Hi all,
Do you know where the release metadata we supply in:
https://reporter.apache.org/addrelease.html
is stored?
I am planning to use it to generate some versioning guides for Apache
projects, like the "Supported versions" page in Airflow[1].
For simple projects that follow semantic versioning and have a single
development line, this should be enough to:
* tell users that all updates (including security updates) to a minor
version (e.g. 1.10.x) cease once the next minor version is released.
* tell users that security updates to a major version (e.g. 1.x) cease
after some reasonable time from the release of the next major version.
In a second phase I plan to allow PMCs to override the automatically
generated data in their DOAP files, by extending the Apache DOAP ontology.
The ultimate goal is to generate machine-readable metadata that security
scanners could use to tell users that:
* commons-ognl is incubating (not ready for production),
* Log4j 1.x is EOL and even security reports are no longer accepted.
* Log4j 2.23.x is EOL, will never see a new release, but security
reports are accepted and will be published. Security updates will of
course be published as Log4j 2.24.x.
* Aurora effectively reached EOL in February 2020.
Piotr
[1]
https://airflow.apache.org/docs/apache-airflow/stable/installation/supported-versions.html
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@community.apache.org
For additional commands, e-mail: dev-h...@community.apache.org
