Why were the patch versions for the vulnerability (snyk id: SNYK-GOLANG-GITHUBCOMMOHAMMED90CADDYSSHINTERNALAUTHENTICATIONOS-3032989) released so late? #21
-
|
Hello, we are a research team working on Golang. During our investigation, we found vulnerability(https://security.snyk.io/vuln/SNYK-GOLANG-GITHUBCOMMOHAMMED90CADDYSSHINTERNALAUTHENTICATIONOS-3032989) was addressed in commit e7bdc1f. However, we noticed that the patch version was released after long time (234 days). We are curious about the reasons behind the delayed release of the patch version, as it may hinder the efficient distribution of patches to downstream users. Could the reason be 1.Issues with testing and CI checking. 2.Other commits have to be incorporated into one release. 3.By convention, versions are not frequently released. 4.Other reasons. Thank you for your attention, and we look forward to receiving your reply. |
Beta Was this translation helpful? Give feedback.
Replies: 2 comments 1 reply
-
|
Notice that this is a v0, entirely experimental project. Expecting any kind of timely releases is kinda ridiculous. I don't understand where these expectations are coming from. |
Beta Was this translation helpful? Give feedback.
-
|
Adding to what Francis said, while my project isn't holding up that much infrastructure yet, but I'm a lone developer trying to balance this project, full-time job, school, life, and other responsibilities...
|
Beta Was this translation helpful? Give feedback.
-
|
I sincerely apologize for any inconvenience caused. Our aim is to conduct a survey regarding the delayed release of versions by maintainers. |
Beta Was this translation helpful? Give feedback.
Notice that this is a v0, entirely experimental project. Expecting any kind of timely releases is kinda ridiculous. I don't understand where these expectations are coming from.