Project Safety Policy

Supported Versions

We release patches for issues affecting the following versions:

Version

Supported

0.1.x

:white_check_mark:

Reporting Issues

If you discover a concern with this project, please report it responsibly.

How to Report

Please send details to: pasha.k460@gmail.com

Include in your report:

  • Description of the concern

  • Steps to reproduce the issue

  • Affected versions

  • Any potential mitigations you’ve identified

Response Timeline

  • Initial Response: Within 48 hours of receiving your report

  • Status Update: Within 7 days with our assessment

  • Resolution: Timeline depends on complexity and severity

What to Expect

  1. We will acknowledge receipt of your report

  2. We will investigate and assess the impact

  3. We will work on a fix and coordinate disclosure

  4. We will credit you in the release notes (if desired)

Safe Usage Guidelines

When using changes-roller:

  • Review configuration files before execution

  • Use dry-run mode (--dry-run) to preview operations

  • Validate patch scripts before applying to production repositories

  • Limit repository access using appropriate Git credentials

  • Test changes in non-production environments first

  • Be cautious with custom commands (--pre-command, --post-command)

Known Considerations

Command Execution

This tool executes shell commands as part of its core functionality:

  • Patch scripts specified in configuration

  • Git operations on repositories

  • Optional pre/post commands

  • Optional test commands

Important: Only use trusted configuration files and patch scripts. Review all commands before execution.

Git Credentials

The tool uses your system’s Git configuration and credentials. Ensure:

  • Git credentials are properly secured

  • Repository access is appropriately scoped

  • SSH keys or tokens follow your organization’s policies

Questions?

For general questions about safe usage, please open a GitHub issue or discussion.