Skip to content
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -214,6 +214,7 @@ the review question:

- Current flagship release candidate: `sbom-diff-and-risk` `v1.0-rc.1`
- GitHub Release assets: available for `v1.0-rc.1`
- GitHub Latest may still show `v0.9.0` because `v1.0-rc.1` is a release candidate.
- TestPyPI Trusted Publishing dry-run: completed
- Production PyPI publishing: intentionally deferred

Expand Down
2 changes: 2 additions & 0 deletions scripts/validate-reviewer-routes.py
Original file line number Diff line number Diff line change
Expand Up @@ -166,6 +166,7 @@
"current flagship tool",
"not part of the `sbom-diff-and-risk` release surface",
"why the scientific-computing background helps",
"GitHub Latest may still show `v0.9.0` because `v1.0-rc.1` is a release candidate.",
"Production PyPI publishing: intentionally deferred",
),
Path("docs/reviewer-brief.md"): (
Expand Down Expand Up @@ -267,6 +268,7 @@
"runs the tool, uploads `policy.json`, and fails or passes from the policy exit code",
"not current PyPI package truth",
"not current repository reputation",
"GitHub Latest may still show `v0.9.0` because `v1.0-rc.1` is a release candidate.",
"It does not decide whether a dependency is safe.",
),
Path("projects/precipitation-anomaly-diagnostics/docs/reviewer-path.md"): (
Expand Down
4 changes: 4 additions & 0 deletions tools/sbom-diff-and-risk/docs/reviewer-path.md
Original file line number Diff line number Diff line change
Expand Up @@ -198,6 +198,10 @@ Use this section only when the review question is about the released
`sbom-diff-and-risk` tool artifacts. It is not the path for judging third-party
dependency safety.

Release status note: GitHub Latest may still show `v0.9.0` because
`v1.0-rc.1` is a release candidate. Reviewers checking the current release
candidate should open the explicit `v1.0-rc.1` release page.

| Evidence surface | Use when | Read |
| --- | --- | --- |
| Verification decision guide | You need to choose the right release verification path. | [verification.md](verification.md) |
Expand Down