How are issues in Gruntwork's code reported to customers?
A customer asked: > How are issues in Gruntwork's code reported to customers?
1. For any critical / urgent changes—namely, any severe security issue—we notify customers ASAP (as in, when a fix is available) via a dedicated security alerts mailing list. This applies to any issues in our own code (note: this has never actually happened yet) and, more frequently, when we find out about vulnerabilities in the dependencies we use or believe our customers are likely to use (e.g., Linux, Jenkins, OpenSSL, etc). 2. For non critical / urgent changes, we fix the issue in the appropriate repo, release a new version, and add the information to our newsletter. We publish the newsletter on our blog every 1-2 months, notify customers via a separate mailing list, and share it via social media. 3. In the future, we plan to set up customers with automatic updates so they get a PR automatically opened when new releases are out. That way, they are notified via this very PR! This is Gruntwork Patcher. If they are interested, we can discuss further.