Ratify branching and release strategy

[susanshi]

What would you like to be added?

Ratify should publish a document that outlines branching strategy, as wells as patches and support criteria.

Anything else you would like to add?

No response

Are you willing to submit PRs to contribute to this feature?

• Yes, I am willing to implement it.

[FeynmanZhou]

JFYI, we are defining the release and branch strategy, and release support plan in Notation and ORAS. Maybe they could be used as references for Ratify.

[akashsinghal]

To add to this, I had a discussion with Gatekeeper maintainers about their release strategy:

Gatekeeper releases a minor version every 3 months. Each release will have a beta and RC release prior to stable. Refer to this doc for detailed info on versioning: https://github.com/open-policy-agent/gatekeeper/blob/master/docs/RELEASE.md

Patch releases are typically cut every month if there are changes. All security fixes (even those raised by dependabot) are manually cherry-picked to a patch branch. Each month, if there are patch changes, there's a patch release. emergency patches can be released but that's at discretion of maintainers.

Here's the release management doc: https://github.com/open-policy-agent/gatekeeper/blob/master/docs/Release_Management.md

I think we should prioritize Gatekeeper's release guidance since it's a K8s centric project too.

cc: @yizha1 @FeynmanZhou @susanshi