Closed KirkMunroSagent closed 2 months ago
Hey @KirkMunroSagent, I am sorry that I can't get back to you earlier for the discussion or for this bug filed.
I agree with you that deprecating packages at the moment of releasing the new package is too aggressive. As you pointed out, it generates warnings, and it also masks the real need of deprecating.
The other side, in the sprit of keeping things relative up to date, it is our interest to push forward the new bits, which usually carry more secure dependencies.
With those considerations, how about to having a grace period of the previous released package, what about a minimum of 30 days, given there's no known vulnerability?
Thanks.
@xiaomi7732: A grace period would be a welcome improvement. 30 days feels short though. Even with agile development, packages might not be updated within 30 days, depending on how the dev cycle is laid out. I think a grace period of 45 or 60 days would be more appropriate. It would certainly do the trick for my place of work. It also encourages a regular package management cycle without being too overbearing.
@KirkMunroSagent, 45 days sounds like a start point. Let's try it and if that still cause issues, either too long or too short, we can always tweak later, agree?
@xiaomi7732 Yes, I agree. It will be a good step in the right direction, and we'll see if it needs to be tweaked later. Thank you for this.
Thank you for the contribution!
Reposting https://github.com/microsoft/ApplicationInsights-Profiler-AspNetCore/discussions/217 as an issue, since it seems that Discussions aren't really used in this repository.