Closed perkelix closed 3 months ago
v2.3.1 was released a month after v2.3.0 since an important oversight was made (see https://github.com/jtesta/ssh-audit/releases/tag/v2.3.1). So the full version format is indeed still useful.
Additionally, with the myriad of UNIX distros packaging ssh-audit, updating the version format can realistically break their monitoring systems (they continuously watch https://github.com/jtesta/ssh-audit/releases/ for new versions).
The cons outweigh the pros of changing the version format at this time.
In its current form, ssh-audit merely increases the second digit in its version at every release e.g.
3.x.0
number.A more useful numbering scheme would match the supported OpenSSH version, followed by the ssh-audit release e.g.
9.7.1
supports up to OpenSSH 9.7 features and is the first ssh-audit release to support it.