Hello,
I am not sure if I should post this question here and apologise if I should have done it somewhere else instead. I work for a Cyber Security company and we are evaluating the possibility of using Pyramid to develop part of our upcoming products. Pyramid seems to be meet our needs, and I have a few questions that would help us with the choice: 1. I read that contributors should use the e-mail address [email protected] to report security issues found in any Pylons product. a. Is there any dedicated channel for releasing security advisories/announcements? b. Do you report CVE’s found in the Pylons products via NVD? 2. As far as I see, you maintain two stable versions: the most recent major release and the previous release. Currently, Pyramid 1.10.x and 1.9.x. If I understand it correctly, as soon as a new major version is released, the oldest of the two previous stable versions is no longer maintained? E.g., when Pyramid 2.0 is released (I guess it is going to be this year), 1.9.x will no longer be maintained. Is that so? (An approximate period of two years) 3. Do you backport security fixes to stale versions (e.g. 1.8.x, 1.7.x, …), or should users try to migrate to the newest releases as soon as possible? I apologise again if I should have posted my message somewhere else and would really appreciate if you could point out the right place to do it instead. Thanks in advance for your help. Best regards, Aritz Sanchez -- You received this message because you are subscribed to the Google Groups "pylons-discuss" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/pylons-discuss/7b65c12a-58cd-445b-ac1d-65f3e9c477b9%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
