On Wed, Feb 13, 2013 at 9:30 PM, Luke Arduini <[email protected]>wrote:
> So it's not done programmatically? Red (dangerous) versions are determined > manually? > Red is never set programmatically, we check manually each changelogs before marking versions as such. > Anyway, this sounds like if actively maintained, a better approach than > the similar david-dm service, which I believe only bases its output on > version numbers indiscriminately. Perhaps you can keep your list of 'must > not use' modules public. > It's actively maintained, yes, we are a coder team working exclusively on this project. 'must not use' modules are of course public, but we don't allow search or listing of "red" projects, we don't want to expose project maintainers to risk. We will notify project owners as soon as a dangerous package is found, automatically. -- -- Job Board: http://jobs.nodejs.org/ Posting guidelines: https://github.com/joyent/node/wiki/Mailing-List-Posting-Guidelines You received this message because you are subscribed to the Google Groups "nodejs" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/nodejs?hl=en?hl=en --- You received this message because you are subscribed to the Google Groups "nodejs" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/groups/opt_out.
