Re: Release metadata from `reporter.apache.org`

Mon, 30 Dec 2024 00:32:02 -0800 

On 12/30/24 09:09, Piotr P. Karwasz wrote:

Hi all,

Do you know where the release metadata we supply in:

https://reporter.apache.org/addrelease.html

is stored?
https://projects.apache.org/json/foundation/ is probably what you are looking for.
I am planning to use it to generate some versioning guides for Apache projects, like the "Supported versions" page in Airflow[1].
For simple projects that follow semantic versioning and have a single development line, this should be enough to:
* tell users that all updates (including security updates) to a minor version (e.g. 1.10.x) cease once the next minor version is released.
* tell users that security updates to a major version (e.g. 1.x) cease after some reasonable time from the release of the next major version.
In a second phase I plan to allow PMCs to override the automatically generated data in their DOAP files, by extending the Apache DOAP ontology.
The ultimate goal is to generate machine-readable metadata that security scanners could use to tell users that: 

* commons-ognl is incubating (not ready for production),

* Log4j 1.x is EOL and even security reports are no longer accepted.
* Log4j 2.23.x is EOL, will never see a new release, but security reports are accepted and will be published. Security updates will of course be published as Log4j 2.24.x. 

* Aurora effectively reached EOL in February 2020.
While we do not have centralized EOL markers at present, this is part of the overall roadmap for the new release platform, along with other improvements in metadata such as vote/release audit logs and SBOMs. The platform will fall under the new Tooling team, which is expected to start up within a month or two, I believe. 



Piotr
[1] https://airflow.apache.org/docs/apache-airflow/stable/installation/ supported-versions.html 



---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@community.apache.org
For additional commands, e-mail: dev-h...@community.apache.org




---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@community.apache.org
For additional commands, e-mail: dev-h...@community.apache.org

Reply via email to