updates. If a vulnerability is discovered, a fix can be issued in a new release, while older releases -are likely to be yanked. +Only the latest version of GitPython can receive security updates. If a vulnerability is discovered, a fix can be issued in a new release. | Version | Supported | | ------- | ------------------ |