Formed in 2009, the Archive Team (not to be confused with the archive.org Archive-It Team) is a rogue archivist collective dedicated to saving copies of rapidly dying or deleted websites for the sake of history and digital heritage. The group is 100% composed of volunteers and interested parties, and has expanded into a large amount of related projects for saving online and digital history.
Join GitHub today
GitHub is home to over 50 million developers working together to host and review code, manage projects, and build software together.
Sign updocs: update contributing to mentions security yarn releases #1173
Conversation
|
I am not familiar with their process but only the security patch should be applied an the major and minor version should stay the same, if possible. |
|
BTW, any other teams we should also mention/tag? |
|
I believe that @tianon could also give us some valuable input. |
|
Many other images perform even minor component updates within the same patch release of their primary software, but regardless I think generally that security updates are always a good candidate for process exceptions since that typically matches the expectations of the majority of users (in other words, users will typically expect to get security updates as quickly as possible, regardless of the non-security-updates process). |
|
Thanks @tianon, that matches what I've seen (and my own expectation) as well |
|
Let's get this done |
SimenB commentedDec 18, 2019
@PeterDaveHello brought up a great point in #1170 (comment) - our current policy states that we only update yarn when there's new releases of node. I somewhat regret just moving on instead of backing out those changes and discussing. However, I think we should update it on security updates, so here's a PR with a policy update