@@ -96,8 +96,27 @@ increase our MSRV during semver-breaking version changes (e.g., 0.1 -> 0.2, 1.0
9696
9797## Yanking
9898
99- Whenever a bug or regression is identified, we will yank any affected versions
100- which are part of the current version train. For example, if the most recent
101- version is 0.10.20 and a bug is uncovered, we will release a fix in 0.10.21 and
102- yank all 0.10.X versions which are affected. We * may* also yank versions in previous
99+ Whenever a bug or regression is identified, we will yank according to the following
100+ rules:
101+ - If the bug causes compilation to fail, we will not yank
102+ - Otherwise, we will yank if any of the following conditions hold:
103+ - The bug affects soundness
104+ - The bug contradicts documented behavior
105+ - The bug contradics widely assumed behavior
106+ - The bug is a regression (code exists which would succeed on a version X and
107+ would fail on a version Y > X)
108+
109+ When these rules instruct us to yank, we will yank any affected versions which
110+ are part of the current version train. For example, if the most recent version
111+ is 0.10.20 and a bug is uncovered, we will release a fix in 0.10.21 and yank all
112+ 0.10.X versions which are affected. We * may* also yank versions in previous
103113version trains on a case-by-case basis, but we don't guarantee it.
114+
115+ In addition to yanking, we will do the following:
116+ - Submit a [ RustSec Advisory] [ rustsec ]
117+ - Submit a [ GitHub Security Advisory] [ github-advisories ]
118+ - Add an entry in our [ yank log] [ yank-log ]
119+
120+ [ rustsec ] : https://rustsec.org/
121+ [ github-advisories ] : https://github.com/advisories
122+ [ yank-log ] : https://github.com/google/zerocopy/blob/main/CHANGELOG.md#yanks-and-regressions
0 commit comments