taskwarrior/POLICY.md

Compatibility & deprecation

Until TaskChampion reaches v1.0.0, nothing is set in stone. That being said, we aim for the following:

1. Major versions represent significant change and may be incompatible with previous major release.
2. Minor versions are always backwards compatible and might add some new functionality.
3. Patch versions should not introduce any new functionality and do what name implies — fix bugs.

As there are no major releases yet, we do not support any older versions. Users are encouraged to use the latest release.

ABI policy

1. We target stable rustc.

API policy

1. Deprecated features return a warning at least 1 minor version prior to being removed.

   Example:

   If support of --bar is to be dropped in v2.0.0, we shall announce it in v1.9.0 at latest.

2. We aim to issue a notice of newly added functionality when appropriate.

   Example:

   "NOTICE: Since v1.1.0 you can use --foo in conjunction with --bar. Foobar!"

3. TaskChampion always uses UTF-8.

Exit codes

• 0 No errors, normal exit.
• 1 Generic error.
• 2 Never used to avoid conflicts with Bash.
• 3 Unable to execute with the given parameters.
• 4 I/O error.
• 5 Database error, irrespective of the backend used.

Command-line interface

Considered to be part of the API policy.

Security

To report a vulnerability, please contact dustin@cs.uchicago.edu, you may use GPG public-key KEY-ID which is available here. Initial response is expected within ~48h.

We kinldy ask to follow the responsible disclosure model and refrain from sharing information until:

1. Vulnerabilities are patched in TaskChampion + 60 days to coordinate with distributions.
2. 90 days since the vulnerability is disclosed to us.

We recognise the legitimacy of public interest and accept that security researchers can publish information after 90-days deadline unilaterally.

We will assist with obtaining CVE and acknowledge the vulnerabilites reported.