From bd31a9f564f7930eea1ecfc8d0e6aebc4bc3279f Mon Sep 17 00:00:00 2001
From: Romain Lespinasse <romain.lespinasse@gmail.com>
Date: Sat, 1 Jan 2022 15:06:51 +0100
Subject: [PATCH] docs(security): add end of life of branch section

---
 SECURITY.md | 24 +++++++++++++++++-------
 1 file changed, 17 insertions(+), 7 deletions(-)

diff --git a/SECURITY.md b/SECURITY.md
index e370ed3..f7ef76e 100644
--- a/SECURITY.md
+++ b/SECURITY.md
@@ -2,16 +2,26 @@
 
 ## Supported Versions and Branches
 
-| Version | Branch | Supported          |
-| ------- | ------ | ------------------ |
-| 4.x     | v4.x   | :white_check_mark: |
-| 3.x     | v3.x   | :white_check_mark: |
-| 2.x     | v2.x   | :x:                |
-| 1.1.x   | v1.1.x | :x:                |
-| < 1.x   |        | :x:                |
+We only support 2 major versions for security patches
+
+| Version | Branch | Supported          | Specific Tags |
+| ------- | ------ | ------------------ | ------------- |
+| 4.x     | v4.x   | :white_check_mark: | v4            |
+| 3.x     | v3.x   | :white_check_mark: |               |
+| < 2.x   |        | :x:                | v2.x, v1.1.x  |
 
 A GitHub repository can used one of the available branches as action inside its workflows.
 
+### End of Life of a branch
+
+When a branch is not supported anymore, the following process occurs
+
+- Since `v4.x` branch, the branch will be deleted 2 major versions after
+  - So `v4.x` branch will be deleted when `v7.x` branch will have its first release
+  - prefer the `v4` tag to `v4.x` branch as reference in our workflow, 
+- Before `v4.x` branch, the branch will be converted into a tag when the support is dropped
+  - So `v3.x` branch will be converted as tag when `v5.x` branch will have its first release
+
 ## Reporting a Vulnerability
 
 You can report a Vulnerability by [my email](mailto:romain.lespinasse@gmail.com).