From 6a80e0479730b9e6167cf30bcd0344f221827362 Mon Sep 17 00:00:00 2001
From: Al Snow <jasnow@hotmail.com>
Date: Sat, 31 Jan 2026 08:59:44 -0500
Subject: [PATCH] Add proposed 'Never patch' policy to README file

---
 README.md | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/README.md b/README.md
index 686cde3e10..7a2a5699f7 100644
--- a/README.md
+++ b/README.md
@@ -136,7 +136,8 @@ patched_versions:
 * `unaffected_versions` \[Array\<String\>\] (optional): The version requirements for the
   unaffected versions of the Ruby library.
 * `patched_versions` \[Array\<String\>\] (optional): The version requirements for the
-  patched versions of the Ruby library.
+  patched versions of the Ruby library. If no patch is available, you can put
+   **notes: "Never patched"** in its place.
 * `related` \[Hash\<Array\<String\>\>\] (optional): Sometimes an advisory references many urls and other identifiers. Supported keys: `cve`, `ghsa`, `osvdb`, and `url`
 * `notes` \[String\] (optional): Internal notes regarding the vulnerability's inclusion in this database.