Back in July, my coworker John published a post here about version scheme and release support status. The goal was to get a better understanding of how maintainers think about the versioning schemes that they use for their packages, so that we could better direct subscribers to use the maintainer-recommended version of those packages.
Why? Not only will this help improve the health of our subscribers’ codebase (using the recommended versions!) but it would also (hopefully) improve life for maintainers—many of whom effectively support old versions—by consolidating users onto a smaller number of supported versions.
We currently use the Release Streams task to try to do this, but, frankly, it doesn’t work. As you probably know, the Release Streams task is really confusing, and is basically a giant wall of text.
In fact, this task has the lowest completion rate of any task on Tidelift: 58% completed, when I checked earlier this week
To solve this, we’d like to split the Release Streams task into two: a Version Scheme task, and a Security Updates Policy task.
Shown below, the Version Scheme task will ask you to identify the scheme you use for your package. Many packages use semantic versioning, but many don’t. Once we clarify this, we’ll be able to better understand how you approach versioning.
After completing the new Version Scheme task, you’ll be able to complete the Security Update Policy task (below). Here, we’ll look at all the different version streams (identified in the Version Scheme task) and ask you to mark how you plan to respond to security vulnerabilities on them.
Before we release these new changes, I’d love some feedback from you all (especially some of our many new lifters!):
- Do the versioning schemes shown in the Version Scheme task include how you approach versioning for your project? If not, what are we missing?
- Given that we’ll want to keep the Security Update Policy up-to-date in the future, what would fit best in your workflow to validate this open a new release? GUI? API? Something else?
Thank you, as always!