Hi, lifters. I wanted to let you know of a change to the Coordinated Disclosure Plan lifter task. Before, you simply let us know which plan you selected and where you linked to the plan information (either Tidelift’s or your own). Now, much like the Tell Potential Subscribers task, we’ll be checking that the URL you gave us contains the correct plan URL and, if it does, the task will be marked “completed”:
Like with Tell Potential Subscribers, this is checked daily and, if the link isn’t found due to moving files around or misconfiguration, the task will change status from “completed” to “to do”. When this rolls out this morning, it may cause this task to be marked as “to do” if we are unable to verify the plan URL. It’s important that your users know how to contact you (or us) in the case of a security issue, and our subscribers care that our lifters take security seriously, so be sure to get the task fixed up if needed.
Pretty soon we’ll be rolling out some other small improvements around setting up the Coordinated Disclosure Plan for new liftings, taking advantage of community health files in a GitHub repository or organization when possible to complete the task for you immediately upon approval. Thanks, and let us know if you have any questions or concerns.