diff --git a/README.md b/README.md index 6410668..d2b8705 100644 --- a/README.md +++ b/README.md @@ -214,6 +214,7 @@ the review question: - Current flagship release candidate: `sbom-diff-and-risk` `v1.0-rc.1` - GitHub Release assets: available for `v1.0-rc.1` +- GitHub Latest may still show `v0.9.0` because `v1.0-rc.1` is a release candidate. - TestPyPI Trusted Publishing dry-run: completed - Production PyPI publishing: intentionally deferred diff --git a/scripts/validate-reviewer-routes.py b/scripts/validate-reviewer-routes.py index 71076bd..1e23a85 100644 --- a/scripts/validate-reviewer-routes.py +++ b/scripts/validate-reviewer-routes.py @@ -166,6 +166,7 @@ "current flagship tool", "not part of the `sbom-diff-and-risk` release surface", "why the scientific-computing background helps", + "GitHub Latest may still show `v0.9.0` because `v1.0-rc.1` is a release candidate.", "Production PyPI publishing: intentionally deferred", ), Path("docs/reviewer-brief.md"): ( @@ -267,6 +268,7 @@ "runs the tool, uploads `policy.json`, and fails or passes from the policy exit code", "not current PyPI package truth", "not current repository reputation", + "GitHub Latest may still show `v0.9.0` because `v1.0-rc.1` is a release candidate.", "It does not decide whether a dependency is safe.", ), Path("projects/precipitation-anomaly-diagnostics/docs/reviewer-path.md"): ( diff --git a/tools/sbom-diff-and-risk/docs/reviewer-path.md b/tools/sbom-diff-and-risk/docs/reviewer-path.md index c378c29..1a4ee85 100644 --- a/tools/sbom-diff-and-risk/docs/reviewer-path.md +++ b/tools/sbom-diff-and-risk/docs/reviewer-path.md @@ -198,6 +198,10 @@ Use this section only when the review question is about the released `sbom-diff-and-risk` tool artifacts. It is not the path for judging third-party dependency safety. +Release status note: GitHub Latest may still show `v0.9.0` because +`v1.0-rc.1` is a release candidate. Reviewers checking the current release +candidate should open the explicit `v1.0-rc.1` release page. + | Evidence surface | Use when | Read | | --- | --- | --- | | Verification decision guide | You need to choose the right release verification path. | [verification.md](verification.md) |