[Bug] What happened to version 1.5.7? about mitreattack-python HOT 3 CLOSED

It was semi-intentional. When I released 1.5.7 I was re-evaluating whether or not it made sense to continue to publish the python package as both a GitHub Release and a PyPI release. You can find both the tag as well as the Changelog below. Question back to you then - what do you gain out of a GitHub Release over the latest PyPI release? I haven't done it yet, but was contemplating removing the Releases section on the sidebar as well to prevent further confusion in this area. I'm very open to your thoughts on this.

• git tag: https://github.com/mitre-attack/mitreattack-python/releases/tag/v1.5.7
• Changelog: https://github.com/mitre-attack/mitreattack-python/blob/master/CHANGELOG.md

from mitreattack-python.

Well, my question can from a concern over a change in behaviour - seeing an anomaly between here (and past behaviour), and a later release on PyPi sent my mind to a place of "I wonder if the PyPi credentials have been compromised and 1.5.7 on there is a malicious release). So, that's where the question came from.

Personally, I do find the presence of the git tag for each release valuable (I presume that would remain whatever your decision), and the associated quick way to ask "what changed". I am not sure what your release process is, but my primary concern is security. But, you know a thing or two about that :).

from mitreattack-python.

Roger that. Yes, the git tags will continue to be published for each release, but I think this very conversation has pushed me towards removing the GitHub Releases from the sidebar while continuing to keep the Changelog up to date.

Thanks again for the conversation!

from mitreattack-python.