dask-sql icon indicating copy to clipboard operation
dask-sql copied to clipboard
verified publisher icon dask-contrib

[QST] Changelog info

Open lmeyerov opened this issue 2 years ago • 2 comments

What is your question?

We're looking at how to check for breaking changes & security advisories, any guidance? The closest I saw is the commit ~title list @ https://github.com/dask-contrib/dask-sql/releases

lmeyerov avatar Feb 18 '23 19:02 lmeyerov

Thanks for raising this @lmeyerov! As of now, we don't have a security policy, but I would assume a safe one to align with is that shared by projects within the Dask org; can look into if there's any additional requirements to adopting this policy beyond just adding the SECURITY.md.

As for monitoring breaking changes, right now the changelog generated through the releases page is all we have to broadcast potentially breaking changes between releases. I'm happy to explore if potentially automated solutions are available to generate a more informative list than this (for example, the CHANGELOG.md standard to many RAPIDS projects), but if an automated solution isn't available my personal preference would be to stick to the current approach for now, as manually updating a changelog would introduce a decent amount of toil around the current release process.

charlesbluca avatar Feb 23 '23 17:02 charlesbluca

Great

Something like conveniential commits is automatable, and a key part is labeling semantic PRs/commits as security(xyz): fix CVE abc, and feat/fix(abc): BREAKING do some change

I find it easier to do a manual changelog as part of landing a PR, both can work

lmeyerov avatar Feb 23 '23 19:02 lmeyerov