Feature Description
Retire the current three-band policy (< 0.2.6 unsupported, 0.2.6–0.3.0 no fixes, >= 0.3.1 supported) and align code + docs with:
| Installed version |
Security support |
CLI advisory |
| >= 0.3.5 |
Supported — security reports accepted and patched |
Silent |
| 0.3.0 – 0.3.4 |
No security fixes; upgrade recommended |
Silent |
| <= 0.2.9 (e.g. 0.2.9, 0.2.6) |
Unsupported |
One dim stderr message at CLI startup |
Files to update
skillware/version_policy.py — MIN_UNSUPPORTED, MIN_SECURITY_SUPPORTED, UPGRADE_TARGET (and any helper logic if a middle band needs explicit handling)
SECURITY.md — supported-versions table
tests/test_version_policy.py — threshold assertions and advisory message (>= 0.3.5)
docs/usage/cli.md — Version advisory section (currently documents 0.2.6 / 0.3.1)
Note: pyproject.toml only holds the package release version (0.3.9); policy constants stay in version_policy.py unless maintainers decide to document them elsewhere.
Add CHANGELOG.md entry under [Unreleased] when merged.
Rationale
Project is on 0.3.9. The 0.3.1 security floor is outdated. Tightening bands reflects real support intent: patch only recent releases (0.3.5+), treat 0.3.0–0.3.4 as legacy without security backports, and warn only on end-of-life installs (0.2.9 and below).
Implementation Idea
In version_policy.py:
MIN_UNSUPPORTED = Version("0.3.0") → advisory when installed < 0.3.0 (covers 0.2.9 and earlier)
MIN_SECURITY_SUPPORTED = Version("0.3.5") → document in SECURITY.md; no CLI spam for 0.3.0–0.3.4
UPGRADE_TARGET = "0.3.5"
Keep should_emit_unsupported_advisory() as installed < MIN_UNSUPPORTED only.
Update tests/test_version_policy.py for 0.2.9 (advisory), 0.3.0 / 0.3.4 (silent), 0.3.5+ (silent), and assert upgrade message references >=0.3.5.
Mirror the table in SECURITY.md and the Version advisory section in docs/usage/cli.md.
Feature Description
Retire the current three-band policy (
< 0.2.6unsupported,0.2.6–0.3.0no fixes,>= 0.3.1supported) and align code + docs with:Files to update
skillware/version_policy.py—MIN_UNSUPPORTED,MIN_SECURITY_SUPPORTED,UPGRADE_TARGET(and any helper logic if a middle band needs explicit handling)SECURITY.md— supported-versions tabletests/test_version_policy.py— threshold assertions and advisory message (>= 0.3.5)docs/usage/cli.md— Version advisory section (currently documents0.2.6/0.3.1)Note:
pyproject.tomlonly holds the package release version (0.3.9); policy constants stay inversion_policy.pyunless maintainers decide to document them elsewhere.Add
CHANGELOG.mdentry under[Unreleased]when merged.Rationale
Project is on 0.3.9. The 0.3.1 security floor is outdated. Tightening bands reflects real support intent: patch only recent releases (0.3.5+), treat 0.3.0–0.3.4 as legacy without security backports, and warn only on end-of-life installs (0.2.9 and below).
Implementation Idea
In
version_policy.py:MIN_UNSUPPORTED = Version("0.3.0")→ advisory wheninstalled < 0.3.0(covers 0.2.9 and earlier)MIN_SECURITY_SUPPORTED = Version("0.3.5")→ document in SECURITY.md; no CLI spam for 0.3.0–0.3.4UPGRADE_TARGET = "0.3.5"Keep
should_emit_unsupported_advisory()asinstalled < MIN_UNSUPPORTEDonly.Update
tests/test_version_policy.pyfor 0.2.9 (advisory), 0.3.0 / 0.3.4 (silent), 0.3.5+ (silent), and assert upgrade message references>=0.3.5.Mirror the table in SECURITY.md and the Version advisory section in
docs/usage/cli.md.