x/website/internal/dl: expose whether a release is a security release or not in API #44925
Labels
FeatureRequest
NeedsInvestigation
Someone must examine and confirm this is a valid issue and not a duplicate of an existing one.
Milestone
Comments
|
The internal package is |
dmitshur
added
FeatureRequest
NeedsInvestigation
|
The https://golang.org/design/draft-vulndb design draft may also be a relevant factor to consider here. CC @golang/security, @golang/release. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Tools that watch golang.org/dl endpoint to learn about new releases may benefit from this extra information.
Not every user is eager to update as soon as the new point release is available. But if the patch includes critical or important security patches, users should take it more seriously.
Would be better if extra information like severity (#44918) can be included too.
According to @dmitshur: whether a release is a security one or not is available in an internal x/website package, but that isn't easily accessible externally.
The text was updated successfully, but these errors were encountered: