On Mon, Jan 13, 2020, at 3:01 PM, Travis Carden wrote: > Hi, all. Drupal core is adding the psr/http-factory and > psr/http-message packages, and I need to document their release cycles > and security policies (including issue reporting) and contacts. See > https://www.drupal.org/core/dependencies. I didn't find any of this > information in the repo or on the website. Can anyone help me out? > Thanks!
PSR specs basically don't change at all. Sometimes we release a .z release to fix a comment typo or something like that, but that's about it. We just recently approved a new process to release BC or almost entirely BC versions of an interface. So far it's not been used, although I am trying it out with PSR-13. Any new releases there would follow semver very conservatively. We don't really have a security release process for them, as they're just interfaces. The util packages might. For those... we don't really have a formal process right now. We might want to look into that at some point, but as the code is generally just the boring mundane stuff the odds of there being a security issue in one of those is slim. --Larry Garfield -- You received this message because you are subscribed to the Google Groups "PHP Framework Interoperability Group" group. To unsubscribe from this group and stop receiving emails from it, send an email to php-fig+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/php-fig/0f344980-1c0f-4b05-9f7f-30b4a6866c8b%40www.fastmail.com.