logos-messaging/packages
1
0
Fork 0
mirror of https://github.com/logos-messaging/packages.git synced 2026-01-04 07:03:13 +00:00
Code Issues Packages Projects Releases Wiki Activity

Add vulnerability management, bump SemVer version

Browse Source
This commit is contained in:
Federico Ceratto 2018-07-08 21:05:45 +01:00 committed by GitHub
parent d75de54703
commit c4f2a21f03
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 2 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
README.md
View File

@ -37,6 +37,7 @@ While we really appreciate your contribution, please follow the requirements: ot
* The package should build correctly with the latest Nim release * The package should build correctly with the latest Nim release
* The package should not contain files without a license or in breach of 3rd parties licensing * The package should not contain files without a license or in breach of 3rd parties licensing
* Non-mature packages should be flagged as such, especially if they perform security-critical tasks (e.g. encryption) * Non-mature packages should be flagged as such, especially if they perform security-critical tasks (e.g. encryption)
* If a vulnerability is found, make a patch release against the latest stable release (or more) that fixes the issue without introducing any other change.
* Tiny libraries should be avoided where possible * Tiny libraries should be avoided where possible
* Avoid having many dependencies. Use "when defined(...)" to enable optional features. * Avoid having many dependencies. Use "when defined(...)" to enable optional features.
* If abandoning a package, please tag it as "abandoned" * If abandoning a package, please tag it as "abandoned"
@ -44,7 +45,7 @@ While we really appreciate your contribution, please follow the requirements: ot
* Provide a contact email address. * Provide a contact email address.
* Optionally try to support older Nim releases (6 months to 1 year) * Optionally try to support older Nim releases (6 months to 1 year)
* Optionally GPG-sign your releases * Optionally GPG-sign your releases
* Optionally follow [SemVer](http://semver.org) * Optionally follow [SemVer 2](http://semver.org)
Your packages may be removed if the url stops working. It goes without saying Your packages may be removed if the url stops working. It goes without saying
that your pull request will not be accepted unless you fill out all of the that your pull request will not be accepted unless you fill out all of the